www.cybereason.com Open in urlscan Pro
2606:4700::6811:84b4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Submission: On December 09 via api (December 9th 2019, 6:38:12 pm UTC) from US

Summary HTTP 139 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 40 IPs in 7 countries across 33 domains to perform 139 HTTP transactions. The main IP is 2606:4700::6811:84b4, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.cybereason.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 17th 2019. Valid for: a year.

This is the only time www.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
66	2606:4700::68... 2606:4700::6811:84b4	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
11	95.100.67.47 95.100.67.47	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:2800:133... 2606:2800:133:7403:4a68:7eff:710b:1ddf	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
3	2606:4700::68... 2606:4700::6811:4104	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
10	2606:4700::68... 2606:4700::6810:fd05	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2606:4700:10:... 2606:4700:10::6814:6f27	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	72.247.225.215 72.247.225.215	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	151.101.12.65 151.101.12.65	54113 (FASTLY) (FASTLY - Fastly)
5	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	54.173.179.199 54.173.179.199	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	147.75.33.111 147.75.33.111	54825 (PACKET) (PACKET - Packet Host)
1	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN - Outbrain)
1	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	147.75.85.25 147.75.85.25	54825 (PACKET) (PACKET - Packet Host)
2	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY - Fastly)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:e7cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	147.75.85.99 147.75.85.99	54825 (PACKET) (PACKET - Packet Host)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
6 9	34.252.172.232 34.252.172.232	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	54.156.185.237 54.156.185.237	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER - Twitter Inc.)
1 1	2a00:1288:110... 2a00:1288:110:c305::a000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.233.1.29 34.233.1.29	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
1	8.39.36.143 8.39.36.143	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE - Google LLC)
1	185.33.223.215 185.33.223.215	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:11:... 2a05:f500:11:101::b93f:9001	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
139	40

66 2606:4700::6811:84b4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 95.100.67.47 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-67-47.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.2 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:7403:4a68:7eff:710b:1ddf (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:fd05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6814:6f27 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.247.225.215 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-225-215.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.65 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.179.199 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-173-179-199.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.111 (Amsterdam, Netherlands)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-12

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.63 (United States)

ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US)
PTR: ny.outbrain.com

amplifypixel.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.25 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-9

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e7cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.99 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-5

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.252.172.232 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.156.185.237 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-156-185-237.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::a000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.1.29 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-233-1-29.compute-1.amazonaws.com

pixel.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.143 (United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.215 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 315.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9001 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	cybereason.com www.cybereason.com	2 MB
11	typekit.net use.typekit.net p.typekit.net	178 KB
10	prfct.co 6 redirects pixel-geo.prfct.co pixel.prfct.co	4 KB
10	hubspot.com no-cache.hubspot.com track.hubspot.com forms.hubspot.com	13 KB
4	facebook.net connect.facebook.net	169 KB
4	linkedin.com 2 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com	57 KB
3	facebook.com www.facebook.com staticxx.facebook.com	357 B
3	twitter.com platform.twitter.com analytics.twitter.com	29 KB
3	hubspot.net cdn2.hubspot.net	234 KB
3	doubleclick.net 2 redirects googleads.g.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net	1 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	72 KB
3	outbrain.com amplify.outbrain.com tr.outbrain.com amplifypixel.outbrain.com	4 KB
3	addtoany.com static.addtoany.com	59 KB
3	cloudflare.com cdnjs.cloudflare.com	97 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	openx.net 1 redirects us-u.openx.net	336 B
2	leadlander.com 1 redirects tracking.leadlander.com	644 B
2	google.de www.google.de	219 B
2	google.com 1 redirects www.google.com	290 B
2	gstatic.com fonts.gstatic.com	36 KB
1	licdn.com snap.licdn.com	2 KB
1	hubapi.com api.hubapi.com	587 B
1	adnxs.com secure.adnxs.com	1 KB
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	yahoo.com 1 redirects ads.yahoo.com	648 B
1	hs-analytics.net js.hs-analytics.net	26 KB
1	hsleadflows.net js.hsleadflows.net	61 KB
1	hsadspixel.net js.hsadspixel.net	2 KB
1	googleusercontent.com lh3.googleusercontent.com	684 KB
1	sf14g.com t.sf14g.com	37 KB
1	marinsm.com tag.marinsm.com	10 KB
1	rawgit.com cdn.rawgit.com	2 KB
1	googleadservices.com www.googleadservices.com	9 KB
139	33

	Domain	Requested by
66	www.cybereason.com	www.cybereason.com
10	use.typekit.net	www.cybereason.com use.typekit.net
9	pixel-geo.prfct.co	6 redirects www.cybereason.com
6	track.hubspot.com
4	connect.facebook.net	www.cybereason.com connect.facebook.net
3	cdn2.hubspot.net	www.cybereason.com
3	static.addtoany.com	www.cybereason.com static.addtoany.com
3	no-cache.hubspot.com	www.cybereason.com
3	cdnjs.cloudflare.com	www.cybereason.com
2	px.ads.linkedin.com	1 redirects
2	www.google-analytics.com	1 redirects www.cybereason.com
2	us-u.openx.net	1 redirects www.cybereason.com
2	tracking.leadlander.com	1 redirects www.cybereason.com
2	www.facebook.com	www.cybereason.com
2	platform.twitter.com	www.cybereason.com platform.twitter.com
2	www.google.de	www.cybereason.com
2	www.google.com	1 redirects www.cybereason.com
2	fonts.gstatic.com	www.cybereason.com
1	forms.hubspot.com	js.hsleadflows.net
1	www.linkedin.com	1 redirects
1	snap.licdn.com	js.hsadspixel.net
1	stats.g.doubleclick.net	1 redirects
1	api.hubapi.com	js.hsadspixel.net
1	secure.adnxs.com	www.cybereason.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	www.cybereason.com
1	pixel.prfct.co	www.cybereason.com
1	ads.yahoo.com	1 redirects
1	analytics.twitter.com	www.cybereason.com
1	staticxx.facebook.com	connect.facebook.net
1	vars.hotjar.com	static.hotjar.com
1	js.hs-analytics.net	www.cybereason.com
1	js.hsleadflows.net	www.cybereason.com
1	js.hsadspixel.net	www.cybereason.com
1	script.hotjar.com	static.hotjar.com
1	lh3.googleusercontent.com	www.cybereason.com
1	amplifypixel.outbrain.com	www.cybereason.com
1	tr.outbrain.com	www.cybereason.com
1	p.typekit.net	www.cybereason.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	static.hotjar.com	www.cybereason.com
1	t.sf14g.com	www.cybereason.com
1	tag.marinsm.com	www.cybereason.com
1	amplify.outbrain.com	www.cybereason.com
1	cdn.rawgit.com	www.cybereason.com
1	platform.linkedin.com	www.cybereason.com
1	www.googleadservices.com	www.cybereason.com
139	47

This site contains links to these domains. Also see Links.

Domain
ti.360.com
zhuiri.360.cn
www.fireeye.com
securelist.com
www.cobaltstrike.com
github.com
static.hsstatic.net
cdn2.hubspot.net
resources.infosecinstitute.com
attack.mitre.org
en.wikipedia.org
gist.github.com
www.oxid.it
www.addtoany.com
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
www.cybereason.com CloudFlare Inc ECC CA-2	`2019-09-17` - `2020-09-16`	a year	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2018-07-20` - `2020-01-03`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
rawgit.com COMODO RSA Domain Validation Secure Server CA	`2018-12-29` - `2020-01-13`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
hubspot.com CloudFlare Inc ECC CA-2	`2019-12-04` - `2020-10-09`	10 months	crt.sh
ssl472428.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-07-02` - `2020-01-08`	6 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-03-14`	a year	crt.sh
g.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2019-09-23` - `2020-09-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
hubspot.net CloudFlare Inc ECC CA-2	`2019-04-16` - `2020-04-16`	a year	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.googleusercontent.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-28` - `2020-09-01`	a year	crt.sh
ssl803643.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-06` - `2020-05-14`	6 months	crt.sh
ssl817706.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-13` - `2020-02-19`	6 months	crt.sh
ssl803670.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-06` - `2020-05-14`	6 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
*.prfct.co DigiCert SHA2 Secure Server CA	`2019-09-03` - `2021-10-27`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-01-28` - `2020-01-28`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
ssl817724.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-13` - `2020-02-19`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh

This page contains 5 frames:

Primary Page: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Frame ID: 88E2E22CF0C1739059E160912005B296
Requests: 136 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 9927058F245ABF73646F05FFBC85AA40
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: 78BE08C119EE3ECF03348A60562F5328
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html?origin=https%3A%2F%2Fwww.cybereason.com
Frame ID: 3B6829C15E81DA405509158AD7E4E5CA
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=44
Frame ID: DC341C54DA7CCF0B17943E82A3B15C9A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

139
Requests

100 %
HTTPS

53 %
IPv6

33
Domains

47
Subdomains

40
IPs

7
Countries

3560 kB
Transfer

6061 kB
Size

0
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://ti.360.com/upload/report/file/OceanLotusReport.pdf
Title: OceanLotus Group

Search URL Search Domain Scan URL

URL: http://zhuiri.360.cn/report/index.php/2015/05/29/482/?lang=en
Title: APT-C-00

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
Title: APT32

Search URL Search Domain Scan URL

URL: https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/
Title: Backdoor.Win32.Denis

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/help-smb-beacon
Title: Cobalt Strike

Search URL Search Domain Scan URL

URL: https://github.com/PowerShellMafia/PowerSploit
Title: PowerSploit

Search URL Search Domain Scan URL

URL: https://github.com/samratashok/nishang
Title: Nishang

Search URL Search Domain Scan URL

URL: https://static.hsstatic.net/BlogImporterAssetsUI/ex/missing-image.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/schedukedtask2-1.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/push-1.png

Search URL Search Domain Scan URL

URL: https://securelist.com/blog/research/78203/use-of-dns-tunneling-for-cc-communications/
Title: Backdoor.Win32.Denis

Search URL Search Domain Scan URL

URL: http://resources.infosecinstitute.com/dll-hijacking-attacks-revisited/
Title: DLL hijacking

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/dnstunneling1-1.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/fakemicrosoft-1.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/fakegoogle-1.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/kapersky-1.png

Search URL Search Domain Scan URL

URL: http://resources.infosecinstitute.com/dns-tunnelling/#gref
Title: DNS Tunneling

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/dnstunneling-3.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/dnstunneling2-1.png

Search URL Search Domain Scan URL

URL: https://cdn2.hubspot.net/hubfs/3354902/Imported_Blog_Media/phishingemail-1.png

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz
Title: Mimikatz

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/wiki/Technique/T1097
Title: pass-the-ticket

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Pass_the_hash
Title: pass-the-hash

Search URL Search Domain Scan URL

URL: https://github.com/p3nt4/PSUnlock
Title: PSUnlock Github

Search URL Search Domain Scan URL

URL: https://github.com/danielbohannon/Invoke-Obfuscation/blob/master/Invoke-Obfuscation.ps1
Title: project

Search URL Search Domain Scan URL

URL: https://gist.github.com/mubix/6514311#file-evilpassfilter-cpp
Title: tools

Search URL Search Domain Scan URL

URL: https://github.com/clymb3r/Misc-Windows-Hacking/blob/master/HookPasswordChange/HookPasswordChange/HookPasswordChange.cpp
Title: on GitHub

Search URL Search Domain Scan URL

URL: http://www.oxid.it/downloads/vaultdump.txt
Title: known password dumping tool

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&title=Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group

Search URL Search Domain Scan URL

URL: https://twitter.com/cybereason
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybereason
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOm7AaB0HiNH4Phe66sK0Ew
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cybereason/
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cybereason/?hl=en
Title:

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109

https://pixel-geo.prfct.co/tagjs?a_id=71641&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag

Request Chain 110

https://tracking.leadlander.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&referer=&fp=d2fff768385a51f6e295620ea70f0269 HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 112

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_WHiU2QXXKJlIsJwaL

Request Chain 113

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_WHiU2QXXKJlIsJwaL&sigv=1&esig=2~57f9ff68b3e166d24961ccc41d6d063d5b3a274b HTTP 302
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_WHiU2QXXKJlIsJwaL

Request Chain 114

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_WHiU2QXXKJlIsJwaL HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_WHiU2QXXKJlIsJwaL

Request Chain 115

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_WHiU2QXXKJlIsJwaL

Request Chain 116

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfV0hpVTJRWFhLSmxJc0p3YUw HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 133

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=184010040&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&ul=en-us&de=UTF-8&dt=Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=769512199&gjid=1995091619&cid=996871893.1575916676&tid=UA-56367941-1&_gid=712116793.1575916676&_r=1&z=1684528850 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_gid=712116793.1575916676&gjid=1995091619&_v=j79&z=1684528850 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850&slf_rd=1&random=531190868

Request Chain 135

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D994281%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Foperation-cobalt-kitty-apt%26time%3D1575916675742%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742&liSync=true

139 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request operation-cobalt-kitty-apt Show response
www.cybereason.com/blog/ 110 KB
23 KB 500ms
417ms Document
text/html 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

ca234db9760a511831cef09ee0e3ec29694e5490d593086dc790f69de24e5c0f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: www.cybereason.com
:scheme: https
:path: /blog/operation-cobalt-kitty-apt
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 09 Dec 2019 18:37:52 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d86dbc1b4677da60cabe3899947ddde641575916671; expires=Wed, 08-Jan-20 18:37:51 GMT; path=/; domain=.www.cybereason.com; HttpOnly __cfruid=d4f098bdf674f2394105ab6f65176183e3a3b905-1575916672; path=/; domain=.www.cybereason.com; HttpOnly
cf-ray: 542917beef41cbc0-VIE
cache-control: s-maxage=120,max-age=5
link: </hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js>; rel=preload; as=script, </hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css>; rel=preload; as=style, </hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: EXPIRED
access-control-allow-credentials: false
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-5283765824,P-3354902,L-14460236224,L-17583002703,L-5467046824,CW-14462747638,CW-17578879074,CW-6216123918,CW-6216147345,E-5348736541,E-5350539849,E-5350675680,PGS-ALL,SW-0,SD-2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config: BrowserCache-5s-EdgeCache-120s
x-hs-content-id: 5283765824
x-hs-hub-id: 3354902
x-powered-by: HubSpot
x-trace: 2BD99D958927F3B666A5AF6912BF3DE756898B494C51E62AF94F5A25F401
server: cloudflare
content-encoding: br
cf-h2-pushed: </hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js>,</hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css>,</hs/hsstatic/cos-i18n/static-1.10/bundles/project.js>,</_hcms/forms/v2.js>

GET
H2 200 index.js Show response
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/ 8 KB
3 KB 79ms
0ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.47/js/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 1073395
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 Nov 2019 16:40:20 GMT
server: cloudflare
etag: W/"54b13e36e568fb12dcb53751d3045f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Oye6KN0Ikl1ArcIW0aXcJXP_s4jLsAe8
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
cf-ray: 542917c16fb2cbc0-VIE
x-amz-cf-id: cJVT6IIfURKAe8XnNInWSG7hK0-sjwqDCOT080fBCx8Ghu5zdhmoHg==

