urlscan.io logo urlscan.io
SecurityTrails logo

info.sqrrl.com Open in urlscan Pro
2.20.190.17  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://send.vibriefingdelivers.com/link.php?M=14887579&N=2839&L=2392&F=H
Effective URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Submission: On August 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 5 countries across 17 domains to perform 65 HTTP transactions. The main IP is 2.20.190.17, located in European Union and belongs to AKAMAI-ASN1, US. The main domain is info.sqrrl.com.
This is the only time info.sqrrl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 2.20.190.17 20940 (AKAMAI-ASN1)
12 104.108.36.103 16625 (AKAMAI-AS)
2 94.31.29.55 54104 (AS-NETDNA)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:2800:133... 15133 (EDGECAST)
1 104.196.255.76 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 52.84.32.134 16509 (AMAZON-02)
1 2a00:1450:401... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 88.221.60.45 16625 (AKAMAI-AS)
1 34.199.224.60 14618 (AMAZON-AES)
1 54.225.247.90 14618 (AMAZON-AES)
2 54.231.40.82 16509 (AMAZON-02)
2 52.216.18.96 16509 (AMAZON-02)
3 54.236.214.105 14618 (AMAZON-AES)
65 17
23    2.20.190.17 (European Union)

ASN20940 (AKAMAI-ASN1, US)
info.sqrrl.com
12    104.108.36.103 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-36-103.deploy.static.akamaitechnologies.com
static.hsstatic.net
cdn2.hubspot.net
js.hsforms.net
js.hs-scripts.com
app.hubspot.com
js.hs-analytics.net
2    94.31.29.55 (United Kingdom)

ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.55.IPYX-077437-ZYO.above.net
netdna.bootstrapcdn.com
maxcdn.bootstrapcdn.com
2    2a00:1450:4001:81c::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
ajax.googleapis.com
1    2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
ajax.aspnetcdn.com
1    104.196.255.76 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 76.255.196.104.bc.googleusercontent.com
sqrrl.com
1    2a00:1450:4001:824::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.google-analytics.com
2    2a00:1450:4001:824::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
fonts.googleapis.com
1    52.84.32.134 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-32-134.ewr50.r.cloudfront.net
script.crazyegg.com
1    2a00:1450:401b:801::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.google.de
9    2a00:1450:4001:824::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
fonts.gstatic.com
1    88.221.60.45 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a88-221-60-45.deploy.akamaitechnologies.com
forms.hubspot.com
1    34.199.224.60 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-199-224-60.compute-1.amazonaws.com
api.usemessages.com
1    54.225.247.90 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-247-90.compute-1.amazonaws.com
sample.crazyegg.com
2    54.231.40.82 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com
trk.cetrk.com
2    52.216.18.96 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com
gtrk.s3.amazonaws.com
3    54.236.214.105 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-236-214-105.compute-1.amazonaws.com
track.hubspot.com
Domain Requested by
23 info.sqrrl.com info.sqrrl.com
9 fonts.gstatic.com ajax.googleapis.com
5 cdn2.hubspot.net info.sqrrl.com
static.hsstatic.net
js.hsforms.net
3 track.hubspot.com
3 static.hsstatic.net info.sqrrl.com
2 gtrk.s3.amazonaws.com info.sqrrl.com
2 trk.cetrk.com script.crazyegg.com
info.sqrrl.com
2 fonts.googleapis.com info.sqrrl.com
ajax.googleapis.com
2 ajax.googleapis.com info.sqrrl.com
1 sample.crazyegg.com script.crazyegg.com
1 js.hs-analytics.net js.hs-scripts.com
1 api.usemessages.com js.hs-scripts.com
1 forms.hubspot.com js.hsforms.net
1 app.hubspot.com ajax.googleapis.com
1 www.google.de info.sqrrl.com
1 script.crazyegg.com info.sqrrl.com
1 www.google-analytics.com info.sqrrl.com
1 js.hs-scripts.com info.sqrrl.com
1 js.hsforms.net info.sqrrl.com
1 sqrrl.com info.sqrrl.com
1 ajax.aspnetcdn.com info.sqrrl.com
1 maxcdn.bootstrapcdn.com info.sqrrl.com
1 netdna.bootstrapcdn.com info.sqrrl.com
65 23
Subject Issuer Validity Valid
hubspot.net
DigiCert SHA2 High Assurance Server CA		 2017-08-09 -
2020-01-30		 2 years crt.sh
*.vo.msecnd.net
Microsoft IT SSL SHA2		 2017-07-18 -
2018-04-18		 9 months crt.sh
*.google-analytics.com
Google Internet Authority G2		 2017-08-08 -
2017-10-31		 3 months crt.sh
*.googleapis.com
Google Internet Authority G2		 2017-08-15 -
2017-11-07		 3 months crt.sh
www.google.de
Google Internet Authority G2		 2017-08-15 -
2017-11-07		 3 months crt.sh
*.google.com
Google Internet Authority G2		 2017-08-08 -
2017-10-31		 3 months crt.sh
hubspot.com
DigiCert SHA2 High Assurance Server CA		 2017-04-21 -
2020-01-30		 3 years crt.sh
*.usemessages.com
DigiCert SHA2 High Assurance Server CA		 2015-12-15 -
2017-12-18		 2 years crt.sh
*.crazyegg.com
DigiCert SHA2 Secure Server CA		 2015-04-26 -
2018-06-28		 3 years crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2016-07-29 -
2017-11-29		 a year crt.sh