GET
H2 200 combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/ 348 KB
44 KB 178ms
0ms Stylesheet
text/css 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c97f84226687ff84f26c553cb1d0f1271da815f43638a6584baddff362caee77

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 76B01BAB506BF5DF
status: 200
content-type: text/css
x-amz-id-2: YQMyv8/Yp0q2bRmWsEqI+MgA/+t5mL36UezJO9mSEZz+CnVr3QEbgSNryPE3DBk/Mnlh9fxqrs4=
last-modified: Fri, 06 Dec 2019 01:54:39 GMT
server: cloudflare
etag: W/"f9cea09f6c63efd6ad26ac538a2b4d25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: McTCFJnq3Eiaa4vSmIIOugZtlk7XXAS4
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 542917c16fb4cbc0-VIE

GET
H2 200 project.js Show response
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.10/bundles/ 1 KB
975 B 66ms
0ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/cos-i18n/static-1.10/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 1918623
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Wed, 13 Sep 2017 02:51:30 GMT
server: cloudflare
etag: W/"0011aaf4067b097bcbfd9dc99a4b94c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: p6iak7Gl9Xyg7crK_8XyTwctOBvKD1DL
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
cf-ray: 542917c16fb5cbc0-VIE
x-amz-cf-id: -5vgaOcDbXIRw-HwOxDPH0OKP-JONTHIdZ169k_QdFtjnrETEzeoCA==

GET
H2 200 v2.js Show response
www.cybereason.com/_hcms/forms/ 418 KB
106 KB 202ms
0ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_hcms/forms/v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 29e9afe5efcd089dc05c8c157066682e.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C2
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Dec 2019 04:40:02 GMT
server: cloudflare
etag: W/"dc174e11f10c1ab65b7ec8796e0f0477"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: rSLg1kM0E2wc3M1ChjIUpj5ak3JTv4Dg
cache-control: max-age=600
access-control-allow-credentials: false
cf-ray: 542917c16fb7cbc0-VIE
x-amz-cf-id: I9L3qgtv9_IfhzNfdfa5TgxnRkm-zl73znooWfp3k8fbh2WUJWLByw==

GET
H2 200 jquery-1.11.2.js Show response
www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
32 KB 88ms
84ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 f8d44a9ae8d015e27eeaa90810b99a87.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 1916856
x-cache: Hit from cloudfront
status: 200
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD79-C1
cf-ray: 542917c19820cbc0-VIE
x-amz-cf-id: 5Ysj838uqZop-UYu6ojK9BaabDWq4UIpmUirEWUd_jdYqEeZfijomw==

GET
H2 200 vyv2ljd.js Show response
use.typekit.net/ 20 KB
8 KB 59ms
41ms Script
text/javascript 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vyv2ljd.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a95-100-67-47.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

cd7908a80313043ae934d5f599a062460c50f94370cee5dc092e0cb9b8d123ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
access-control-allow-origin: *
date: Mon, 09 Dec 2019 18:37:52 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 7640

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 18ms
15ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

5751c654f5ba7df4290683d440e82ecfec99fe7b3b1558569723f3dcb520dde4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9564
x-xss-protection: 0
server: cafe
etag: 11974890288828911410
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Dec 2019 18:37:52 GMT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 26ms
6ms Script
text/javascript 2606:2800:133:7403:4a68:7eff:710b:1ddf
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:7403:4a68:7eff:710b:1ddf , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: c05b9af65a2758f6ca98c4f957a0cc4a7d74609378277f0fd59e7cae41139818

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:52 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: ECST
X-Cache: HIT
X-CDN-Proto: HTTP1
X-Li-Pop: prod-ela1
Content-Length: 55596
X-LI-UUID: aD8QPyzH3hVQAlZ2wSoAAA==
Last-Modified: Mon, 09 Dec 2019 18:25:12 GMT
Server: ECAcc (frc/8F0A)
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: prod-lor1
Expires: Mon, 9 Dec 2019 19:25:12 GMT

GET
H2 200 cybereason-custom.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/5350539849/1569776480490/Custom/page/web_page_basic/ 5 KB
2 KB 169ms
167ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/5350539849/1569776480490/Custom/page/web_page_basic/cybereason-custom.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: caa333db2175837df41125b50f0c0169c55f919427ee2c6992e2566948e9e518

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 8BE850A4BDFA0F1E
status: 200
content-type: application/javascript; charset=utf-8
x-amz-id-2: FX9XoLAi03PBjaNGTjfrpU7IzjEKsg7d4Agsoz94t4aThm0dMHxUrfkRc2JEPp3iqzjVjTmUDQc=
last-modified: Sun, 29 Sep 2019 17:01:21 GMT
server: cloudflare
etag: W/"5ef74fad1c1382e5acb9ca424910aae0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: QSLj7gaEL7IC2nt4kS1_hdFjsekt2ki6
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 542917c19824cbc0-VIE

GET
H2 200 readingTime.js Show response
cdn.rawgit.com/michael-lynch/reading-time/4255f585/src/ 7 KB
2 KB 23ms
6ms Script
application/javascript 151.139.237.11
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/michael-lynch/reading-time/4255f585/src/readingTime.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

6872a6c9c2a917ceeb92fefd3ef73cee7402a56689e1dbddf743b0aaa9e654c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"56c9e3f737fa6f093a52c954565840d65fba231a"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 slick.js Show response
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ 87 KB
15 KB 26ms
24ms Script
application/javascript 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9baa573e4378873b7ac81ccb1d954ce9bb2b1a933947ad3012263ddc604d8505

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 20550568
cf-ray: 542917c19920cbc4-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:26:46 GMT
server: cloudflare
etag: W/"5afd4ad6-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:37:52 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.015

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
7 KB 19ms
18ms Stylesheet
text/css 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 20550613
cf-ray: 542917c1991dcbc4-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:19:12 GMT
server: cloudflare
etag: W/"5afd4910-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:37:52 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 LOGO-Web-Owl-Mono-Copy.png
www.cybereason.com/hs-fs/hubfs/ 4 KB
4 KB 58ms
57ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/LOGO-Web-Owl-Mono-Copy.png?width=306&name=LOGO-Web-Owl-Mono-Copy.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6561b2dd1e1b0f9b2f678dfd01a29e1174ec8ac628405a546e42b717a2d3388b

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 704113
cf-polished: origFmt=png, origSize=8547
edge-cache-tag: F-6694579067,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="LOGO-Web-Owl-Mono-Copy.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 4120
x-cache: Miss from cloudfront
last-modified: Mon, 03 Dec 2018 23:05:56 GMT
server: cloudflare
etag: "272c915f8898375baf0a61f20d6a437c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c19828cbc0-VIE
x-amz-cf-id: pf3ZX5Sh6HCIRLiaQGlCIP89i-36mrRJH_FedPWZ5ZS3iLyI2VQSyw==
cf-bgj: imgq:85

GET
H2 200 CR%20Logo%20copy.png
www.cybereason.com/hs-fs/hubfs/Cybereason%20Logos/ 2 KB
2 KB 58ms
57ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Cybereason%20Logos/CR%20Logo%20copy.png?width=228&name=CR%20Logo%20copy.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4aeba3c62a91ed236d5acdc5ea52f5e051801379d306817ad8f4c850e550d2a

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 ab2f63669c9809614cbcf54bfba8ee06.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 109859
cf-polished: origFmt=png, origSize=3695
edge-cache-tag: F-6696434934,FD-5166594488,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="CR%20Logo%20copy.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 1838
x-cache: Miss from cloudfront
last-modified: Tue, 04 Dec 2018 06:42:08 GMT
server: cloudflare
etag: "23310787edb9779a8e7eaeb7b306639b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c1982acbc0-VIE
x-amz-cf-id: x1fN3wA2co9DD_RejFSgdXEkHrFRbbqqyiMQs9Q3qqKTPzZwD4p31g==
cf-bgj: imgq:85

GET
H2 200 cr-owl-logomobile.png
www.cybereason.com/hs-fs/hubfs/Cybereason%20Files/images/ 5 KB
6 KB 89ms
80ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Cybereason%20Files/images/cr-owl-logomobile.png?width=220&name=cr-owl-logomobile.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a6e3510af52bd4c550e719eef6ae49cfd1ff4be530c8240b4c8233a2860747d

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 109859
cf-polished: origFmt=png, origSize=9128
edge-cache-tag: F-6598017767,FD-5348774744,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="cr-owl-logomobile.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 5558
x-cache: Miss from cloudfront
last-modified: Fri, 23 Nov 2018 19:10:03 GMT
server: cloudflare
etag: "766b51e70e55d99809346026aba1e8ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4dbeacbc0-VIE
x-amz-cf-id: aGKy61IuIM0PMMRLyUzym2qBm4nV4_wjX9wVJtDjMw2vVg1PIAqb_w==
cf-bgj: imgq:85

GET
H2 200 cr-nav-platform-cta-sm.png
www.cybereason.com/hubfs/Award%20Logos/ 45 KB
45 KB 102ms
90ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Award%20Logos/cr-nav-platform-cta-sm.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d111c83d2520fd8d1ec059493162072af6e97b725aa4b56eb846f09a01f8e9c

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 10c9c057f4a519e21057a8790de37262.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-19074217591,FD-5876486557,P-3354902,FLS-ALL
age: 704112
cf-polished: origFmt=png, origSize=49423
edge-cache-tag: F-19074217591,FD-5876486557,P-3354902,FLS-ALL
status: 200
content-length: 45704
content-disposition: inline; filename="cr-nav-platform-cta-sm.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 67161019015043D0
x-amz-id-2: iSVHi7kiT2NpmJod5CrlXKpcTNCzUOntHZ5FmBRNgDoGf8aoe4PsBaY+ke6lMyjy39l4Rb9CSQ4=
x-cache: Miss from cloudfront
last-modified: Wed, 23 Oct 2019 18:39:48 GMT
server: cloudflare
etag: "954ec251009f855ca41c27fb77257c50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: mzDN6bdznDFNk4FUdOIJrHxzn9JFsv4o
x-amz-cf-pop: PRG50
accept-ranges: bytes
cf-ray: 542917c4dc1dcbc0-VIE
x-amz-cf-id: pKeI88vcvK6RUntFrEFh32GNjdVHiPJlzHG-8oyviWIMH6Z06fyoxg==
cf-bgj: imgq:85

GET
H2 200 5d884927-a051-4ae7-b129-94438da0638b.png
no-cache.hubspot.com/cta/default/3354902/ 4 KB
4 KB 195ms
155ms Image
image/png 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3354902/5d884927-a051-4ae7-b129-94438da0638b.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

93cedef4890d1efc1544e685a348df93bb886abe63058bb35d245fc08aa8b226

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 25 Jun 2019 12:42:47 GMT
server: cloudflare
x-amz-request-id: 06BE929C9C1BF049
etag: "7f1afc6372b62cdbb27cddddf1107230"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 542917c50f3f59b2-VIE
content-length: 4267
x-amz-id-2: S/xMuZ9BoHOaqZRBid23PUQsJ5N53WeyTC/noP7NiwFvwfdlXHEZp//8bS6XBD+/vNdkC7/i4AY=

GET
H2 200 current.js Show response
www.cybereason.com/hs/cta/cta/ 9 KB
3 KB 239ms
239ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/cta/current.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff499634fbd1bb5508090af0449aab64d40cb5299dbd1c2e482ad4bb168e1b17

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 ae3759c8dc48487a424a60bd577ad555.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C2
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Thu, 05 Dec 2019 02:00:52 GMT
server: cloudflare
etag: W/"4065d447430e3a4550393b48931950d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 5L1r65RVhOKwk2Qjr88Y4p.8.MmiJz_H
cache-control: max-age=600
access-control-allow-credentials: false
cf-ray: 542917c1f941cbc0-VIE
x-amz-cf-id: iOTgGB3nWZv2NM09MtYRc8vmsT1MfommWhC1gtGo1ukYJHSEGpewSg==

GET
H2 200 cmdline.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 13 KB
13 KB 88ms
77ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/cmdline.png?width=595&name=cmdline.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8868a7721fec78d7dad99f462e9d7fe59713ada4ade12fcd9464542872a4c616

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30231
cf-polished: origFmt=png, origSize=31296
edge-cache-tag: F-5340557928,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="cmdline.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 13142
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:44 GMT
server: cloudflare
etag: "d9cd347fcb7ae4e560b504c9cb3ae792"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4dc20cbc0-VIE
x-amz-cf-id: _j08aa8TL86o94Rwkk92_z4BjUNkXYqjSlGHF-9cyMS1m7GEQlaGBQ==
cf-bgj: imgq:85

GET
H2 200 schedukedtask2-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 9 KB
9 KB 103ms
92ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/schedukedtask2-1.png?width=551&height=134&name=schedukedtask2-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e5ddabd35f97402d15f48071286fe41c7318c30f18670ac36c9592b1b4bc815

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 b051e9c33308597b659c33b8999b521d.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30231
cf-polished: origFmt=png, origSize=13400
edge-cache-tag: F-5283752912,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="schedukedtask2-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 9256
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:09:31 GMT
server: cloudflare
etag: "0cef79cea93b5ed7438442bae1d4c6b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4dc22cbc0-VIE
x-amz-cf-id: PX4IJkM4hMhhr0X7hLosY9tvPv2ORsV1Yv0z5_higqP2rt3MsBIWXA==
cf-bgj: imgq:85

GET
H2 200 compromisedmachine.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 35 KB
36 KB 88ms
77ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/compromisedmachine.png?width=802&name=compromisedmachine.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6bee495dc3218ca4385af902d7dd90fec98bb9c9fbae7fda69560c0c3fc1fc0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 05a90e634e0872685ad69ee9a4e0eba5.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=79152
edge-cache-tag: F-5341072574,FD-5340508173,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="compromisedmachine.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 36118
x-cache: Miss from cloudfront
last-modified: Fri, 22 Nov 2019 10:40:58 GMT
server: cloudflare
etag: "c45ed89bca3286e691e3f5ef207c4aa4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4ec2ecbc0-VIE
x-amz-cf-id: AiJtkNxdiAce5I3ckvFRzBw1ng-GVWc7T3dXfo4vvLzg8m6hWQXtWQ==
cf-bgj: imgq:85

GET
H2 200 wscript.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 66 KB
66 KB 101ms
90ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/wscript.png?width=869&name=wscript.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f472553e57b662518df23b18ed1d12d33cbc8892ee95bbeaec0b7405ca72b59

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=112677
edge-cache-tag: F-5340558575,FD-5340508173,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="wscript.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 67126
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:48 GMT
server: cloudflare
etag: "ada135fd3815b6c2dd16716b50692088"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec31cbc0-VIE
x-amz-cf-id: fgi1X0ozyzSNipJR0eSr4aO0mHTKiVhLPbz7mu83sTScQY9ukByBew==
cf-bgj: imgq:85

GET
H2 200 hiddenwindow.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 17 KB
17 KB 101ms
91ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/hiddenwindow.png?width=803&name=hiddenwindow.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2537989d9dc5d5f56a3733cd51540acc6e2771deb8fe7b64124f6c252f7bcff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 48c70f7a0c91fc5e8cb64d6c71ad9827.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=37641
edge-cache-tag: F-5341074069,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="hiddenwindow.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 17298
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:56 GMT
server: cloudflare
etag: "a0c7ab910706f810bac69b96e6bfbaa1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4ec32cbc0-VIE
x-amz-cf-id: LIGdvym4NNjK4HxYqXzc-iLeYXmMXP-Lyu8Zh7bznax4PFBMKzSr9A==
cf-bgj: imgq:85

GET
H2 200 newojectio-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 38 KB
38 KB 291ms
281ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/newojectio-1.png?width=837&height=237&name=newojectio-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 737df73c5f64436c62c93f3551cde8c10954173b5c3f20757ee6fad3f4ba5863

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 40adc3dc2f5b304254d63ab3859fedd2.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C2
cf-polished: origFmt=png, origSize=60776
edge-cache-tag: F-5283755460,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="newojectio-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 38646
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:09:50 GMT
server: cloudflare
etag: "66febf328af456a6f04645acad1e8df5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=60
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917c4ec35cbc0-VIE
x-amz-cf-id: sFexz9Ed6kz4sHSXjFDGV7v1gHH0wavyeD97Gw_mAaxj7NMowFBEnQ==
cf-bgj: imgq:85

GET
H2 200 push-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 42 KB
43 KB 246ms
235ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/push-1.png?width=584&height=426&name=push-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3deff24ed291b80b6bf512407b3b6e9a6bcd19b1ee6de48d4feab64dc44342d

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 9c0e66e370dcc4d0da95664b1fa850a9.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD79-C2
cf-polished: origFmt=png, origSize=133305
edge-cache-tag: F-5283755212,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="push-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 43368
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:09:47 GMT
server: cloudflare
etag: "9722416616d0850178d48e0714aabb26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=60
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917c4ec36cbc0-VIE
x-amz-cf-id: 4I-qqWOx9SFMa09TdvUK7kDJPOszSVwhmdxkftRCEwQc3ZQWi359Aw==
cf-bgj: imgq:85

GET
H2 200 doit.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 13 KB
13 KB 344ms
334ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/doit.png?width=646&name=doit.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb5819ffcef4fe6dfe656774ae8545ef8ff2112df1723cfa5b71ea26fe0510bc

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 9cdf83ac92372e14c2c11c5760f6d17a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD79-C3
cf-polished: origFmt=png, origSize=34481
edge-cache-tag: F-5341074738,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="doit.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 13400
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:56 GMT
server: cloudflare
etag: "ac5fe7512e4040bf0bd5c2791e84cbf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=60
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917c4ec37cbc0-VIE
x-amz-cf-id: frToGriXGt0KdrCx72Axl7BkQWCJI9EY6xDbZ-7cLSg3b4oLoo-1bw==
cf-bgj: imgq:85

GET
H2 200 dnstunneling1-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 25 KB
25 KB 110ms
100ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/dnstunneling1-1.png?width=374&height=446&name=dnstunneling1-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc4eab220fb0aa05a8b49e05ad56de62d684a58de3513024f5d3209dd53898f6

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=43130
edge-cache-tag: F-5283754684,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="dnstunneling1-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 25516
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:52 GMT
server: cloudflare
etag: "b25270d9d0ce76d0f07d6068564f328b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec3acbc0-VIE
x-amz-cf-id: ersJSfGC86oQ8sdZG7lS8CxINNFoHeZ18xOTWf1X5uXoipXPlWodQg==
cf-bgj: imgq:85

GET
H2 200 fakemicrosoft-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 13 KB
14 KB 90ms
80ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/fakemicrosoft-1.png?width=287&height=389&name=fakemicrosoft-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9b6d0b3d8d754840e2a97c13b08eaae55a18be673b25af99b08fe5d71b71a0f

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=28820
edge-cache-tag: F-5283753080,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="fakemicrosoft-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 13330
x-cache: Miss from cloudfront
last-modified: Fri, 22 Nov 2019 10:40:58 GMT
server: cloudflare
etag: "25842244c277d6412ba009f5a89217de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec3ccbc0-VIE
x-amz-cf-id: J3KapFG3DEUhlimTnMmOFah9sXsVYOHPLjG2UsV9GbnfYhoxgo4pZQ==
cf-bgj: imgq:85

GET
H2 200 fakegoogle2.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 14 KB
14 KB 91ms
81ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/fakegoogle2.png?width=388&name=fakegoogle2.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 873e61f0825058f6509ee9734967125f0abbf70495da52ed33b32e6ba3513e14

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 530b01c2c88db2b27d295e2504b501cb.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=28862
edge-cache-tag: F-5341077952,FD-5340508173,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="fakegoogle2.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 13942
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:52 GMT
server: cloudflare
etag: "ed62ee069b7a7c0ce94f07a4b4081ab9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec40cbc0-VIE
x-amz-cf-id: rkC-8YfDTHsmJrPkC_IhYhCJCcJ2VXUpx5oaqKcgskgy-e9Xz7f0UA==
cf-bgj: imgq:85

GET
H2 200 fakegoogle-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 11 KB
11 KB 111ms
101ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/fakegoogle-1.png?width=291&height=339&name=fakegoogle-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ac5cbeb0f816075f6d5185c24d96e2ac4870eddce1cab84c048ba48cdc35d54

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30231
cf-polished: origFmt=png, origSize=25520
edge-cache-tag: F-5283753269,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="fakegoogle-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 10788
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:52 GMT
server: cloudflare
etag: "bf8deceb298c01d01a6b773fe4ca1481"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec42cbc0-VIE
x-amz-cf-id: 8VBvAq4FBp8XqhIx5n7x-7bvdlIS_u09xGCqRgx9PCBDf7SeA2Fz4Q==
cf-bgj: imgq:85

GET
H2 200 kapersky-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 18 KB
19 KB 1216ms
1207ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/kapersky-1.png?width=646&height=338&name=kapersky-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49310c2bbef8b1017005c144ba10dc0119281a055a6b440451013738f3caeb26

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 c94378b36f8a40d65d0bb1c2edbb9c73.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30233
cf-polished: origFmt=png, origSize=45174
edge-cache-tag: F-5283756517,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="kapersky-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 18702
x-cache: Miss from cloudfront
last-modified: Fri, 22 Nov 2019 10:40:57 GMT
server: cloudflare
etag: "1cab6c856f80c818793f3ea10e09938d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4ec44cbc0-VIE
x-amz-cf-id: zYpzaiePqZnhFsvg_tXZsRQF3zYHtzrU-CJS_FqlN00b4mdgIQjBhg==
cf-bgj: imgq:85

GET
H2 200 dnstunneling-3.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 18 KB
19 KB 86ms
77ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/dnstunneling-3.png?width=305&height=364&name=dnstunneling-3.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: acfb645b1ccb57857b0a790439f82f4d503bc87e3fed4a2a2955f31ef32d2b4d

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 09e7a54b3c0e42cf23f1deb97f4f6b95.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=31221
edge-cache-tag: F-5283756609,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="dnstunneling-3.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 18880
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:52 GMT
server: cloudflare
etag: "1b482b4a22770f9d26ddac09ec77fe67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4ec47cbc0-VIE
x-amz-cf-id: LoSYeEamugEVU8Lxpv_oor66WROQMw943YLUmiBHlQO4WlAYXhXWRQ==
cf-bgj: imgq:85

GET
H2 200 dnstunneling2-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 10 KB
10 KB 98ms
89ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/dnstunneling2-1.png?width=407&height=205&name=dnstunneling2-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 430a28863e02a8f6d2bfc1dbd5da2253e1c4df03e14436fe2ebf889e39efc1fc

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 a251e31740a6e166e8fdccf296c41645.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30231
cf-polished: origFmt=png, origSize=21071
edge-cache-tag: F-5283756652,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="dnstunneling2-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 10208
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:52 GMT
server: cloudflare
etag: "6be375cc18b0275580183c4424c2220d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec49cbc0-VIE
x-amz-cf-id: zEEHIRdACSIC4k2QyK3SdsXZ_lhU5u8QWTD3z6PMpVspEdzWB0bmmg==
cf-bgj: imgq:85

GET
H2 200 deatinationprot.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 8 KB
8 KB 111ms
102ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/deatinationprot.png?width=1548&name=deatinationprot.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd8ceda117519ceb6b3e5c6ee13535c329ff91855b065451f5882209730b59ab

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30232
cf-polished: origFmt=png, origSize=43718
edge-cache-tag: F-5341078865,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="deatinationprot.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 8370
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:57 GMT
server: cloudflare
etag: "9fbb2c6d628de3cb67f497ae3afc8d0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 542917c4ec4acbc0-VIE
x-amz-cf-id: XJgcM5fFy32T20ApWbK7nTQFn42jnPQigf9oXfY9vivnayc3LqcBJQ==
cf-bgj: imgq:85

GET
H2 200 phishingemail-1.png
www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/ 77 KB
77 KB 109ms
101ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Imported_Blog_Media/phishingemail-1.png?width=442&height=450&name=phishingemail-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6419875001ba7406f33a0e0bea1b5535a926caade5074ca6ccef8d8bd2fcdba0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 c8c9787916110356915bbdbddd0a32d6.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 30231
cf-polished: origFmt=png, origSize=121622
edge-cache-tag: F-5283504050,FD-5280624424,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="phishingemail-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 78540
x-cache: Miss from cloudfront
last-modified: Mon, 25 Nov 2019 06:31:45 GMT
server: cloudflare
etag: "28c24aedb89e4c4e1de0a548a4d98e0f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 542917c4ec4dcbc0-VIE
x-amz-cf-id: ncUVbef_UqNmFWbC6fHyAx7oXL0UDR4mFxwON3lPydr9t2_m8qKm9Q==
cf-bgj: imgq:85

GET
H2 200 ecpte.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 23 KB
23 KB 311ms
302ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ecpte.png?width=614&name=ecpte.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ece8c3e9b0c1e0c1c1400e5d80a70b3db33ac94628701be7d19b6d2e325934e2

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 0570243541aa4edb51d3f1e60aee5a33.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD79-C2
cf-polished: origFmt=png, origSize=92595
edge-cache-tag: F-5340560803,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="ecpte.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 23440
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:45 GMT
server: cloudflare
etag: "eb5271b517e3c77207e4f5016e456de7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=60
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917c4ec53cbc0-VIE
x-amz-cf-id: SpM-zq-Y62eK_iPoLrsgweB9QYqdToXrj89gFjmbRjnUJpo9Ke4f8Q==
cf-bgj: imgq:85

GET
H2 200 mimikatz.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 26 KB
26 KB 684ms
675ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/mimikatz.png?width=828&name=mimikatz.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57a13940c86687fa04a0ff6e89d4a72b221b13ffbfa49d30a0f0f8ed840480f8

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 00a6984ddd0afc8c5e9cbafc895ce680.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD79-C2
cf-polished: origFmt=png, origSize=67904
edge-cache-tag: F-5341081865,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="mimikatz.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 26390
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:58 GMT
server: cloudflare
etag: "f14d01c451b38d3023556c9626f31989"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=60
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917c4ec57cbc0-VIE
x-amz-cf-id: zb5IgndRYSBzG25xmqnnX8lkSNqqcSwheI24i_1reku7j3PIpQ7esg==
cf-bgj: imgq:85

GET
H2 200 passthehash.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/ 24 KB
24 KB 89ms
80ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20-%20Labs/passthehash.png?width=587&name=passthehash.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 977a4241ca05d005de8cc08be59e4ecbf09ee682e3b14403aa765bb2f34db0f8

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 6784ac36b8d920a78daf15294a50025f.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 346529
cf-polished: origFmt=png, origSize=49765
edge-cache-tag: F-5341082329,FD-5340508173,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="passthehash.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-length: 24310
x-cache: Miss from cloudfront
last-modified: Sun, 24 Nov 2019 12:08:53 GMT
server: cloudflare
etag: "317b365333338a488fd62cc0bb925937"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD79-C3
accept-ranges: bytes
cf-ray: 542917c4ec5acbc0-VIE
x-amz-cf-id: Xkba23iv_ouRrxf1WFlWwtydEjat0K_2u1u5dzfAqz9xA_-p0VivRQ==
cf-bgj: imgq:85

GET
H2 200 db7ec7b0-6c73-4af6-86ce-58fe37cec1e0.png
no-cache.hubspot.com/cta/default/3354902/ 5 KB
5 KB 194ms
158ms Image
image/png 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3354902/db7ec7b0-6c73-4af6-86ce-58fe37cec1e0.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0441806287a1e3fe8500453901b800b5849e6625ed0758861d6d56d7470d72f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 18 Jun 2019 22:09:45 GMT
server: cloudflare
x-amz-request-id: AC400A1B807C2E47
etag: "ae7c930cbff80d17b760ad273c6d8f00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 542917c50f4159b2-VIE
content-length: 4868
x-amz-id-2: r8XLqUd4mwJ95NMRZwnqOWAr5d6fcA0YicOrh9SWpZzxzzZhW52Iq/TR86nxZmmoc2yDMMB91Zc=

GET
H2 200 soc-blue-fb.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
1 KB 96ms
88ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-fb.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b71a982dad86829660cef46a0467ecf81c34576eece4b297126a552902ef543c

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 378f82fd885de43ed0bf1332b899b9a9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665926,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665926,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: A9EFA58820A38093
x-amz-id-2: dV2TkuT7OU0WSSCYxPvGLuyKr0PKuizXIyE3NAOok6QYZi2LmMYQ2cVOK1xe8FCDmHBiRvWeCmE=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"6a18b1cc988c1076e049cda4cbcd4153"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: kKljKdFH3buDh02hr4JKseZqGd9UNmJC
x-amz-cf-pop: PRG50
cf-ray: 542917c4ec5bcbc0-VIE
x-amz-cf-id: tamo-Db4zQOHL3wXnJrdcqz2ETCudXEyJ77EKL_cY0VQDWbEYBTE3g==

GET
H2 200 soc-blue-tw.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 4 KB
2 KB 99ms
91ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-tw.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 496f753f7e96c1427cf6e11d9c5f822a5f1f46b3c54b7429df9a195fa8362884

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 0e80e709b8a551fb76216f2292913241.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665934,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665934,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 0EE259E9F1677F4E
x-amz-id-2: gmjEGc2zFVEbGwTKQ/ppqMdgA0tUi7ptnaYSsrUkS11HLXeCDaBC47InDs2COVr0G7mIuImWsdw=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"0b57c6649a05d662ec7f30d40940f833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: D3IpbdW8RRnzDTspH4xTHYjY3Gw9XB_2
x-amz-cf-pop: PRG50
cf-ray: 542917c4ec5ccbc0-VIE
x-amz-cf-id: XP2Q1rfx3j23c4K8DlI8xbenzzf2ofD9HQPCS69vgHB_HBti_X6MwQ==