This page contains 1 frames:

Primary Page: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Frame ID: 24419.1
Requests: 65 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

65
Requests

26 %
HTTPS

35 %
IPv6

17
Domains

23
Subdomains

17
IPs

5
Countries

823 kB
Transfer

1766 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 27
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
Request 35
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896&slf_rd=1&random=1866928500

65 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request practical-threat-hunting
info.sqrrl.com/
Redirect Chain
  • http://sqrl.ly/2ukY5cI
  • http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
 		38 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
b60e73123ff79db4a3ba465232bc0cdab4d321dbeffc5cc6e6ee662daebb2bc3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
X-HS-Cache-Config
BrowserCache-5s-EdgeCache-60s
Content-Type
text/html;charset=UTF-8
Cache-Control
max-age=5
X-HS-Content-Campaign-Id
ad230dcc-a0d1-435c-9f6c-4247afa0a64c
Connection
keep-alive
Access-Control-Allow-Credentials
false
Content-Length
7835
X-HS-Content-Id
5252701655

Redirect headers

Location
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical Threat Hunting Guide&utm_source=VI Briefing
Date
Thu, 24 Aug 2017 20:05:26 GMT
Cache-Control
private, max-age=90
Server
nginx
Connection
keep-alive
Content-Length
204
Content-Type
text/html; charset=utf-8
jquery-1.7.1.js
static.hsstatic.net/jquery-libs/static-1.1/jquery/ 		92 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsstatic.net/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Nov 2014 17:03:30 GMT
Server
AmazonS3
Vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type
application/javascript
Cache-Control
max-age=31536000
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
33187
X-Amz-Cf-Id
TAuPPBz_q5khO-UOvCGxk9BWOLC3l6pnCKBJKe4KlSBmIA5DWL1FgA==
public_common.css
static.hsstatic.net/content_shared_assets/static-1.4043/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.hsstatic.net/content_shared_assets/static-1.4043/css/public_common.css
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2a66878441fb8a0740fa332e6ee7e1c92c23eeb84cb3c209396a8af5c5ecb554

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Aug 2017 17:13:23 GMT
Server
AmazonS3
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Cache-Control
max-age=31536000
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
3018
X-Amz-Cf-Id
frtHbQkBRUMzf9nLSD_lbmoWzIgC5Mc8Ewe_KlHahAvjj2Gil4fkkw==
layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
BTWjqRUnUBwhAAdXiKIoQ.RUb0L6VALj
Content-Encoding
gzip
ETag
"0b0c633d59ab0af9553a98c0e7d97349"
x-amz-request-id
F850FA6E27D04E5A
x-amz-meta-md5-hash
0b0c633d59ab0af9553a98c0e7d97349
Connection
keep-alive
Content-Length
1144
x-amz-id-2
ynDgAyOYFxONDcNsxum5lHgn0jJPLA4SfSocg2tt67pwu4B6g2Rhbrm0AzTE1xdnoUey5x0evmM=
Last-Modified
Thu, 18 May 2017 21:11:43 GMT
Server
AmazonS3
Date
Thu, 24 Aug 2017 20:05:27 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2676082
Accept-Ranges
bytes
Expires
Sun, 24 Sep 2017 19:26:49 GMT
hs_default_custom_style.min.css
info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1500050035629/custom/styles/default/ 		2 KB
681 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1500050035629/custom/styles/default/hs_default_custom_style.min.css
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
060d5ad3f325883c9fea34c0de28f756085d2ea47d43d8b61dd73c9c45540942

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
YY5Ri57u.mmEz4lTr8YwGpyXE6HkT7Eh
Content-Encoding
gzip
Last-Modified
Fri, 14 Jul 2017 16:33:56 GMT
Server
AmazonS3
x-amz-request-id
1D499A45CDE59230
ETag
"c35838a11220fce7d8d5cbc239638ed3"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=482046
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
681
x-amz-id-2
boAP0in4Sqt2qi98lSuIAWPpHR6XHrYV+qyUGteDpyquY7WHI1mrndmras6aCkvOeGwAnQ8J22U=
Expires
Wed, 30 Aug 2017 09:59:33 GMT
Sqrrl_Theme.min.css
info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/ 		34 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/Sqrrl_Theme.min.css
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c3176e361ac71ef869370ea7f5ec17507d1e1533521da416fbb3a06d11c34cd

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
2hSvyXAKF1wtODe9NxqwHO2D.KjlU_7v
Content-Encoding
gzip
Last-Modified
Mon, 23 Dec 2013 17:43:49 GMT
Server
AmazonS3
x-amz-request-id
E770466DBBE062B5
ETag
"a93faadbbe181a307deefd994ebf09e8"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=482088
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6456
x-amz-id-2
Wnc90PmhhBOg0j78tqC0BPBJI0JgneZpDFIE0gPxkbFhVTkCCKJ+meqqAR5ck/hU4k9HaVPFr8g=
Expires
Wed, 30 Aug 2017 10:00:15 GMT
header_style.min.css
info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1480367849880/custom/page/web_page_basic/ 		156 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1480367849880/custom/page/web_page_basic/header_style.min.css
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
694769aa4939ace5d82f4b72d654960ac9911fdd14eaf2565bc382b1b76eec6a