GET
H2 200 soc-blue-li.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 6 KB
3 KB 108ms
100ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-li.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d52338fe73e62ffcfa568e9ea399ef0c88783883327b794eace9faa78febf8

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 3ccd008055d57b9960754b53f631671f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665927,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665927,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: DF294D901B12A763
x-amz-id-2: R5uwJtHbbPQesnssKySoDDIchy8NaPlGiPPz25I/5B+Ufg84VX1l7AW/vLLAQ5PMiGB7euykuPM=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"5e6c5282d1c524efcf53ed15f3d5bfcf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 4hkpKyRa8xBg1y3U4IHwCZVBen9AnWpx
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc81cbc0-VIE
x-amz-cf-id: xT_WETeMoEiY6aWcUMorGuEN6rO2-ZqsE6fBQK_vLMh2KoLAToaGAg==

GET
H2 200 soc-blue-all.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
2 KB 87ms
79ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-all.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebbf16975e8957d1e3b765a49226e95711b30af5852c253906c2f171325949b

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 c3369d9c96b77d67d8462b9636a6d7c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665923,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665923,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 68B973949C8FBC23
x-amz-id-2: OsXxrMeAud+0bzGypDwVR9KmZdWtoo+2dJgMlRH0Z3LMuC+IizMNye4TrS7gwX3vAUJPsNDb9EI=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"9243f0c4bf7f108e60528f8e0d1c316a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 9BhyX.B86mcN2azKUAqRU6M3GLg60M66
x-amz-cf-pop: VIE50-C1
cf-ray: 542917c4fc87cbc0-VIE
x-amz-cf-id: bdwPlVYuF8iUpYKe7LHyUdQuNcKuhQ7XyDQTdRTs3DZMtz3Ps2iRGw==

GET
H2 200 c69f2360-4149-4639-aeaa-8672d831cf70.png
no-cache.hubspot.com/cta/default/3354902/ 1 KB
2 KB 174ms
139ms Image
image/png 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3354902/c69f2360-4149-4639-aeaa-8672d831cf70.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

86acedd25fc9c29c616b724b6703378906bc08d0cf52587ab72dab24e6d78c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 19 Dec 2017 20:10:28 GMT
server: cloudflare
x-amz-request-id: F9373CD457C198BE
etag: "ab49f52d6f30a7d46537593d0a321740"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 542917c50f4459b2-VIE
content-length: 1138
x-amz-id-2: Aijp9tZWPhb7mERjGwJDt0IdN9OAwKHLSxFmMvYjKwSGi2CwzPIouowA3juxPqZmCiWcL0b9nWQ=

GET
H2 200 back-to-blog.svg
www.cybereason.com/hubfs/ 1 KB
1 KB 96ms
89ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/back-to-blog.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2432844517e2dd99a05c54b57aac9aac78553489b6111ace7c3d97b826af19ec

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 c882e2039e12421bb0728fbe184b7c4f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470517914,P-3354902,FLS-ALL
age: 698082
edge-cache-tag: F-5470517914,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: B9C54848B4F5FF45
x-amz-id-2: CEbf71IkbaOsnkgKSTreAZu+T/sf+9gC+wu+h/9Df1kCi/w3dEuMbZbfcse5WPBejpb/1Tj+o6Y=
last-modified: Fri, 08 Dec 2017 21:03:59 GMT
server: cloudflare
etag: W/"f8eec92543191f23fee7ab47394dc947"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: AQqdyWUpAjHHjtN7KvPODBFXJFuM5V8s
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc88cbc0-VIE
x-amz-cf-id: lb_BpYW_fbPdmmekWiYq7OUIKXib3Y6KpNyq5ES-etdk-BqfNUtvRA==

GET
H2 200 soc-white-fb.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
1 KB 96ms
89ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-white-fb.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a14dbbe7e5a2fea61d3eb0edcbc959c9df66f8ab1322051606283f281aacfcd

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 268e90ae253be7ec470e142e3f7c5ba0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665944,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665944,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 9324F6A32A87EE06
x-amz-id-2: XWm6I8yvwYbKH/lAlm2HJoMl3BrmpPuQWgHKNn6QVnsxTDJNM0/F+r1+DE9qO1baOq3R8UDgUMc=
last-modified: Fri, 08 Dec 2017 19:35:36 GMT
server: cloudflare
etag: W/"1d582ee7bb25c7a6fc7b946555b8e478"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: tpnNG87aH3sAGfdAeTJSBOroimuwndS9
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc8acbc0-VIE
x-amz-cf-id: FwQvsCyEDW-z9KM4qwcBAj443Q0wxBnXIXI4fdWmuYiE8NNlmK5Ldg==

GET
H2 200 soc-white-tw.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 4 KB
2 KB 106ms
99ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-white-tw.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b45cb384c0bce67cbfe97ffb78913fe0049922279f9985c7c78c2553e6988927

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665943,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665943,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 010CB095DD087EFE
x-amz-id-2: l266lFuIXF2Aljv7eQofxp11RZ5AozUV/ha8p5adcmG13K5ETniB5BT/OVOMY7lhDk7WOCO6rSY=
last-modified: Fri, 08 Dec 2017 19:35:36 GMT
server: cloudflare
etag: W/"998facdb4f84c51899272e3021b751e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: nwFU80z_knQh7GRSx9F5nf48ASw8sdVq
x-amz-cf-pop: VIE50-C1
cf-ray: 542917c4fc8dcbc0-VIE
x-amz-cf-id: jyLV3K215srcz-_7UqkVCm4T1Cu0-u0fs2s1CaZfQh3d3975Z7QPJg==

GET
H2 200 soc-white-li.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 6 KB
2 KB 98ms
91ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-white-li.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a58803f40da69055153491ec078aba127d5b185dd7ddcae8edde6a9b06aea3

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 268e90ae253be7ec470e142e3f7c5ba0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665930,FD-5168280605,P-3354902,FLS-ALL
age: 388031
edge-cache-tag: F-5470665930,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 73A53AF484B6F777
x-amz-id-2: p8a0i1BBFkZfjW44VJjlCKuqvwyTUd0gJ+8sD2Jq+Bueig0nHnc0SsoBMOxlCBHABndP2JAfre0=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"2fa039ec598ada32d8e622ce06981caa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 7hgNjqSN.6ho4JIlDB6L.aHVmXaB2ZmL
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc8ecbc0-VIE
x-amz-cf-id: 7hApxdRUO2a_Ogij6cFRFtiYdA_Oe4-YCDutZ5RbcltszD6l-DeGcA==

GET
H2 200 soc-white-all.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
1 KB 107ms
101ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-white-all.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f874c0c598ebed0993d62f73526322c043050b8c24084b84fa3c2e9a934d147

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 87459a7837f980cdc57ba8a2c23a55ae.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665929,FD-5168280605,P-3354902,FLS-ALL
age: 102141
edge-cache-tag: F-5470665929,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: CC2771CC2F53FE5D
x-amz-id-2: OTYsZkJGSksphVje2V3vLndzZDdqk3rqJZQdkKRc4uS/wNZbuOlN6UXeXqeM8JR5fbpm2IF/KlQ=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"25ff6de7c679184558c3a70f7f916f52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 3LvZOqxpk.RltNKX324YWadLNCD9kfRc
x-amz-cf-pop: VIE50-C1
cf-ray: 542917c4fc8fcbc0-VIE
x-amz-cf-id: cdMImNkLzav9TivYsg9AnK3V_CNF4l372GnKOjCzGa_STKWYTidYNg==

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 79 KB
26 KB 81ms
53ms Script
application/javascript 2606:4700:10::6814:6f27
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6f27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c364200214146a3472c5bda921358178d782760c33320dca356cfeab4353b0e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: e5s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 149801
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
last-modified: Fri, 08 Nov 2019 00:59:54 GMT
server: cloudflare
etag: W/"13d09-596cb4ccb962f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-ray: 542917c50b70cba8-VIE
cf-bgj: minify

GET
H2 200 cr-logo.svg
www.cybereason.com/hubfs/ 7 KB
3 KB 95ms
89ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/cr-logo.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 173db45379b49d9271f8638f9f80936b5e74671a2bbb8376e394090ae9db931e

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 472d4cc0196b47296b184116698506c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21223925924,P-3354902,FLS-ALL
age: 388031
edge-cache-tag: F-21223925924,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: AEF90E4B1AE85E52
x-amz-id-2: WL25ast8kM3AAmP2Z9RTPWd1h2E+pBBfBE++dgXM04FazgYRDfee03gRQk7GULwY2dvt/q4LZgU=
last-modified: Thu, 14 Nov 2019 17:13:14 GMT
server: cloudflare
etag: W/"adecc79934699dcf241e9b6f8f8b280b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: B.7LxTlHESzhX6SLvf9EJR3NJ0vLM7Ei
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc92cbc0-VIE
x-amz-cf-id: Wvolp9ab9Fqpc0QU7NV4lQejBo9jZyffmZg2ipGkAdvwgUZJ2rHFvQ==

GET
H2 200 twitter.svg
www.cybereason.com/hubfs/social-icons/ 792 B
781 B 97ms
92ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/twitter.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0005cf2627e9e54179f90c78bbf355fccafb3907c4ae9e699bc09c4a57d75bf6

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 3ccd008055d57b9960754b53f631671f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232815295,FD-5415380040,P-3354902,FLS-ALL
age: 388031
edge-cache-tag: F-21232815295,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: D27EB873147D68ED
x-amz-id-2: x6pwo2r4ST1xFR1mETQmtxKNfYu6A417iMulAo9+Lk9UvoeaW0yKLvnZvWOmLz5xotR8UJyzl/g=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"14debb189e620cc0a3c4ea84a614b8d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: IMkvHwxtEDDIUOZjgxuxmMpUX.nX82Sy
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc93cbc0-VIE
x-amz-cf-id: viZsYo9mqfwRJw6U0HWZuxU1RiYiArtgWeAW4Q2lo679GU3-jH96QA==

GET
H2 200 linkedin.svg
www.cybereason.com/hubfs/social-icons/ 529 B
822 B 107ms
101ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/linkedin.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fc1bd4c0666cad8d8af42cf8f26c59bc5535b3d907b4db560c7db627e1e5253

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 10c9c057f4a519e21057a8790de37262.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232480017,FD-5415380040,P-3354902,FLS-ALL
age: 704112
edge-cache-tag: F-21232480017,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 31221405DEB02E5F
x-amz-id-2: sgp1k5H7fhuCSSf7b76le7GS29Cnx7jKqx6fvWV4Zt6Pjv5NMHsJEGhA9VPeyzkWwx6YB9NsczU=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"847da66019040cba5b0aed254309f083"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: b893YG7fG7.uXMP.wuBYwG7bD7IigLB0
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc94cbc0-VIE
x-amz-cf-id: yHCZnGfUxpGVCJSMYcY2MzHxa1Ddol2XTZnMWGASYY_3Sy4ewHtyJg==

GET
H2 200 youtube.svg
www.cybereason.com/hubfs/social-icons/ 729 B
911 B 96ms
90ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/youtube.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 312c7a4e3e547301e162c0bf3a7788cf8d52caf2668fbafc01351c9185b97ce4

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 973497bf6a39ec25b3eac8806793ebe5.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232480018,FD-5415380040,P-3354902,FLS-ALL
age: 704112
edge-cache-tag: F-21232480018,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: A64B8FF13D04AE01
x-amz-id-2: gR5TAQK48UUvZn+HwOtQra1jDtmA51MHIL6NZDDYqkhrWb+dQEqUlWKBoacKxNujeH3qdjkUB9k=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"8c8a5ac2ddb60a58a59c7236297f35e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: FRY7VN7QoyOabw.AAGUdC1vw3qSDmi_m
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc96cbc0-VIE
x-amz-cf-id: zxR-TOJ4j5NWIoegGvmn6QVPDxUL4Nwxnd3iZuyOpI3AC6x9fTLptw==

GET
H2 200 facebook.svg
www.cybereason.com/hubfs/social-icons/ 433 B
786 B 120ms
114ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/facebook.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b329852f8f537591d001152e26a1b598ef4e4466fa10d859135843c307d5344e

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 e0c589730c9a4b532776db9306e169c9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21224264479,FD-5415380040,P-3354902,FLS-ALL
age: 388031
edge-cache-tag: F-21224264479,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: EECE724CBC381941
x-amz-id-2: dA9UFlOk1Dmtx8PrR9aFT1ZmdwU1Lt3ef7Jrl8vV0S/SoMtDJYTGqIlp0y124zRt/7xlHO4r2WM=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"e97d7b693699cf2ee748031bf4de38f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: C89llISjlQVo62IUPVtqXB4yDzHnmHiT
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc97cbc0-VIE
x-amz-cf-id: mHWffzJc9gkVn6zEAPTzK7fxyTpHu6XKp6RB-9EDwULsTysQjH0NzQ==

GET
H2 200 instagram.svg
www.cybereason.com/hubfs/social-icons/ 2 KB
1 KB 97ms
91ms Image
image/svg+xml 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/instagram.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 008a6b447b38fe87dac9127b3e47c83f89df61e8ac7285a7e86051ee89e99af9

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 5d9abbb287f32993eb3100a884834ce3.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21223960139,FD-5415380040,P-3354902,FLS-ALL
age: 704112
edge-cache-tag: F-21223960139,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: br
x-amz-request-id: 1465019D33245E38
x-amz-id-2: TtVzqULvcahA8DGXWeekhuywyJp4VZprWm7btP9w/BXNVjNl/B1QHZO2MSIWzBtDXM/5DJat2lY=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"a1012cd27290947d9af72c0ea4236beb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: q2McvAidvV50PdQS5eg2kQ60XsPr41Is
x-amz-cf-pop: PRG50
cf-ray: 542917c4fc98cbc0-VIE
x-amz-cf-id: D-6IhBij1m8c6WQ0az9pKoJo2PzXigPOBSJq_-ZROk7hqD-fQUoD0w==

GET
H2 200 module_6216123918.min.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/1537797472057/ 611 B
491 B 489ms
489ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/1537797472057/module_6216123918.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2832d2ff340e31dfb8300ecaf6967737af72f2c8981c895443abc7c6eaeb6993

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 3F7EEAF5079FE3F7
status: 200
content-type: application/javascript; charset=utf-8
x-amz-id-2: ghk8fk8+tlrAjA8agrIS+0ZwHGM6oepjTvalKXCc6xE+7VH5+8PwSbzIinzhRmcyKoT2jZSzA7Q=
last-modified: Mon, 24 Sep 2018 13:57:53 GMT
server: cloudflare
etag: W/"ca4367b687b17634cfcc1f04939ca9ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LVTFd33H8mC6aV4tWUEgRObV0FIQuz30
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 542917c1f945cbc0-VIE

GET
H2 200 3354902.js Show response
www.cybereason.com/hs/scriptloader/ 1 KB
604 B 145ms
140ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74d7c1dbadbca5dbef2c1b9b4a54f8c92d1f4d796c5728712c08f1eb201c5aad

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
x-trace: 2B0C63CAA99BA9DFA9E9C7609E15CCCDC2646689A2000000000000000000
cf-polished: origSize=1636
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=60
access-control-allow-credentials: false
cf-ray: 542917c4fc9acbc0-VIE
expires: Mon, 09 Dec 2019 18:16:47 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 6 KB
3 KB 80ms
48ms Script
application/x-javascript 72.247.225.215
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.215 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-215.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: be5238c76400fe2da689c27af8d1827067a5f7d06528e441e3596d7ae236ee1d

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:52 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Nov 2019 09:04:08 GMT
Server: Apache
ETag: "4d2d4fd9389c5c77c32c897e944ddd21:1574845448"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2578
Expires: Mon, 09 Dec 2019 18:57:52 GMT

GET
H/1.1 200
OK 58e26bc626b13471520000d9.js Show response
tag.marinsm.com/serve/ 38 KB
10 KB 404ms
317ms Script
text/javascript 151.101.12.65
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/58e26bc626b13471520000d9.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.65 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Cowboy /

Resource Hash

1c96f5968df66d4e10f83ef3bb99124ec3d8f8edeedd242a11e75ea31ea9814d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:53 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9624
X-Served-By: cache-fra19154-FRA
Server: Cowboy
X-Timer: S1575916673.856273,VS0,VE311
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
26 KB 10ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 26702
x-xss-protection: 0
pragma: public
x-fb-debug: sE0FXJ+ZSN6+QbOEOmQcDOMxASHNqVSFi/LOtb3P3IgGm2Zqz6rc9nHSf6lrTTAo36Rz+R/WVFq3POMBJhLoog==
x-fb-trip-id: 1475214379
date: Mon, 09 Dec 2019 18:37:52 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 305ms
97ms Script
application/javascript 54.173.179.199
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.173.179.199 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-173-179-199.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 37787

GET
H2 200 hotjar-704918.js Show response
static.hotjar.com/c/ 6 KB
3 KB 120ms
88ms Script
application/javascript 147.75.33.111
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-704918.js?sv=6

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.33.111 Amsterdam, Netherlands, ASN54825 (PACKET - Packet Host, Inc., US),

Reverse DNS

pkt-ams-k1-12

Software

openresty /

Resource Hash

d543f927522ebb939ff22769450138bceee3bf87b1348d9a4aeb47f02ff437f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 0
status: 200
access-control-max-age: 600
section-io-cache: Miss
content-length: 2143
x-cache-hit: 1
server: openresty
x-frame-options: SAMEORIGIN
etag: W/073452ee1ee2adb5ab8714d1eeaea31f
vary: Accept-Encoding
section-io-origin-status: 304
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.074
accept-ranges: bytes
section-io-id: 886fefbcd4d9e64e400ab5910cc866a9

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/ 2 KB
1 KB 23ms
19ms Script
text/javascript 2a00:1450:4001:819::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=1575916672449&cv=9&fst=1575916672449&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&tiba=Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

1d0cdf2222d4a2ab92f4b481b289f1d7c6124bf16c87260cd72f6d142871eefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 987
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 l
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/ 16 KB
16 KB 23ms
9ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16112

GET
H2 200 l
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/ 16 KB
16 KB 28ms
14ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16252

GET
H2 200 l
use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/ 15 KB
15 KB 29ms
15ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "865da7d2ecc4da3cb6bd5574f01738cfc5c8bb11"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15448

GET
H2 200 l
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/ 16 KB
16 KB 33ms
19ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16652

GET
H2 200 l
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/ 17 KB
17 KB 79ms
66ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 17148

GET
H2 200 l
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/ 16 KB
16 KB 40ms
27ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16456

GET
H2 200 l
use.typekit.net/af/cfbead/0000000000000000000146b3/27/ 23 KB
23 KB 39ms
26ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "122498e3424e674610da39fb441d661549879239"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 23248

GET
H2 200 l
use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/ 15 KB
15 KB 22ms
9ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
server: nginx
access-control-allow-origin: *
etag: "13c2813ff67959226aaa4eccfcdd1399bd756b8d"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15336

GET
H2 200 Untitled-design-52.png
www.cybereason.com/hubfs/Blog%20Images%20-%20Labs/ 385 KB
386 KB 75ms
75ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Blog%20Images%20-%20Labs/Untitled-design-52.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e29d306b13e994a485e8b19c7544daf5fb396d35cbf1c6776adafaad5f6b96c8

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 f1944380c787841c28b16df91c1ec34e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5340556648,P-3354902,FLS-ALL
age: 30228
cf-polished: origFmt=png, origSize=639056
edge-cache-tag: F-5340556648,P-3354902,FLS-ALL
status: 200
content-length: 394118
content-disposition: inline; filename="Untitled-design-52.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 887D57BE7D8ACAAC
x-amz-id-2: H+U8PuOibtqq3VM/dqgt591wTO53uDLZC+Bu9bkcqaEg+2ukoa1MwG/Ob3ZWqFgw3g/a+hePGhg=
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:11:44 GMT
server: cloudflare
etag: "f8c6de04f9de3504db7ec75b52ec77d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: JyDksf1Dhsup6g9.0Hh3rv45QA0gWk0e
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c4fc9dcbc0-VIE
x-amz-cf-id: N-1hzoBuVQI4Xx1t66rnTZd1gLVvMyDv9IULbSK_P6vI-71AdC-4AQ==
cf-bgj: imgq:85

GET
H2 200 Untitled-design-38.png
www.cybereason.com/hubfs/Cybereason%20July%202017/Images/ 12 KB
12 KB 83ms
82ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20July%202017/Images/Untitled-design-38.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9833c7028a84d1115c8ce874fa24458ecfa1115477cf5b04d5b1c2016276b3f

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5272865285,P-3354902,FLS-ALL
age: 30228
cf-polished: origFmt=png, origSize=17913
edge-cache-tag: F-5272865285,P-3354902,FLS-ALL
status: 200
content-length: 12246
content-disposition: inline; filename="Untitled-design-38.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 24C4F758F2EF3C58
x-amz-id-2: xgw0hmIer6vd0rUndTDA2NaHAN7CIk0jJP266YvrVNimQy1bRcALqS9FwI3NvmIgASL1yVCNcKE=
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:07:53 GMT
server: cloudflare
etag: "3040ddb6b340a1da81792f3132d4b8fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 6IyQ5nMZS71_FJFaN_ppA8W2XWsq9C97
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c4fc9ecbc0-VIE
x-amz-cf-id: vDlZvUHBsf9UQNrzcBm00QJGqbs8_wpN-ZOZbKIaTJeGvboSyoT3_w==
cf-bgj: imgq:85

GET
H2 200 featured-overlay.png
cdn2.hubspot.net/hubfs/3354902/Blog%20Feature%20Images/ 165 KB
166 KB 101ms
26ms Image
image/png 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hubfs/3354902/Blog%20Feature%20Images/featured-overlay.png?t=1513647154353
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bea2f9a81ff3f3fbbf2ec0a87e55d9f3ac4f0175c2c8be4db3aef9ac3d5a4f4

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 1cc446ef4692d8e752b16c07f2f58a59.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5462123206,FD-5339435640,P-3354902,FLS-ALL
age: 642664
cf-polished: status=not_needed
edge-cache-tag: F-5462123206,FD-5339435640,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-type: image/png
content-length: 169104
x-amz-id-2: 5wMA3yIyPBLYEZ7cLn0lBE2hpzkjmuQ81rPRsR+Lr21n9u9kLGPayrqQDQiRiEZkPZUK0Sk+uDo=
last-modified: Mon, 04 Dec 2017 21:20:34 GMT
server: cloudflare
etag: "d0df19a6304235f7db891e67ceec2f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 36130A8E33AF1E8F
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: Hc5Bj7HcwoRhwKWqkaF4P6ee537gYNei
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 542917c56d81cb9c-VIE
x-amz-cf-id: K5_3hT57GpSiU2Ck5ztFPxdYjOGN9KLTAYR1i7EXHDXIzkGfSMiMxQ==
cf-bgj: imgq:85

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 20ms
19ms Font
application/octet-stream 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
cf-cache-status: HIT
age: 20550613
cf-ray: 542917c4fbe68c74-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
content-length: 77160
last-modified: Thu, 17 May 2018 09:19:53 GMT
server: cloudflare
etag: "5afd4939-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:37:52 GMT
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
served-in-seconds: 0.012

GET
H2 200 DINNextLTPro-MediumCond.woff
cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/ 50 KB
50 KB 97ms
24ms Font
application/font-woff 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/DINNextLTPro-MediumCond.woff
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b293e4c10e7df359f78a8c4f0b5106f2bfa3d8b6de7e43441724849c3734d38

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5348526345,P-3354902,FLS-ALL
age: 111878
edge-cache-tag: F-5348526345,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: gzip
content-type: application/font-woff
x-amz-request-id: 8384A420427DB078
x-amz-id-2: qE6A4UXT6uPMQQpzwPQ0kYQE6qV++U/MzB2Tnti6FiEEq/iFUTzNDKdiFtS6LLYfZN6ObGzRm9c=
last-modified: Sun, 08 Oct 2017 14:12:38 GMT
server: cloudflare
etag: W/"169de8bbeb4aa5db5f87b95f2ab95714"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: sGlGR.53wqPoExj8Omwf.6WtxL86SIC7
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: TXL52-C1
cf-ray: 542917c56c93cba8-VIE
x-amz-cf-id: JWc6L2ms9TR30TSKpZixKA_brj1i884O_SQ5F0GrsXBNKxT5WkRMaQ==

GET
H2 200 AndaleMonoMTStd.woff
cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/ 17 KB
18 KB 96ms
22ms Font
application/font-woff 2606:4700::6811:f2cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/AndaleMonoMTStd.woff
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f469248695d5b0f09feac08e6f219ef58cc81b64c4f0d4869b5b0d578ff1fe1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
via: 1.1 3dca71b0fde541bcd2caf3756ffbc27a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5354893296,P-3354902,FLS-ALL
age: 649497
edge-cache-tag: F-5354893296,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
content-encoding: gzip
content-type: application/font-woff
x-amz-request-id: 93361B9B3D412C37
x-amz-id-2: 5QeDJmymcI8ejc8l2aEd2bdkLutbYthfHoKCCthF1DusSQ4F1T93Vwb8dCGtT6VdWk5cIivcM+o=
access-control-allow-origin: *
last-modified: Sun, 08 Oct 2017 14:13:02 GMT
server: cloudflare
etag: W/"f7380ca97f617dd2c8430b741b02fbd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: J9b6f7GJD_pDbFc6Mhjyo1CbL0.9Btnw
x-amz-meta-edge-cache-tag: F-5354893296,FD-5348465397,P-3354902
cache-control: s-maxage=1209600, max-age=1209600
x-amz-cf-pop: VIE50-C1
cf-ray: 542917c56c99cba8-VIE
x-amz-cf-id: uzTUK5NxcEn7hLxYxs0jETRAbps0aj9JRoZbv7ktF9fOcWvMlL5qvg==

GET
H2 200 -F63fjptAgt5VM-kVkqdyU8n1i8q0g.ttf
fonts.gstatic.com/s/ibmplexmono/v5/ 36 KB
18 KB 7ms
7ms Font
font/ttf 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexmono/v5/-F63fjptAgt5VM-kVkqdyU8n1i8q0g.ttf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

128cfa4458d1c804e935930664e96ff59b16139513d6492b6ee031916862246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Thu, 21 Nov 2019 15:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1566900
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18109
x-xss-protection: 0
last-modified: Tue, 16 Jul 2019 02:44:46 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Nov 2020 15:22:52 GMT

GET
H2 200 post-cta-bg.jpg
www.cybereason.com/hubfs/ 134 KB
134 KB 48ms
48ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/post-cta-bg.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a384c08dee325f9eb1b6300ec90bb7e1bc4468c958d83a3b05e9efb06783099

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 34ef900fc796e5d1cba16bcb77acbff5.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470761761,P-3354902,FLS-ALL
age: 698082
cf-polished: qual=85, origFmt=jpeg, origSize=218637
edge-cache-tag: F-5470761761,P-3354902,FLS-ALL
status: 200
content-length: 136716
content-disposition: inline; filename="post-cta-bg.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: B108AB17337FDB93
x-amz-id-2: f54jT/zRuHNujvAVWkQe1cBISCvgue29bRWmm0NbyC1ZBQz8RzleKAZ3mRPKfGKJtdCxJkMDPRY=
x-cache: Miss from cloudfront
last-modified: Fri, 08 Dec 2017 20:47:51 GMT
server: cloudflare
etag: "cf5c5d6bd0b14e4c95df03ae562d036d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: XAibKoVJbZOnKQp3BHlsQh82u9GV0.Hk
x-amz-cf-pop: PRG50
accept-ranges: bytes
cf-ray: 542917c669decbc0-VIE
x-amz-cf-id: ybMj4biiCxYDpPcJ7Y1dXBKzypOFNIGuDtNTUpKBrvTFqn6HOcDrhA==
cf-bgj: imgq:85

GET
H2 200 p.gif
p.typekit.net/ 35 B
201 B 23ms
22ms Image
image/gif 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.19.2&app=typekit&e=js&_=1575916672963
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:52 GMT
last-modified: Mon, 04 Feb 2019 21:28:53 GMT
server: nginx
access-control-allow-origin: *
etag: "5c58ae95-23"
content-type: image/gif
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 35
expires: Mon, 19 Aug 2019 11:43:27 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/934771702/ 42 B
110 B 37ms
37ms Image
image/gif 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934771702/?random=1575916672449&cv=9&fst=1575914400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&tiba=Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group&fmt=3&is_vtc=1&random=3363459956&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:52 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/934771702/ 42 B
110 B 23ms
22ms Image
image/gif 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/934771702/?random=1575916672449&cv=9&fst=1575914400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&tiba=Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group&fmt=3&is_vtc=1&random=3363459956&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:52 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 116645602292181 Show response
connect.facebook.net/signals/config/ 349 KB
85 KB 74ms
74ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/116645602292181?v=2.9.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c50ea8ca447c397c6c0e7d9ddf41849258bc2e8fdd6d01726d0bfa270bef1e8e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 8jD4M8MHwMXTHEeEr1A2mVs7A2l4YKTMcAr2TGkLalLOu+VTae/qdN0lPuVqRIEK1RcRn8m0haJtIK55+7FeNw==
x-fb-trip-id: 1475214379
date: Mon, 09 Dec 2019 18:37:53 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel
tr.outbrain.com/ 43 B
307 B 108ms
103ms Image
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.outbrain.com/pixel?marketerId=0027b8e5e3241bf8cc1be75fc37da5a0b4&obApiVersion=1.1&obtpVersion=1.1.7&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&optOut=false&bust=017578805369342487

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
content-encoding: gzip
traffic-path: NYDC1, JFK, FRA, Europe1
x-cache: MISS, MISS
status: 200
x-traceid: ea33fd421eb1d48c65a6c4ae307c5dc5
content-length: 60
x-served-by: cache-jfk8148-JFK, cache-fra19173-FRA
x-timer: S1575916673.993884,VS0,VE97
date: Mon, 09 Dec 2019 18:37:53 GMT
content-type: image/gif;
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
backend-ip: 104.156.90.48
accept-ranges: bytes, bytes
x-cache-hits: 0, 0