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
l8SQMOUqvwWXqD6169lzJTZ6pm4RgJNd
Content-Encoding
gzip
ETag
"d5e9a724d49799ca464d0fe33afd11e1"
x-amz-request-id
D702D121264CF158
x-amz-meta-md5-hash
d5e9a724d49799ca464d0fe33afd11e1
Connection
keep-alive
Content-Length
29541
x-amz-id-2
18xaeiWl5uPVNpMiOllJhg8+yPAMFdsa24XLsSJHBi9Gwk8EzYhag6Kyjf7S6/5g2G/96+543Rs=
Last-Modified
Mon, 28 Nov 2016 21:17:30 GMT
Server
AmazonS3
Date
Thu, 24 Aug 2017 20:05:27 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=482068
Accept-Ranges
bytes
Expires
Wed, 30 Aug 2017 09:59:55 GMT
bootstrap.min.css
netdna.bootstrapcdn.com/bootstrap/3.1.1/css/ 		98 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
94.31.29.55 , United Kingdom, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS
94.31.29.55.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Feb 2014 17:33:55 GMT
Server
NetDNA-cache/2.2
Connection
keep-alive
ETag
W/"8a7442ca6bedd62cec4881040b9a9e83"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31104000
Transfer-Encoding
chunked
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Expires
Sun, 19 Aug 2018 20:05:27 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
94.31.29.55 , United Kingdom, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS
94.31.29.55.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Jan 2015 19:53:38 GMT
Server
NetDNA-cache/2.2
Connection
keep-alive
ETag
W/"04425bbdc6243fc6e54bf8984fe50330"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31104000
Transfer-Encoding
chunked
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Expires
Sun, 19 Aug 2018 20:05:27 GMT
style.css
info.sqrrl.com/wp-content/themes/sqrrl/assets/stylesheets/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/stylesheets/style.css?ver=1457018229
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
X-Trace
1B44709DFBF2BD889138254E1238F2203484C34C7F2751156CFBBB8720
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
jquery.fancybox.css
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/jquery.fancybox.css?ver=1412711232
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
hubspot.css
info.sqrrl.com/wp-content/plugins/hubspot/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/plugins/hubspot/css/hubspot.css?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3426
modernizr-2.6.2.min.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/vendor/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/vendor/modernizr-2.6.2.min.js?ver=1412711233
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3429
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Tue, 22 Aug 2017 18:30:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
178525
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
32954
X-XSS-Protection
1; mode=block
Expires
Wed, 22 Aug 2018 18:30:02 GMT
hoverintent.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/plugins/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/plugins/hoverintent.js?ver=1412711233
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3425
jquery.fancybox.pack.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/jquery.fancybox.pack.js?ver=1412711232
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3428
jquery.validate.min.js
ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frb/67EA) /
Resource Hash
7705fee13417229d718f14947e9860d5bb2b25bd15c9f5cd834f2545c7bad0a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date
Thu, 24 Aug 2017 20:05:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT
status
200
content-length
6367
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:42:28 GMT
server
ECAcc (frb/67EA)
etag
"08a7370d033d21:0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
jquery.fancybox-media.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/helpers/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/helpers/jquery.fancybox-media.js?ver=1412711238
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
buttons.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/buttons.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
logo.jpg
sqrrl.com/assets/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://sqrrl.com/assets/img/logo.jpg
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
104.196.255.76 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
76.255.196.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
a6940f4b3c79ca2c334c38f8b23ca047d47b50bea2ee5f5d303c29443e32a7dd

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-Type
static/known
Date
Thu, 24 Aug 2017 20:05:27 GMT
Last-Modified
Thu, 23 Mar 2017 05:37:54 GMT
Server
nginx
ETag
"58d35f32-b4d"
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
2893
hunt-evil.png
info.sqrrl.com/hs-fs/hubfs/ 		319 KB
319 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hubfs/hunt-evil.png?t=1503344849728&width=530&height=701&name=hunt-evil.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea572637faa6e045a661b4be290e6b8af2bd21c1a725cc016ee215abb8fc20a0

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
.q8Mbrq43B.m1DiCcwVd_kQ6JJoirF.2
Last-Modified
Thu, 13 Jul 2017 16:34:15 GMT
Server
AmazonS3
x-amz-request-id
EC8DF166A323CF7F
ETag
"97e5f5b361eb5825b66580deb47b794d"
Content-Type
image/png
Cache-Control
max-age=1296000
Date
Thu, 24 Aug 2017 20:05:28 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
326616
x-amz-id-2
fQrxJKHBSr+ad4Mlaame/bwqja95z+3wxvmyJQ5Ocg80lZLpYdbizhIWtvdUeheWzJgxNK01KGE=
Expires
Fri, 08 Sep 2017 20:05:28 GMT
twitter.png
info.sqrrl.com/hs-fs/hub/305377/file-357936783-png/images/ 		978 B
978 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/file-357936783-png/images/twitter.png?t=1503344849728&width=26&height=29&name=twitter.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54a806d7a8abe1ce37afda6b8fc437f304f2709c1efebc38183b5fb077258144

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
bAR4LM2WhqR0wfJDuNBdJ6G59RkMbe8_
Last-Modified
Thu, 24 Oct 2013 13:52:22 GMT
Server
AmazonS3
x-amz-request-id
4C42E3E718F1647E
ETag
"643428087bc2392fdefadd2c35542a30"
Content-Type
image/png
Cache-Control
max-age=1186623
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
978
x-amz-id-2
kzZ2vpo+bJCmfS119RsFdCWU5xcSP5KaMN0qwOb+aZnRfFTG7e5y4c/RnLw2bcRy3rlgzPdHiRo=
Expires
Thu, 07 Sep 2017 13:42:30 GMT
facebook.png
info.sqrrl.com/hs-fs/hub/305377/file-356838029-png/images/ 		944 B
944 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/file-356838029-png/images/facebook.png?t=1503344849728&width=26&height=29&name=facebook.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c09794a6bd837aa5da0a75fd049d739f469d41a7398943e27f12eca88f537866