GET
H/1.1 200
OK pixel
amplifypixel.outbrain.com/ 43 B
314 B 541ms
86ms Image
image/gif 70.42.32.63
Outbrain

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://amplifypixel.outbrain.com/pixel?mid=0027b8e5e3241bf8cc1be75fc37da5a0b4&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&bust=07957586434673469

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:53 GMT
Cache-Control: no-cache
X-TraceId: 1b4850027553af859bea6cb142b9c981
content-encoding: gzip
Content-Length: 60
Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Type: image/gif;

GET
H2 200 recommended-bg.jpg
www.cybereason.com/hubfs/ 33 KB
33 KB 62ms
62ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/recommended-bg.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 290413fe1d21f4efc20f033f39acc3161043941087be7058a9412b9b4ef3630d

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 6c9f184c491eed5c51abd110e89bd97b.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470760609,P-3354902,FLS-ALL
age: 102141
cf-polished: qual=85, origFmt=jpeg, origSize=108319
edge-cache-tag: F-5470760609,P-3354902,FLS-ALL
status: 200
content-length: 33348
content-disposition: inline; filename="recommended-bg.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 7A98E1A287E8607A
x-amz-id-2: gUY46Z0ckVuv7hw8WCAvB120avLPd9+lWF6kOHRVMkQ+DOlH6HPD8q4K6e72wmOmH3GkA/GbCyc=
x-cache: Miss from cloudfront
last-modified: Fri, 08 Dec 2017 20:45:02 GMT
server: cloudflare
etag: "1c033d413cd83761f8b3dec27b6f6c0a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: ehpqu3LaIuFE1n7KlwvrlDoqjLDDhj8O
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c6bb74cbc0-VIE
x-amz-cf-id: 4TXs7Y-W8RVVXvTX8w9OpCQ5nGxoVSBs0kJbvAXRW5P-6hi4e_fKVg==
cf-bgj: imgq:85

GET
H2 200 P_Ol4-OLtClbFoXdAMvFfm12T6QlHyye3_gBk0tmKTOFmzoWvrt7M4Sv0fR9ipE8O5ES0LVqNvJMCBfFXO-PE5rQDBESlUoCXnp1QpY_Y-53byhmil5O_-n2koYLvnNgYz4pKEJQ
lh3.googleusercontent.com/ 683 KB
684 KB 35ms
7ms Image
image/jpeg 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/P_Ol4-OLtClbFoXdAMvFfm12T6QlHyye3_gBk0tmKTOFmzoWvrt7M4Sv0fR9ipE8O5ES0LVqNvJMCBfFXO-PE5rQDBESlUoCXnp1QpY_Y-53byhmil5O_-n2koYLvnNgYz4pKEJQ

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

2854f9e64057ccbcc279bb9300b43877c9e9d2a3845b45c7d2f6bd62f220fdfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 15:21:23 GMT
x-content-type-options: nosniff
age: 11790
status: 200
content-disposition: inline;filename="Timeline_SoftCell_Black_Final.jpg"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 699679
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 03 Dec 2019 11:03:11 GMT

GET
H2 200 featured-overlay.png
www.cybereason.com/hubfs/Blog%20Feature%20Images/ 165 KB
166 KB 72ms
71ms Image
image/png 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Blog%20Feature%20Images/featured-overlay.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bea2f9a81ff3f3fbbf2ec0a87e55d9f3ac4f0175c2c8be4db3aef9ac3d5a4f4

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 e010e3963cfd47d783f0503a3dbc3b90.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5462123206,FD-5339435640,P-3354902,FLS-ALL
age: 102141
cf-polished: status=not_needed
edge-cache-tag: F-5462123206,FD-5339435640,P-3354902,FLS-ALL
status: 200
content-length: 169104
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: F2386C4CDC8DB8CE
x-amz-id-2: 5Gu/YRHOD0ww6xDqXlFKNCvVU6AprErPWvmM2mgWUqYQxInkxAQmV5LL4GDJsQHLpNvFWZBoovo=
last-modified: Mon, 04 Dec 2017 21:20:34 GMT
server: cloudflare
etag: "d0df19a6304235f7db891e67ceec2f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: Hc5Bj7HcwoRhwKWqkaF4P6ee537gYNei
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c6cbedcbc0-VIE
x-amz-cf-id: CqbqTQg4ijms3RDoSpdXpvU61LFC8nmEVilft3red2QTraWjjVGl8A==
cf-bgj: imgq:85

GET
H2 200 Institutional%20pattern%20with%20theme%20of%20beginnings%20Section%20of%20exterior%20wall%20of%20poured%20concrete%20for%20large%20university%20building%20under%20construction.jpeg
www.cybereason.com/hubfs/Stock%20images/ 136 KB
137 KB 48ms
48ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Stock%20images/Institutional%20pattern%20with%20theme%20of%20beginnings%20Section%20of%20exterior%20wall%20of%20poured%20concrete%20for%20large%20university%20building%20under%20construction.jpeg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c654dd77760afac0602774d30a217ad457e78d0ccf16b47ec0197759f28d581a

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 89325178f4430fe7d65a260b33ed0234.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5510469479,FD-5168863786,PE4lK,FLS
age: 93719
cf-polished: qual=85, origFmt=jpeg, origSize=278257
edge-cache-tag: F-5510469479,FD-5168863786,PE4lK,FLS
status: 200
content-length: 139332
content-disposition: inline; filename="Institutional%20pattern%20with%20theme%20of%20beginnings%20Section%20of%20exterior%20wall%20of%20poured%20concrete%20for%20large%20university%20building%20under%20construction.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: 71C7C9E5DD1D944C
x-amz-id-2: WsIv/gSrldakH62Vmp2YmuGcFRACqDJM0C5+/sJ44omkJSDPDoqx8xG2kuEp249ZFBqUtnmXqFI=
x-cache: Miss from cloudfront
last-modified: Tue, 09 Jan 2018 19:31:03 GMT
server: cloudflare
etag: "5f77ecdfef344627600c64f51c51892e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: GAXW1iw6IXn1KcCHy1UYsDDNuQiPY5l0
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c6cbefcbc0-VIE
x-amz-cf-id: nlMAY61aHJS3mH8Xea4zJr8WV93tVciAONO3mvRcVrPZygYI9UyztQ==
cf-bgj: imgq:85

GET
H2 200 shutterstock_190197608-1024x391.jpg
www.cybereason.com/hubfs/Blog%20Feature%20Images/ 58 KB
58 KB 50ms
49ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Blog%20Feature%20Images/shutterstock_190197608-1024x391.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c73ee67c455428ed57592d1c92e1851394dce413b7f07d00067717cc4126119

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 1d0fc03b30809d10a25a905ba30d8170.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5364596279,P-3354902,FLS-ALL
age: 93718
cf-polished: qual=85, origFmt=jpeg, origSize=105531
edge-cache-tag: F-5364596279,P-3354902,FLS-ALL
status: 200
content-length: 58974
content-disposition: inline; filename="shutterstock_190197608-1024x391.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: C66762D7FB6DA65F
x-amz-id-2: bhcL7WiaIeVL76hDaG02Z4Csak9BK6OguAYqG8/Pt9qpLiFbQncPYiAK1H8pNRQ3i+gUkjiQ1uE=
x-cache: Miss from cloudfront
last-modified: Sun, 08 Oct 2017 14:14:01 GMT
server: cloudflare
etag: "601eeb97626335ae16e4b705a1114480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: aZwVe05sCMuzJEnS1Sa3RSPepO1KG1Bo
x-amz-cf-pop: FRA53
accept-ranges: bytes
cf-ray: 542917c6fcb7cbc0-VIE
x-amz-cf-id: Fgg2rBIuQ2N5VwECuHf3de0MKbzmouyDKmiEpns6OWKQGOY7Ohizgg==
cf-bgj: imgq:85

GET
H2 200 footer-bg-1.jpg
www.cybereason.com/hubfs/Cybereason%20Images/ 13 KB
14 KB 47ms
46ms Image
image/webp 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/footer-bg-1.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a90f41e11e84c6c6fadb308996f23938f68d1a22af220685948f2780c1aabb80

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 e9e2a595ae7215ef40a63576095c281b.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5562959278,FD-5168280605,PE4lK,FLS
age: 102140
cf-polished: qual=85, origFmt=jpeg, origSize=45900
edge-cache-tag: F-5562959278,FD-5168280605,PE4lK,FLS
status: 200
content-length: 13796
content-disposition: inline; filename="footer-bg-1.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: A0D510BF5A97AECD
x-amz-id-2: wwnwLMk8jr31sJZA7diy6M96Bh59zld4EHkkJ/ndwh+PwK3SO//0ZlRWj9JM5DqoFPQl5ZYNQ/4=
x-cache: Miss from cloudfront
last-modified: Tue, 06 Feb 2018 20:37:25 GMT
server: cloudflare
etag: "ded9372575a7c18a9156f125068cf056"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: EpkMgZUplyfvTWZl_9_.Vhj3DilH2NMd
x-amz-cf-pop: PRG50
accept-ranges: bytes
cf-ray: 542917c71d1ccbc0-VIE
x-amz-cf-id: UryIWXjLRATxMabCGMovu2bvGXrNzHOchvCdR4veOKhzZR9keu-tIQ==
cf-bgj: imgq:85

GET
H2 200 modules.1563bfc088652f728ad5.js Show response
script.hotjar.com/ 399 KB
70 KB 67ms
24ms Script
application/javascript 147.75.85.25
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.1563bfc088652f728ad5.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.85.25 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-9
Software: /
Resource Hash: 464f98ed0cc4bd0a6f0858a99c60f2e018645009265ed955a0a2eb0f5ca81e00

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
content-encoding: br
last-modified: Thu, 28 Nov 2019 17:38:37 GMT
access-control-allow-origin: *
etag: "6f4d0398872f50ffe1212d1d3fe37a64"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.026
section-io-origin-status: 200
accept-ranges: bytes
section-io-id: 787ea2ce54bdad2c015aad0e52b38eca
content-length: 70909

GET
H2 200 l
use.typekit.net/af/f2e356/00000000000000003b9b0ef5/27/ 35 KB
35 KB 8ms
7ms Font
application/font-woff2 95.100.67.47
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f2e356/00000000000000003b9b0ef5/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-67-47.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9af256cb88b39b1a3b6e36b50a7d7f3215db54331371bb53ed698450672ddcc8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
server: nginx
access-control-allow-origin: *
etag: "a0f0ee5943ccfb765480534c9add4201dba5a006"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 35932

GET
H2 200 cybereason-arrow.woff2
www.cybereason.com/hubfs/Fonts/ 2 KB
3 KB 61ms
60ms Font
application/font-woff2 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/Fonts/cybereason-arrow.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcaf54bc46707931d5bcfd93e5b1ac50a518dabb1748fb5155353b392f11c2f8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 40e8cff7eb9a18d9e3d7f191f1493514.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-20974772751,FD-5167100825,P-3354902,FLS-ALL
age: 93717
edge-cache-tag: F-20974772751,FD-5167100825,P-3354902,FLS-ALL
status: 200
content-length: 2200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 43
x-amz-request-id: E2139991A42B3ABC
x-amz-id-2: vsAPr1Ncwbfy1IqBMiS33cNnc0QOiVedm/GR7kjIfzbDZZEOS7TbB24/6Z/3ookRNNo3g0fEaOo=
last-modified: Tue, 12 Nov 2019 18:05:03 GMT
server: cloudflare
etag: "28fb154fbabe25f37ef8bd98ec057a51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: nxxFbRZiJ0l5.6jBTiMaZGgmevb8x6Rg
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
cf-ray: 542917c669e5cbc0-VIE
x-amz-cf-id: YXl3sePXKtuTTlX5U5Kec_UsH2kehKZEAsC_qOLe65DsWjnDnGK1Gg==

GET
H2 200 -F6qfjptAgt5VM-kVkqdyU8n3twJwlBFhw.ttf
fonts.gstatic.com/s/ibmplexmono/v5/ 37 KB
18 KB 8ms
8ms Font
font/ttf 2a00:1450:4001:821::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexmono/v5/-F6qfjptAgt5VM-kVkqdyU8n3twJwlBFhw.ttf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6b66955d2f6a8fab43675c6a02f74f5d3914d07121b12396bc9308dbb00d78fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1575597278731/combined-css-f9cea09f6c63efd6ad26ac538a2b4d25.css
Origin: https://www.cybereason.com

Response headers

date: Thu, 21 Nov 2019 04:40:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1605464
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18509
x-xss-protection: 0
last-modified: Tue, 16 Jul 2019 03:39:51 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Nov 2020 04:40:09 GMT

GET
H2 200 sm.22.html
static.addtoany.com/menu/ Frame 9927 0
0 22ms
22ms Document
text/html 2606:4700:10::6814:6f27
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6f27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: static.addtoany.com
:scheme: https
:path: /menu/sm.22.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
accept-encoding: gzip, deflate, br
cookie: __cfduid=daf9a57b41fd35d9edaafe4a9c79ee37c1575916672
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Response headers

status: 200
date: Mon, 09 Dec 2019 18:37:53 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Thu, 03 Oct 2019 06:59:00 GMT
etag: W/"70f-593fc1ec1791b"
cache-control: max-age=315360000, immutable
age: 992122
vary: Accept-Encoding
via: e5s
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 542917c6a97bcba8-VIE
content-encoding: br

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 0caba5f8-036c-4fa7-83d6-166a0180e075 Show response
www.cybereason.com/_hcms/forms/embed/v3/form/3354902/ 19 KB
4 KB 225ms
225ms Script
application/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/_hcms/forms/embed/v3/form/3354902/0caba5f8-036c-4fa7-83d6-166a0180e075?callback=hs_reqwest_0&hutk=

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cb6e2b374547fb610689172469520a25256bb83a70180a443553c9e688ab676

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-trace: 2B4E3E8D4087A05102D2DF04CE1837C5EB491C2E71000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
cf-ray: 542917c71d20cbc0-VIE

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

1b0619e6758cd0689fbfc91db4069ca2fcad4fad6871a9a1cd51c8fda62a1b98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: DEtD38GFK07ahamaMAwrXg==
status: 200
date: Mon, 09 Dec 2019 18:37:53 GMT
expires: Mon, 09 Dec 2019 18:48:05 GMT
alt-svc: h3-23=":443"; ma=3600
content-length: 1782
x-fb-debug: Ft2sJvQZQ61WItVeAEDhOkgalvv6HW4RHRrjp+tX/hICdVw5nN3rbFVIuGu+KydUz8ekJjgKBR5Pfr5toAsaEg==
x-fb-trip-id: 1475214379
x-fb-content-md5: 5fd4286834491530cce1e4f4bec0f9c2
etag: "823c8cde9b764ae309afbfcb8b2ad4f3"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 20ms
6ms Script
application/javascript 151.101.112.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 13c88608140b103dd0eb9040e4466efcb7b0a1d7784bdd802c702e3a25fea222

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28852
x-served-by: cache-iad2149-IAD, cache-hhn4072-HHN
last-modified: Tue, 26 Nov 2019 18:14:56 GMT
etag: "6448d12e510c748220c730e694411504+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 31ms
30ms Script
application/javascript 2606:4700:10::6814:6f27
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6f27 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: e5s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27792427
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-ray: 542917c78ca7cba8-VIE
cf-bgj: minify

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 4 KB
2 KB 92ms
35ms Script
application/javascript 2606:4700::6811:70b0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6d9d9e6046d227df0c818d934dadd9fadf08687308138b91376258494826f9b

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 09e7a54b3c0e42cf23f1deb97f4f6b95.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 162
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: gzip
x-amz-version-id: j6PreIy4qN8jPYd1cm1sPhZdAFQ60qMd
last-modified: Thu, 24 Oct 2019 01:14:11 GMT
server: cloudflare
etag: W/"c3fbcea4ff6fedca3f7d2d25bcf17318"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=600
x-amz-cf-pop: IAD89-C2
cf-ray: 542917c7ecfc5994-VIE
x-amz-cf-id: 6OQrZIX1yK2tncyT6R90k9DJyDBAN_kHg3Qf3ca0lYZxKvx3b-62mg==

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 377 KB
61 KB 1744ms
1688ms Script
application/javascript 2606:4700::6811:e7cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e7cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:54 GMT
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2019 01:52:48 GMT
server: cloudflare
etag: W/"54006d8d669ba60aff038448ad347c84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-version-id: Mo8RDmG1YId30ggWGmkBlVvLfaalQv4Q
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 542917c7ee03cba8-VIE
x-amz-cf-id: HjJNmGuAjhRMgSLLslT1CWyPCHcJSdK7c-0aNjIDISM6mLbWVEouEA==

GET
H2 200 3354902.js Show response
js.hs-analytics.net/analytics/1575915300000/ 74 KB
26 KB 1755ms
1696ms Script
text/javascript 2606:4700::6811:46b0
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1575915300000/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c133f839dd6874c4bcff2352f9b7d3ef09c70e0dfc00cca641115502533e30b

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:54 GMT
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: 78C90123B530C8C9
status: 200
content-type: text/javascript
x-amz-id-2: sAiZtsaZjWtHr8JM1YEHVqkwubjgov3oupCms6eB9MkfG580BU3r4uMLG/sxxwJIlvQIw8pQ0dU=
last-modified: Tue, 29 Oct 2019 20:40:40 GMT
server: cloudflare
etag: W/"f5c8d092ec732e4c01d7fbe92f8b1f31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 542917c7ee905a06-VIE
expires: Mon, 09 Dec 2019 18:42:53 GMT

GET
H2 200 box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame 78BE 0
0 44ms
14ms Document
text/html 147.75.85.99
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.85.99 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-5
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-b736908ce6b0e933fad3a2e45df61b38.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Response headers

status: 200
date: Mon, 09 Dec 2019 18:37:53 GMT
content-type: text/html
content-length: 808
cache-control: max-age=31536000
content-encoding: br
last-modified: Thu, 28 Nov 2019 17:38:31 GMT
etag: "ed7551919779fd07dbfe6d776c643379"
section-io-origin-status: 200
section-io-origin-time-seconds: 0.028
vary: Accept-Encoding
accept-ranges: bytes
section-io-id: 0978d60cae2b39de81c11f25f2603fee

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 187 KB
56 KB 55ms
39ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=6e115860a643b8932926173482a55001&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

04176ae603be4b3c939214eaa0ca369097e207fd12d0f5ef4358f6345d79067c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Origin: https://www.cybereason.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: dWiCW8K1AuXwMVHn9x/VYg==
status: 200
date: Mon, 09 Dec 2019 18:37:53 GMT
expires: Tue, 08 Dec 2020 17:18:49 GMT
alt-svc: h3-23=":443"; ma=3600
content-length: 56817
x-fb-debug: FilV7L87n9FOhW1O2nEPy1AwSXiWkc6fl0a3mYEwQr7lzh63JwkRuz9bLQWsOURXJlH2Y10AhnWhwsw8AvyVsQ==
x-fb-trip-id: 1475214379
x-fb-content-md5: 2fef2e61e72ff683b61075b666434afe
etag: "cc82fd32b68cb533598ddf97207f1e9d"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 /
www.facebook.com/tr/ 44 B
252 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=116645602292181&ev=PageView&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&rl=&if=false&ts=1575916673359&sw=1600&sh=1200&v=2.9.14&r=stable&ec=0&o=30&fbp=fb.1.1575916673358.1218135629&it=1575916672975&coo=false&rqm=GET

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Mon, 09 Dec 2019 18:37:53 GMT

GET
H2 200 widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html
platform.twitter.com/widgets/ Frame 3B68 0
0 7ms
7ms Document
text/html 151.101.112.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html?origin=https%3A%2F%2Fwww.cybereason.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.6a44a9d26983bbb5b04ae399f9e496fe.html?origin=https%3A%2F%2Fwww.cybereason.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Response headers

status: 200
last-modified: Tue, 26 Nov 2019 18:11:58 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "7d3f6ed140174a20e7c8be261a70a863+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Mon, 09 Dec 2019 18:37:53 GMT
x-served-by: cache-iad2139-IAD, cache-hhn4072-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5816

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=71641&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag

83 B
411 B

28ms
28ms

Script
text/javascript

34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5b91b48f4444cc2818966a82275464cec6ebffa7f881ae699d5fcb019fcae28f

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 83
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&referer=&fp=d2fff768385a51f6e295620ea70f0269
https://tracking.leadlander.com/tracking.png

68 B
347 B

88ms
87ms

Image
image/png

54.156.185.237
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.185.237 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-156-185-237.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:53 GMT
Last-Modified: Wed, 26 Sep 2018 16:48:51 GMT
Server: Kestrel
ETag: "1d455b8cd761bc4"
Strict-Transport-Security: max-age=2592000
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Location: /tracking.png
Date: Mon, 09 Dec 2019 18:37:53 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=2592000

GET
H2 200 xd_arbiter.php
staticxx.facebook.com/connect/ Frame DC34 0
0 8ms
6ms Document
text/html 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter.php?version=44

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js?hash=6e115860a643b8932926173482a55001&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter.php?version=44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
accept-encoding: gzip, deflate, br
cookie: fr=0coPT8hqqTXcEN9KR..Bd7pSB...1.0.Bd7pSB.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Response headers

status: 200
content-type: text/html; charset=utf-8
expires: Fri, 04 Dec 2020 21:35:01 GMT
strict-transport-security: max-age=15552000; preload
content-encoding: gzip
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: public,max-age=31536000,immutable
x-fb-debug: +AQyIV6r8E4cDZ9li1P0QP0bQdvlnXXtDZ4nmjcW96Lr9fcNibva4yf3b3c+hhBYb6VnP0GAE+OeCmXiJghzgw==
content-length: 12381
x-fb-trip-id: 1475214379
date: Mon, 09 Dec 2019 18:37:53 GMT
alt-svc: h3-23=":443"; ma=3600

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_WHiU2QXXKJlIsJwaL

43 B
557 B

140ms
125ms

Image
image/gif

104.244.42.131
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_WHiU2QXXKJlIsJwaL

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Mon, 09 Dec 2019 18:37:53 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 864fd240dc88dc959e27d16b9f773fc3
x-transaction: 00daaa2f00865c0a
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_WHiU2QXXKJlIsJwaL
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_WHiU2QXXKJlIsJwaL&sigv=1&esig=2~57f9ff68b3e166d24961ccc41d6d063d5b3a274b
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_WHiU2QXXKJlIsJwaL

43 B
460 B

388ms
87ms

Image
image/gif

34.233.1.29
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_WHiU2QXXKJlIsJwaL
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.1.29 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-233-1-29.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

Date: Mon, 09 Dec 2019 18:37:53 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_WHiU2QXXKJlIsJwaL
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_WHiU2QXXKJlIsJwaL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_WHiU2QXXKJlIsJwaL

43 B
109 B

16ms
15ms

Image
image/gif

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_WHiU2QXXKJlIsJwaL
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.167.2 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 google
server: OXGW/16.167.2
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 09 Dec 2019 18:37:53 GMT
via: 1.1 google
server: OXGW/16.167.2
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_WHiU2QXXKJlIsJwaL
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_WHiU2QXXKJlIsJwaL

0
239 B

159ms
159ms

Image
image/gif

8.39.36.143
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_WHiU2QXXKJlIsJwaL
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.143 , United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 5daa34953a867809056448757b76591b
Expires: 0

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_WHiU2QXXKJlIsJwaL
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfV0hpVTJRWFhLSmxJc0p3YUw
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

29ms
29ms

Image
image/gif

34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:53 GMT
server: HTTP server (unknown)
location: https://pixel-geo.prfct.co/cb?partnerId=goo
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 167ms
111ms Image
image/gif 34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=8257847&source=js_tag&a_id=71641
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1 200
OK seg
secure.adnxs.com/ 43 B
1 KB 16ms
15ms Image
image/gif 185.33.223.215
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/seg?t=2&add=8257847

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.215 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

315.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Dec 2019 18:37:55 GMT
AN-X-Request-Uuid: d767a581-2ff6-41b8-bbaa-74097c630ae9
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 315.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.102:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
105 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=116645602292181&ev=Microdata&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&rl=&if=false&ts=1575916673863&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group%22%2C%22meta%3Adescription%22%3A%22Reviewing%20the%20lifecycle%20of%20Operation%20Cobalt%20Kitty%2C%20an%20APT%20carried%20out%20by%20the%20OceanLotus%20Group%2C%20covering%20every%20stage%20from%20the%20initial%20infiltration%20to%20data%20exfiltration.%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Reviewing%20the%20lifecycle%20of%20Operation%20Cobalt%20Kitty%2C%20an%20APT%20carried%20out%20by%20the%20OceanLotus%20Group%2C%20covering%20every%20stage%20from%20the%20initial%20infiltration%20to%20data%20exfiltration.%22%2C%22og%3Atitle%22%3A%22Operation%20Cobalt%20Kitty%3A%20A%20large-scale%20APT%20in%20Asia%20carried%20out%20by%20the%20OceanLotus%20Group%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cybereason.com%2Fhubfs%2FBlog%2520Images%2520-%2520Labs%2FUntitled-design-52.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.14&r=stable&ec=1&o=30&fbp=fb.1.1575916673358.1218135629&it=1575916672975&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Mon, 09 Dec 2019 18:37:53 GMT

GET
H2 200 loader-v2.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 6 KB
2 KB 213ms
213ms Script
text/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&hsutk=c7a000001da013891505016eebf41f25&pageId=5283765824&pg=5d884927-a051-4ae7-b129-94438da0638b&pid=3354902&sv=static-1.209&lag=2038&rdy=1&cos=1&df=t
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 816510c8eec0ed49a9ed74df8eacb59ed9029a410dab1d17a022d9c8eabbc77a

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
x-trace: 2BD02ABCA24DC3E574C0C0B6E8B4A8FB370A97D98C000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917d1e9becbc0-VIE
content-length: 2116
x-robots-tag: noindex, follow

GET
H2 200 loader-v2.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 6 KB
2 KB 220ms
219ms Script
text/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&hsutk=c7a00000104d1dac151b016eebf41f65&pageId=5283765824&pg=db7ec7b0-6c73-4af6-86ce-58fe37cec1e0&pid=3354902&sv=static-1.209&lag=2001&rdy=1&cos=1&df=t
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 398f0f13032812fe7c8a09a8b1b6409fc63b13efd83d0da7d45ca89c764fcb6e

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
x-trace: 2BCAE15004A05F70EAEF2ED0C136FC971BACCF36B6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917d24b39cbc0-VIE
content-length: 2117
x-robots-tag: noindex, follow

GET
H2 200 loader-v2.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 6 KB
2 KB 294ms
293ms Script
text/javascript 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&canon=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&hsutk=c7a0000018f01a4a1a70016eebf41f96&pageId=5283765824&pg=c69f2360-4149-4639-aeaa-8672d831cf70&pid=3354902&sv=static-1.209&lag=2002&rdy=1&cos=1&df=t
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8863481142e16d051706ac3639ef9f435e017bf3b525cec861165bad6b12aa

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
x-trace: 2B805F599FBCC2E91ACA6BC44E1EAA6C7D64F64FCA000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917d29c48cbc0-VIE
content-length: 2122
x-robots-tag: noindex, follow

GET
H2 200 cta-loaded.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 0
125 B 215ms
214ms Script
text/plain 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3354902&pg=5d884927-a051-4ae7-b129-94438da0638b&lt=1575916672816&dt=1575916674854&at=1575916675080&ae=1&sl=1&an=1
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: MISS
server: cloudflare
x-trace: 2B6BCA6742BE0EFA698856865E40F2BCCDBF524EBC000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
status: 200
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 542917d34ebacbc0-VIE
x-robots-tag: noindex, follow

GET
H2 200 cta-loaded.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 0
93 B 218ms
217ms Script
text/plain 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3354902&pg=db7ec7b0-6c73-4af6-86ce-58fe37cec1e0&lt=1575916672916&dt=1575916674917&at=1575916675149&ae=1&sl=1&an=1
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: MISS
server: cloudflare
x-trace: 2B83AD7C7BB5AC08EAAC2F5E0468CE9FBB1EC39A37000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
status: 200
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 542917d3b8abcbc0-VIE
x-robots-tag: noindex, follow

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 258
date: Mon, 09 Dec 2019 18:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 09 Dec 2019 20:33:37 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/ 23 B
587 B 180ms
146ms XHR
application/json 2606:4700::6811:c8cc
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/json?portalId=3354902

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f621a831fe6b7b75cd96e10eb4c80311fff6a3948e4905d12a22032d5ec59b48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 23
server: cloudflare
x-trace: 2B67AFB8735E4A97E30CAC7E6DAF4BA7DDDE8662CD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 542917d65fa859dc-VIE
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 53ms
51ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0caba5f8-036c-4fa7-83d6-166a0180e075&fci=2ea668c7-ed26-4eb2-a388-88865b13d069&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916675532&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&u=85683782.7e16b2692078acc3de74461c2d3139e8.1575916675525.1575916675525.1575916675525.1&b=85683782.1.1575916675526&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542917d6384a59b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 43ms
41ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916675533&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&u=85683782.7e16b2692078acc3de74461c2d3139e8.1575916675525.1575916675525.1575916675525.1&b=85683782.1.1575916675526&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542917d6384959b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 42ms
41ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225d884927-a051-4ae7-b129-94438da0638b%22%2C%22fb289886-7740-4dec-b007-2289ce65cef0%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916675536&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&u=85683782.7e16b2692078acc3de74461c2d3139e8.1575916675525.1575916675525.1575916675525.1&b=85683782.1.1575916675526&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542917d6384859b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
248 B 40ms
40ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22db7ec7b0-6c73-4af6-86ce-58fe37cec1e0%22%2C%226b815f71-4871-41ad-aacf-5e7d6fe412a2%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916675538&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&u=85683782.7e16b2692078acc3de74461c2d3139e8.1575916675525.1575916675525.1575916675525.1&b=85683782.1.1575916675526&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542917d6384659b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
103 B 43ms
43ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c69f2360-4149-4639-aeaa-8672d831cf70%22%2C%22af875b21-6451-48e8-bde7-11e0571e67c0%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916675539&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&u=85683782.7e16b2692078acc3de74461c2d3139e8.1575916675525.1575916675525.1575916675525.1&b=85683782.1.1575916675526&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542917d6384b59b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 cta-loaded.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 0
92 B 198ms
198ms Script
text/plain 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3354902&pg=c69f2360-4149-4639-aeaa-8672d831cf70&lt=1575916672964&dt=1575916674966&at=1575916675546&ae=1&sl=1&an=1
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:55 GMT
cf-cache-status: MISS
server: cloudflare
x-trace: 2B054E1B59A345B9BDD3F13A0BC356C96F19AC6124000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
status: 200
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 542917d639b6cbc0-VIE
x-robots-tag: noindex, follow