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
S27AurrUOmiaywjYD2fin4T1vwGYjVl.
Last-Modified
Thu, 24 Oct 2013 13:52:23 GMT
Server
AmazonS3
x-amz-request-id
A3ACD3A48764BD33
ETag
"4c9abc1477d3c3e4b9d0ac49c47c1bf5"
Content-Type
image/png
Cache-Control
max-age=1186667
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
944
x-amz-id-2
9wMDdgBnP0X9caESrUFK2GM2tBhbdVawFp5q7TCuWUbKO0QDvc1+CRynCJ6N/lbacEEC1k7Xmho=
Expires
Thu, 07 Sep 2017 13:43:14 GMT
googleplus.png
info.sqrrl.com/hs-fs/hub/305377/file-356828559-png/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/file-356828559-png/images/googleplus.png?t=1503344849728&width=26&height=29&name=googleplus.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ec8c5d245d604cecf2f7b08af0bb88d152d2175ca1f7943d8df4b4bf13cd86b8

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
YcZchgDSxHptNHfpsRfXBO1slemPJjRW
Last-Modified
Thu, 24 Oct 2013 13:52:22 GMT
Server
AmazonS3
x-amz-request-id
A048CE47FD5FE9E6
ETag
"a76f33981fa82314cfdf416c1f6ceb84"
Content-Type
image/png
Cache-Control
max-age=1259204
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1156
x-amz-id-2
uV1qFeG9+k7PVerFDxNdv4WXaDM1ILxpCHyLszJctMH4yQbWUfrHynDibMnhoxOg1C/XoKVgjlE=
Expires
Fri, 08 Sep 2017 09:52:11 GMT
linkedin.png
info.sqrrl.com/hs-fs/hub/305377/file-357947118-png/images/ 		1010 B
1010 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/file-357947118-png/images/linkedin.png?t=1503344849728&width=26&height=29&name=linkedin.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b680bd5e0cf89f1cf642ddf966ae2b1170fe0208c0f8b907b20b4e1eedc1895f

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
0ZrjsZfkGFXgxcpW36.ec4_GvOur4nHr
Last-Modified
Thu, 24 Oct 2013 13:52:23 GMT
Server
AmazonS3
x-amz-request-id
455A70E3BABE7CDA
ETag
"bfaa587ad0ba3220988eeebea05411a5"
Content-Type
image/png
Cache-Control
max-age=1186676
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1010
x-amz-id-2
o5suU/WNEHllMY3FCtZ6Lqs6NpqXokOwKvrpEE7WcjE5HuSnmWQTjmAHKWHs2FzzrCsdEGl77/8=
Expires
Thu, 07 Sep 2017 13:43:23 GMT
public_common.js
static.hsstatic.net/content_shared_assets/static-1.4043/js/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsstatic.net/content_shared_assets/static-1.4043/js/public_common.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5954779c1d16bb91d9b5d063c9f0360a1794ca6eccc47563e3c9628795722eb6

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Aug 2017 17:13:24 GMT
Server
AmazonS3
Vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type
application/javascript
Cache-Control
max-age=31536000
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
11168
X-Amz-Cf-Id
UlG_gSaaUUPsYl8_1e4DtiAeX09kvTMuVp49BSuUYkB81ROMDoUbLA==
v2.js
js.hsforms.net/forms/ 		299 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
3659875c8d4f613af0c748450bf6489527f853512c4a4472dbd8168a3b1de937

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
wiZo439AWbgM.RdPuhiJN402e44GMlp.
Content-Encoding
gzip
Last-Modified
Wed, 23 Aug 2017 14:18:22 GMT
Server
AmazonS3
Date
Thu, 24 Aug 2017 20:05:27 GMT
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=600
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-Is-Using-CloudFront
Yup, Yup
Content-Length
83211
X-Amz-Cf-Id
Yekf6DLgsUW56eGoOOUDaZc2T2Ey_dDl4dMF9gcszw7piEDSnK0btg==
Expires
Thu, 24 Aug 2017 20:15:27 GMT
305377.js
js.hs-scripts.com/ 		1 KB
431 B 		Script
General
Check archive.org
Download Go to
Full URL
http://js.hs-scripts.com/305377.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ae5e8f1f33af5c8203d686f11b86843215c4bae39ffd2f1029609efd516dd259

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
102, 102
Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-EdgeConnect-MidMile-RTT
0, 0
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
http://info.sqrrl.com
Access-Control-Max-Age
3600
Cache-Control
public, max-age=15
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
431
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
 		32 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Aug 2017 01:11:09 GMT
server
Golfe2
age
3021
date
Thu, 24 Aug 2017 19:15:06 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
13472
expires
Thu, 24 Aug 2017 21:15:06 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 04 Aug 2017 16:28:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
1741017
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5437
X-XSS-Protection
1; mode=block
Expires
Sat, 04 Aug 2018 16:28:30 GMT
css
fonts.googleapis.com/ 		1 KB
452 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
ESF /
Resource Hash
6a2e4df67c895fe6f63a2bcc02a51049c248dca3bb469d622bd8b49b97b8cb08
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date
Thu, 24 Aug 2017 20:05:27 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection
1; mode=block
expires
Thu, 24 Aug 2017 20:05:27 GMT
wp-emoji-release.min.js
info.sqrrl.com/wp-includes/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.10
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3426
1148.js
script.crazyegg.com/pages/scripts/0068/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://script.crazyegg.com/pages/scripts/0068/1148.js?417668
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
52.84.32.134 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-32-134.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3d4df34a7cf5088c6a63006c97dcc5639ca323396571a05e36c73f751ba13757