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=184010040&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&ul=en-us&de=UTF-8&dt=Operation%20Cobalt%20K...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_gid=712116793.1575916676&gjid=1995091619&_v=j79&z=1684528850
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850&slf_rd=1&random=531190868

42 B
109 B

29ms
29ms

Image
image/gif

2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850&slf_rd=1&random=531190868

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:55 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:37:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=996871893.1575916676&jid=769512199&_v=j79&z=1684528850&slf_rd=1&random=531190868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 28ms
9ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:37:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=18712
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D994281%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Foperation-coba...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742&liSync=true

0
231 B

370ms
370ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:37:56 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: 56HgBd7H3hXQzUrCeCsAAA==

Redirect headers

date: Mon, 09 Dec 2019 18:37:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-tln1
content-length: 20
x-li-uuid: pwVGAN7H3hVgSYjuXCsAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&time=1575916675742&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 perf Show response
www.cybereason.com/_hcms/ 2 B
370 B 215ms
214ms XHR
text/plain 2606:4700::6811:84b4
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_hcms/perf
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:84b4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Origin: https://www.cybereason.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 542917e89c25cbc0-VIE
date: Mon, 09 Dec 2019 18:37:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B34F5CF0F248141750353B28318C677927D4850A7000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
content-length: 2

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
1 KB 163ms
132ms XHR
application/json 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3354902&contentId=5283765824&currentUrl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22366f85aba841c4ff53571e4514bcacdc98f55305f0409ab95c3ea314c4558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Origin: https://www.cybereason.com

Response headers

date: Mon, 09 Dec 2019 18:38:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-ray: 542918115908cbc0-VIE
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
222 B 43ms
43ms Image
image/gif 2606:4700::6810:fd05
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=a325ca4c-77be-436f-b080-20ec8bd3654a&lfi=152417&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=5283765824&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&cpi=5283765824&cgi=5272851739&lpi=5283765824&lvi=5283765824&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Foperation-cobalt-kitty-apt&t=Operation+Cobalt+Kitty%3A+A+large-scale+APT+in+Asia+carried+out+by+the+OceanLotus+Group&cts=1575916685146&vi=7e16b2692078acc3de74461c2d3139e8&nc=true&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fd05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/operation-cobalt-kitty-apt
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:38:05 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 542918123f9c59b2-VIE
content-type: image/gif
content-length: 45
x-robots-tag: none

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.cybereason.com/blog/operation-cobalt-kitty-apt(Line 158) Message: Read time success

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
amplify.outbrain.com
amplifypixel.outbrain.com
analytics.twitter.com
api.hubapi.com
cdn.rawgit.com
cdn2.hubspot.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hsadspixel.net
js.hsleadflows.net
lh3.googleusercontent.com
no-cache.hubspot.com
p.typekit.net
pixel-geo.prfct.co
pixel.prfct.co
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.hotjar.com
staticxx.facebook.com
stats.g.doubleclick.net
t.sf14g.com
tag.marinsm.com
tr.outbrain.com
track.hubspot.com
tracking.leadlander.com
us-u.openx.net
use.typekit.net
vars.hotjar.com
www.cybereason.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
104.244.42.131
147.75.33.111
147.75.85.25
147.75.85.99
151.101.112.157
151.101.12.65
151.101.14.2
151.139.237.11
172.217.22.2
185.33.223.215
216.58.206.2
2606:2800:133:7403:4a68:7eff:710b:1ddf
2606:4700:10::6814:6f27
2606:4700::6810:fd05
2606:4700::6811:4104
2606:4700::6811:46b0
2606:4700::6811:70b0
2606:4700::6811:84b4
2606:4700::6811:c8cc
2606:4700::6811:e7cc
2606:4700::6811:f2cc
2a00:1288:110:c305::a000
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:819::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:821::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9a
2a02:26f0:10c:382::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
2a05:f500:11:101::b93f:9001
34.233.1.29
34.252.172.232
34.95.120.147
54.156.185.237
54.173.179.199
70.42.32.63
72.247.225.215
8.39.36.143
95.100.67.47
0005cf2627e9e54179f90c78bbf355fccafb3907c4ae9e699bc09c4a57d75bf6
008a6b447b38fe87dac9127b3e47c83f89df61e8ac7285a7e86051ee89e99af9
04176ae603be4b3c939214eaa0ca369097e207fd12d0f5ef4358f6345d79067c
0441806287a1e3fe8500453901b800b5849e6625ed0758861d6d56d7470d72f4
07a58803f40da69055153491ec078aba127d5b185dd7ddcae8edde6a9b06aea3
0a14dbbe7e5a2fea61d3eb0edcbc959c9df66f8ab1322051606283f281aacfcd
0d111c83d2520fd8d1ec059493162072af6e97b725aa4b56eb846f09a01f8e9c
0f469248695d5b0f09feac08e6f219ef58cc81b64c4f0d4869b5b0d578ff1fe1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
128cfa4458d1c804e935930664e96ff59b16139513d6492b6ee031916862246e
13c88608140b103dd0eb9040e4466efcb7b0a1d7784bdd802c702e3a25fea222
173db45379b49d9271f8638f9f80936b5e74671a2bbb8376e394090ae9db931e
1a6e3510af52bd4c550e719eef6ae49cfd1ff4be530c8240b4c8233a2860747d
1b0619e6758cd0689fbfc91db4069ca2fcad4fad6871a9a1cd51c8fda62a1b98
1c96f5968df66d4e10f83ef3bb99124ec3d8f8edeedd242a11e75ea31ea9814d
1d0cdf2222d4a2ab92f4b481b289f1d7c6124bf16c87260cd72f6d142871eefd
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2432844517e2dd99a05c54b57aac9aac78553489b6111ace7c3d97b826af19ec
2832d2ff340e31dfb8300ecaf6967737af72f2c8981c895443abc7c6eaeb6993
2854f9e64057ccbcc279bb9300b43877c9e9d2a3845b45c7d2f6bd62f220fdfa
290413fe1d21f4efc20f033f39acc3161043941087be7058a9412b9b4ef3630d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2f472553e57b662518df23b18ed1d12d33cbc8892ee95bbeaec0b7405ca72b59
312c7a4e3e547301e162c0bf3a7788cf8d52caf2668fbafc01351c9185b97ce4
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50
365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc
398f0f13032812fe7c8a09a8b1b6409fc63b13efd83d0da7d45ca89c764fcb6e
3a384c08dee325f9eb1b6300ec90bb7e1bc4468c958d83a3b05e9efb06783099
3fc1bd4c0666cad8d8af42cf8f26c59bc5535b3d907b4db560c7db627e1e5253
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
430a28863e02a8f6d2bfc1dbd5da2253e1c4df03e14436fe2ebf889e39efc1fc
464f98ed0cc4bd0a6f0858a99c60f2e018645009265ed955a0a2eb0f5ca81e00
49310c2bbef8b1017005c144ba10dc0119281a055a6b440451013738f3caeb26
496f753f7e96c1427cf6e11d9c5f822a5f1f46b3c54b7429df9a195fa8362884
4ac5cbeb0f816075f6d5185c24d96e2ac4870eddce1cab84c048ba48cdc35d54
4b293e4c10e7df359f78a8c4f0b5106f2bfa3d8b6de7e43441724849c3734d38
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5751c654f5ba7df4290683d440e82ecfec99fe7b3b1558569723f3dcb520dde4
57a13940c86687fa04a0ff6e89d4a72b221b13ffbfa49d30a0f0f8ed840480f8
5b91b48f4444cc2818966a82275464cec6ebffa7f881ae699d5fcb019fcae28f
5e5ddabd35f97402d15f48071286fe41c7318c30f18670ac36c9592b1b4bc815
5ebbf16975e8957d1e3b765a49226e95711b30af5852c253906c2f171325949b
6419875001ba7406f33a0e0bea1b5535a926caade5074ca6ccef8d8bd2fcdba0
6561b2dd1e1b0f9b2f678dfd01a29e1174ec8ac628405a546e42b717a2d3388b
66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a
6872a6c9c2a917ceeb92fefd3ef73cee7402a56689e1dbddf743b0aaa9e654c8
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6b66955d2f6a8fab43675c6a02f74f5d3914d07121b12396bc9308dbb00d78fe
6bea2f9a81ff3f3fbbf2ec0a87e55d9f3ac4f0175c2c8be4db3aef9ac3d5a4f4
6cb6e2b374547fb610689172469520a25256bb83a70180a443553c9e688ab676
6f874c0c598ebed0993d62f73526322c043050b8c24084b84fa3c2e9a934d147
70d52338fe73e62ffcfa568e9ea399ef0c88783883327b794eace9faa78febf8
71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394
7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384
737df73c5f64436c62c93f3551cde8c10954173b5c3f20757ee6fad3f4ba5863
74d7c1dbadbca5dbef2c1b9b4a54f8c92d1f4d796c5728712c08f1eb201c5aad
75b857fc1e6ed070dffbbbf67e18a4e99ff49d805f5a924a0417ff0138ddf6d8
765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c133f839dd6874c4bcff2352f9b7d3ef09c70e0dfc00cca641115502533e30b
7c73ee67c455428ed57592d1c92e1851394dce413b7f07d00067717cc4126119
7f8863481142e16d051706ac3639ef9f435e017bf3b525cec861165bad6b12aa
816510c8eec0ed49a9ed74df8eacb59ed9029a410dab1d17a022d9c8eabbc77a
86acedd25fc9c29c616b724b6703378906bc08d0cf52587ab72dab24e6d78c61
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
873e61f0825058f6509ee9734967125f0abbf70495da52ed33b32e6ba3513e14
8868a7721fec78d7dad99f462e9d7fe59713ada4ade12fcd9464542872a4c616
93cedef4890d1efc1544e685a348df93bb886abe63058bb35d245fc08aa8b226
9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b
977a4241ca05d005de8cc08be59e4ecbf09ee682e3b14403aa765bb2f34db0f8
97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c
9a55c02888038e59252778d81b592f942ea904c3dca19f539e3376b4a0a0c6b2
9af256cb88b39b1a3b6e36b50a7d7f3215db54331371bb53ed698450672ddcc8
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9baa573e4378873b7ac81ccb1d954ce9bb2b1a933947ad3012263ddc604d8505
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3deff24ed291b80b6bf512407b3b6e9a6bcd19b1ee6de48d4feab64dc44342d
a4aeba3c62a91ed236d5acdc5ea52f5e051801379d306817ad8f4c850e550d2a
a6bee495dc3218ca4385af902d7dd90fec98bb9c9fbae7fda69560c0c3fc1fc0
a6d9d9e6046d227df0c818d934dadd9fadf08687308138b91376258494826f9b
a90f41e11e84c6c6fadb308996f23938f68d1a22af220685948f2780c1aabb80
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acfb645b1ccb57857b0a790439f82f4d503bc87e3fed4a2a2955f31ef32d2b4d
b2537989d9dc5d5f56a3733cd51540acc6e2771deb8fe7b64124f6c252f7bcff
b329852f8f537591d001152e26a1b598ef4e4466fa10d859135843c307d5344e
b45cb384c0bce67cbfe97ffb78913fe0049922279f9985c7c78c2553e6988927
b71a982dad86829660cef46a0467ecf81c34576eece4b297126a552902ef543c
bcaf54bc46707931d5bcfd93e5b1ac50a518dabb1748fb5155353b392f11c2f8
be5238c76400fe2da689c27af8d1827067a5f7d06528e441e3596d7ae236ee1d
c05b9af65a2758f6ca98c4f957a0cc4a7d74609378277f0fd59e7cae41139818
c364200214146a3472c5bda921358178d782760c33320dca356cfeab4353b0e2
c50ea8ca447c397c6c0e7d9ddf41849258bc2e8fdd6d01726d0bfa270bef1e8e
c654dd77760afac0602774d30a217ad457e78d0ccf16b47ec0197759f28d581a
c97f84226687ff84f26c553cb1d0f1271da815f43638a6584baddff362caee77
ca234db9760a511831cef09ee0e3ec29694e5490d593086dc790f69de24e5c0f
caa333db2175837df41125b50f0c0169c55f919427ee2c6992e2566948e9e518
cd7908a80313043ae934d5f599a062460c50f94370cee5dc092e0cb9b8d123ef
d1e54f3fe3290ecc4c8474d7bee91ecdb173921702de9a8f127ac28a18bacdcf
d543f927522ebb939ff22769450138bceee3bf87b1348d9a4aeb47f02ff437f8
d9833c7028a84d1115c8ce874fa24458ecfa1115477cf5b04d5b1c2016276b3f
d9b6d0b3d8d754840e2a97c13b08eaae55a18be673b25af99b08fe5d71b71a0f
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc4eab220fb0aa05a8b49e05ad56de62d684a58de3513024f5d3209dd53898f6
dd8ceda117519ceb6b3e5c6ee13535c329ff91855b065451f5882209730b59ab
e29d306b13e994a485e8b19c7544daf5fb396d35cbf1c6776adafaad5f6b96c8
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb5819ffcef4fe6dfe656774ae8545ef8ff2112df1723cfa5b71ea26fe0510bc
ece8c3e9b0c1e0c1c1400e5d80a70b3db33ac94628701be7d19b6d2e325934e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22366f85aba841c4ff53571e4514bcacdc98f55305f0409ab95c3ea314c4558
f621a831fe6b7b75cd96e10eb4c80311fff6a3948e4905d12a22032d5ec59b48
ff499634fbd1bb5508090af0449aab64d40cb5299dbd1c2e482ad4bb168e1b17

www.cybereason.com Open in urlscan Pro 2606:4700::6811:84b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

139 Requests

100 %HTTPS

53 %IPv6

33 Domains

47 Subdomains

40 IPs

7 Countries

3560 kBTransfer

6061 kBSize

0 Cookies

35 Outgoing links

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cybereason.com Open in urlscan Pro
2606:4700::6811:84b4 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

100 %
HTTPS

53 %
IPv6

33
Domains

47
Subdomains

40
IPs

7
Countries

3560 kB
Transfer

6061 kB
Size

0
Cookies

139 HTTP transactions
1 data transactions