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Wed, 23 Aug 2017 11:11:05 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Aug 2017 19:42:59 GMT
Server
AmazonS3
Age
1642
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 fda67c020b3c631c975bccffd2891599.cloudfront.net (CloudFront)
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
4UlQbmag4MPP0raHQAge6G5KNNad46ylU36Bee3vQdyOtG0bVS-E2g==
shapeback.jpg
info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1480367849880/custom/page/img/ 		243 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1480367849880/custom/page/img/shapeback.jpg
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2e50bc3b8703e8f8503283d98410dfcb9f88f82e142513388d21307ddb992d5a

Request headers

Referer
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/template_assets/1480367849880/custom/page/web_page_basic/header_style.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
Server
AmazonS3
x-amz-request-id
C51B356F3EE16514
Content-Type
application/xml
Cache-Control
max-age=1295991
Connection
keep-alive
Content-Length
243
x-amz-id-2
45nqWbSXkS8NBX+CWgx3VwQMuRKjBIv5TvLy0VQnCcgCr+7W7gfQT4ivHJ1pYW/G9qcynT4awxM=
Expires
Fri, 08 Sep 2017 20:05:19 GMT
header-bg.png
cdn2.hubspot.net/hub/305377/file-359385511-png/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hub/305377/file-359385511-png/images/header-bg.png
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
3764a04b8323378f3a42719326abed2533ba9830c070272bbfd34ce4deba89bb

Request headers

Referer
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/Sqrrl_Theme.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
93
x-amz-version-id
Wn7xEpZ3tGDvyAtQcbwSOV15JH37ZQXm
Last-Modified
Thu, 24 Oct 2013 12:13:26 GMT
Server
AmazonS3
x-amz-request-id
33BBF0BFEEF885A7
X-EdgeConnect-MidMile-RTT
0
ETag
"31a5e1baafd67828c98965a0724a88ff"
Content-Type
image/png
Cache-Control
max-age=2678374
Date
Thu, 24 Aug 2017 20:05:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2851
x-amz-id-2
3qYx7UUhiikMpVFfWFu6U/U4+4w0Dnhyf7xR1/vIp1yD4jttVb7uErskCSbfP54SQWhN7miZ0BQ=
Expires
Sun, 24 Sep 2017 20:05:01 GMT
css
fonts.googleapis.com/ 		1 KB
438 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
ESF /
Resource Hash
607658f298b81b71cb2cfd3dd5580e78939399781684f2a272c0b8e19c6d0080
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
Server
ESF
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400
Transfer-Encoding
chunked
Timing-Allow-Origin
*
X-XSS-Protection
1; mode=block
Expires
Thu, 24 Aug 2017 20:05:27 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896&slf_rd=1&random=1866928500
 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896&slf_rd=1&random=1866928500
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:401b:801::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Aug 2017 20:05:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 24 Aug 2017 20:05:27 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-39119828-1&cid=324801841.1503605128&jid=1648503204&_v=j60&z=1330642896&slf_rd=1&random=1866928500
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
zN7GBFwfMP4uA6AR0HCoLQ.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v16/zN7GBFwfMP4uA6AR0HCoLQ.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
0ee48f40589f0b380a590b6b153f923fb4bad7242ad4c7620badf1ce1d7f437a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Origin
http://info.sqrrl.com

Response headers

date
Thu, 03 Aug 2017 12:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1840797
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
19371
x-xss-protection
1; mode=block
last-modified
Mon, 17 Apr 2017 21:22:18 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Aug 2018 12:45:30 GMT
zN7GBFwfMP4uA6AR0HCoLQ.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/zN7GBFwfMP4uA6AR0HCoLQ.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
0ee48f40589f0b380a590b6b153f923fb4bad7242ad4c7620badf1ce1d7f437a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Thu, 03 Aug 2017 11:55:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:22:18 GMT
Server
sffe
Age
1843787
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
19371
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Aug 2018 11:55:40 GMT
Jzo62I39jc0gQRrbndN6nfesZW2xOQ-xsNqO47m55DA.ttf
fonts.gstatic.com/s/roboto/v16/ 		34 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/Jzo62I39jc0gQRrbndN6nfesZW2xOQ-xsNqO47m55DA.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
8f464df57b13d05f2ce593e95be39e39983c89b973a06d5f7f9961cc99d6d47d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Thu, 03 Aug 2017 17:49:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:21:34 GMT
Server
sffe
Age
1822550
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
19475
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Aug 2018 17:49:37 GMT
d-6IYplOFocCacKzxwXSOKCWcynf_cDxXwCLxiixG1c.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v16/d-6IYplOFocCacKzxwXSOKCWcynf_cDxXwCLxiixG1c.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
debc919203bb020d13504dc0c99a3b2deab9cb3202b05d8ef261afc7e95c4405
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Origin
http://info.sqrrl.com

Response headers

date
Thu, 03 Aug 2017 20:03:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1814492
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
19338
x-xss-protection
1; mode=block
last-modified
Mon, 17 Apr 2017 21:22:30 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Aug 2018 20:03:55 GMT
d-6IYplOFocCacKzxwXSOKCWcynf_cDxXwCLxiixG1c.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/d-6IYplOFocCacKzxwXSOKCWcynf_cDxXwCLxiixG1c.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
debc919203bb020d13504dc0c99a3b2deab9cb3202b05d8ef261afc7e95c4405
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Thu, 03 Aug 2017 12:45:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:22:30 GMT
Server
sffe
Age
1840800
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
19338
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Aug 2018 12:45:27 GMT
RxZJdnzeo3R5zSexge8UUaCWcynf_cDxXwCLxiixG1c.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/RxZJdnzeo3R5zSexge8UUaCWcynf_cDxXwCLxiixG1c.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
cd67a3eca7e0725d6f3620b69d09e8d1c2e988d2715b480bc14d3dcb6b9d0937
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Thu, 03 Aug 2017 15:27:58 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:21:21 GMT
Server
sffe
Age
1831049
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
19492
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Aug 2018 15:27:58 GMT
Hgo13k-tfSpn0qi1SFdUfaCWcynf_cDxXwCLxiixG1c.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v16/Hgo13k-tfSpn0qi1SFdUfaCWcynf_cDxXwCLxiixG1c.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
3c7e131eb393f829851955a1cd4b6cac3acc15ec35e237b6e24bf219d1e2e03f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i
Origin
http://info.sqrrl.com

Response headers

date
Wed, 16 Aug 2017 02:46:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
753550
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
19435
x-xss-protection
1; mode=block
last-modified
Mon, 17 Apr 2017 21:21:36 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Aug 2018 02:46:17 GMT
Hgo13k-tfSpn0qi1SFdUfaCWcynf_cDxXwCLxiixG1c.ttf
fonts.gstatic.com/s/roboto/v16/ 		33 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/Hgo13k-tfSpn0qi1SFdUfaCWcynf_cDxXwCLxiixG1c.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
3c7e131eb393f829851955a1cd4b6cac3acc15ec35e237b6e24bf219d1e2e03f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Tue, 15 Aug 2017 21:34:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:21:36 GMT
Server
sffe
Age
772243
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
19435
X-XSS-Protection
1; mode=block
Expires
Wed, 15 Aug 2018 21:34:44 GMT
bmC0pGMXrhphrZJmniIZpZ0EAVxt0G0biEntp43Qt6E.ttf
fonts.gstatic.com/s/roboto/v16/ 		35 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/roboto/v16/bmC0pGMXrhphrZJmniIZpZ0EAVxt0G0biEntp43Qt6E.ttf
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
610ea75c21e6c2f3ed33bf3930b856b8f737f05a41a67d81df49f94922f2417c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer
http://fonts.googleapis.com/css?family=Roboto:400,100,700,500,300,900italic&subset=latin
Origin
http://info.sqrrl.com

Response headers

Date
Thu, 03 Aug 2017 13:01:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 17 Apr 2017 21:22:29 GMT
Server
sffe
Age
1839864
Vary
Accept-Encoding
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
21125
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Aug 2018 13:01:03 GMT
hoverintent.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/plugins/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/plugins/hoverintent.js?ver=1412711233
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3425
jquery.fancybox.pack.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/jquery.fancybox.pack.js?ver=1412711232
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3428
jquery.fancybox-media.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/helpers/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/fancybox/helpers/jquery.fancybox-media.js?ver=1412711238
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
buttons.js
info.sqrrl.com/wp-content/themes/sqrrl/assets/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://info.sqrrl.com/wp-content/themes/sqrrl/assets/js/buttons.js
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
2.20.190.17 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:27 GMT
Content-Encoding
gzip
X-HS-Reason
No view mapper found to handle request
Vary
Accept-Encoding
X-HubSpot-NotFound
true
Content-Type
text/html;charset=UTF-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
3427
shapeback.jpg
cdn2.hubspot.net/hub/305377/file-356639814-jpg/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hub/305377/file-356639814-jpg/images/shapeback.jpg
Requested by
Host: static.hsstatic.net
URL: https://static.hsstatic.net/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7f008e39cb5cfe91982148a996bcb8b0f805ea7bddf2f262a2ac6951781bcb3e

Request headers

Referer
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/Sqrrl_Theme.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
128, 93, 95
x-amz-version-id
L48Fu8WIt2lYBiAF1jV5X7rB_Gu7t0mJ
Last-Modified
Thu, 24 Oct 2013 10:44:23 GMT
Server
AmazonS3
x-amz-request-id
F23AE1ADE574893D
X-EdgeConnect-MidMile-RTT
0, 1, 0
ETag
"1887d71440beac7a0b47e40482c56117"
Content-Type
image/jpeg
Cache-Control
max-age=2678244
Date
Thu, 24 Aug 2017 20:05:28 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1962
x-amz-id-2
m4SRDPwaWC4rAw1gflo4fR85xbJnc3UncOpkTCDHxSdpCmFci0DyPy/iOCZMukCC04CYDSycPsU=
Expires
Sun, 24 Sep 2017 20:02:52 GMT
footer-top.png
cdn2.hubspot.net/hub/305377/file-357807019-png/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hub/305377/file-357807019-png/images/footer-top.png
Requested by
Host: static.hsstatic.net
URL: https://static.hsstatic.net/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c21c3cf66cc16869fe00b0aa2eb05f5f90df8aad410e5a8d143a5f0fb4863c64

Request headers

Referer
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/Sqrrl_Theme.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
95, 94, 99
x-amz-version-id
AM7kqsOJhWOUiEtz062ZY..kIwaQ3cPh
Last-Modified
Fri, 25 Oct 2013 04:26:51 GMT
Server
AmazonS3
x-amz-request-id
F1A157F8DFE2A813
X-EdgeConnect-MidMile-RTT
0, 1, 0
ETag
"2c2f1e0e110f8564641cf3cdf9c710bc"
Content-Type
image/png
Cache-Control
max-age=2678360
Date
Thu, 24 Aug 2017 20:05:28 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2911
x-amz-id-2
ky8dIXbyX/hrr4gNlkHPwLNhE6FazY4L94RYM+zEL1iokugxlXXAzDK7EjjvGwJSLFjqnpPSRxM=
Expires
Sun, 24 Sep 2017 20:04:48 GMT
has-permission
app.hubspot.com/content/api/v4/tools-menu/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content/api/v4/tools-menu/has-permission?portalId=305377&callback=jQuery110204941234230049998_1503605127829&_=1503605127830
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js?ver=4.2.10
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 24 Aug 2017 20:05:28 GMT
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Expires
Thu, 24 Aug 2017 20:05:28 GMT
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
34faeb84-cf85-49f9-9709-a0e5b8be2294
forms.hubspot.com/embed/v3/form/305377/ 		7 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/embed/v3/form/305377/34faeb84-cf85-49f9-9709-a0e5b8be2294?callback=hs_reqwest_0&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.60.45 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a88-221-60-45.deploy.akamaitechnologies.com
Software
/
Resource Hash
f79cf0f3c227de1e1d3a9dfe0539525d21e21897366c0dd0848b264e6af4136d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 24 Aug 2017 20:05:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Content-Disposition
attachment; filename=no-rfd.txt
Connection
keep-alive
Content-Length
1460
Expires
Thu, 24 Aug 2017 20:05:28 GMT
305377.js
api.usemessages.com/messages/v2/embed/ 		21 B
52 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.usemessages.com/messages/v2/embed/305377.js
Requested by
Host: js.hs-scripts.com
URL: http://js.hs-scripts.com/305377.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.199.224.60 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-224-60.compute-1.amazonaws.com
Software
/
Resource Hash
567e5358968a212b44d941542a3168db060dfb5b55e2cbe58d4a6ef81eba7977

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
305377.js
js.hs-analytics.net/analytics/1503605100000/ 		62 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://js.hs-analytics.net/analytics/1503605100000/305377.js
Requested by
Host: js.hs-scripts.com
URL: http://js.hs-scripts.com/305377.js
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
130e4e9183e7e543e1f819de240c2865ce962ec73bb2e6bbd739d083e5cc3dc4

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
ETag
W/"685a25e694bbe51454bd5271b7d794e1"
x-amz-request-id
5FC5CDA8DA708629
x-amz-meta-md5-hash
685a25e694bbe51454bd5271b7d794e1
Connection
keep-alive
Content-Length
21842
x-amz-id-2
Q51q2EpuVGSwpk+tGfd7AmkuBitf5wFfdn/r/aGokQ/DIuG4sZD4z4ioGXzQMDq1sod9HPuXVt4=
Last-Modified
Mon, 21 Aug 2017 04:00:15 GMT
Server
nginx
Date
Thu, 24 Aug 2017 20:05:28 GMT
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, max-age=300
Access-Control-Allow-Credentials
false
Expires
Thu, 24 Aug 2017 20:10:28 GMT
268313
sample.crazyegg.com/n/681148/ 		31 B
31 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sample.crazyegg.com/n/681148/268313?t=u&callback=CE2.recording.sampleResult&ts=j6qvo5z5
Requested by
Host: script.crazyegg.com
URL: http://script.crazyegg.com/pages/scripts/0068/1148.js?417668
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.225.247.90 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-225-247-90.compute-1.amazonaws.com
Software
nginx/1.10.2 /
Resource Hash
6bc85fe9e543e5f498e951d1a9ebb5a92386c31293aa045ed440fc152f98fe2e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
X-Content-Type-Options
nosniff
Server
nginx/1.10.2
Connection
keep-alive
Content-Length
31
Content-Type
text/javascript;charset=utf-8
t.js
trk.cetrk.com/8/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://trk.cetrk.com/8/t.js?s=2424499&t=1503605128002
Requested by
Host: script.crazyegg.com
URL: http://script.crazyegg.com/pages/scripts/0068/1148.js?417668
Protocol
HTTP/1.1
Server
54.231.40.82 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
5c3105f2dbd880e0f1f8bdaadc49950d163fedf0539d300759fb5405c7eee444

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:29 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Jul 2017 06:45:10 GMT
Server
AmazonS3
x-amz-request-id
88755C527AB96EFF
ETag
"43ee36b15cb11434dda67d52294713a8"
Content-Type
application/x-javascript
Accept-Ranges
bytes
Content-Length
8047
x-amz-id-2
tWSs8AMt1/xUWOYHAC3zFGNv6PDVdYF3bbXkF52u4BdCOgWEh2dLORVeIiAi7o5dVn6UsTReGqs=
s
gtrk.s3.amazonaws.com/ 		32 B
32 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrk.s3.amazonaws.com/s?u=681148&t=ov7h53
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
52.216.18.96 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:29 GMT
Last-Modified
Tue, 09 Feb 2016 23:57:19 GMT
Server
AmazonS3
x-amz-request-id
7B00CAD0796E6A5F
ETag
"776f5f447e5e03b50f3bc4d4ec78daaa"
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
32
x-amz-id-2
LeBqvAMT+bZVdUNUk73emJKB36LRlZMu1ltZRAlTM3EHH31FmHihsbLnccTp4P9f/F9LtzkpRmU=
u
gtrk.s3.amazonaws.com/ 		32 B
32 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrk.s3.amazonaws.com/u?u=681148&t=ov7h53
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.18.96 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:29 GMT
Last-Modified
Tue, 09 Feb 2016 23:57:32 GMT
Server
AmazonS3
x-amz-request-id
45D42B71D5DD6BA7
ETag
"776f5f447e5e03b50f3bc4d4ec78daaa"
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
32
x-amz-id-2
XiP/cU8I2ijgctMj1FKDmOd9ScsA2BxVK65PeIg51f7eURoxh1PRcxHC3ntk17VXkKvesTODZVU=
button-bg.png
cdn2.hubspot.net/hub/305377/file-356632344-png/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn2.hubspot.net/hub/305377/file-356632344-png/images/button-bg.png
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
HTTP/1.1
Server
104.108.36.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-36-103.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3f4d99554abfed86d8bb644f7e2fb5c7ae8e784aa80d416e57739b9bc17e11c

Request headers

Referer
http://info.sqrrl.com/hs-fs/hub/305377/hub_generated/style_manager/1387820628141/custom/page/custom-stylemanager/Sqrrl_Theme.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
94, 94
x-amz-version-id
HYzSRQ0eQvUh9S4EnMS6y1D7S1jjtAQl
Last-Modified
Thu, 24 Oct 2013 10:55:37 GMT
Server
AmazonS3
x-amz-request-id
2029E54452C77B8A
X-EdgeConnect-MidMile-RTT
0, 0
ETag
"0d3f139969de84d55c5abf40ddc7c5f1"
Content-Type
image/png
Cache-Control
max-age=2678346
Date
Thu, 24 Aug 2017 20:05:28 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2855
x-amz-id-2
nm/0uq/0Y7G/03upAw0mUjdHDTCThqUKAsme3YVn1lz68Rj8M4atln8pgTCbIf9VHMtXHalZ4c4=
Expires
Sun, 24 Sep 2017 20:04:34 GMT
s
trk.cetrk.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trk.cetrk.com/s?2424499&1503605128&AACwBPd-p4MqAAEJARICvQIAAA1odW50LWV2aWwucG5nYGluZm8uc3FycmwuY29tL2hzLWZzL2h1YmZzL2h1bnQtZXZpbC5wbmc_dD0xNTAzMzQ0ODQ5NzI4JndpZHRoPTUzMCZoZWlnaHQ9NzAxJm5hbWU9aHVudC1ldmlsLnBuZwA
Requested by
Host: info.sqrrl.com
URL: http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
Protocol
HTTP/1.1
Server
54.231.40.82 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:29 GMT
Last-Modified
Mon, 28 Feb 2011 02:42:53 GMT
Server
AmazonS3
x-amz-request-id
E87470A6A270A0E6
ETag
"325472601571f31e1bf00674c368d335"
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
43
x-amz-id-2
x9uBV/J17exzv51ImI3ldSguWcYx5hHaOr4UZokGKg7jrM8rC7UgNYygXyn0R/4ed3EsgCtJ5iI=
__ptq.gif
track.hubspot.com/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://track.hubspot.com/__ptq.gif?k=15&fi=34faeb84-cf85-49f9-9709-a0e5b8be2294&fci=f52ebcf9-69f7-4ed3-8b1b-146cc94beb69&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=398341404&v=1.1&a=305377&pi=5252701655&ct=landing-page&ccu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&rcu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&cpi=5252701655&lpi=5252701655&lvi=5252701655&t=Your+Practical+Guide+to+Threat+Hunting&cts=1503605128746&vi=a0ef41224e424af4b70d36bd699929ce&nc=true&u=149536873.a0ef41224e424af4b70d36bd699929ce.1503605128739.1503605128739.1503605128739.1&b=149536873.1.1503605128739
Protocol
HTTP/1.1
Server
54.236.214.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-236-214-105.compute-1.amazonaws.com
Software
/
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
P3P
CP="NOI CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
no-cache, no-store, no-transform
Access-Control-Allow-Credentials
false
Connection
keep-alive
X-Robots-Tag
none
Content-Length
45
__ptq.gif
track.hubspot.com/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://track.hubspot.com/__ptq.gif?k=17&fi=34faeb84-cf85-49f9-9709-a0e5b8be2294&fci=f52ebcf9-69f7-4ed3-8b1b-146cc94beb69&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=398341404&v=1.1&a=305377&pi=5252701655&ct=landing-page&ccu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&rcu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&cpi=5252701655&lpi=5252701655&lvi=5252701655&t=Your+Practical+Guide+to+Threat+Hunting&cts=1503605128747&vi=a0ef41224e424af4b70d36bd699929ce&nc=true&u=149536873.a0ef41224e424af4b70d36bd699929ce.1503605128739.1503605128739.1503605128739.1&b=149536873.1.1503605128739
Protocol
HTTP/1.1
Server
54.236.214.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-236-214-105.compute-1.amazonaws.com
Software
/
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
P3P
CP="NOI CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
no-cache, no-store, no-transform
Access-Control-Allow-Credentials
false
Connection
keep-alive
X-Robots-Tag
none
Content-Length
45
__ptq.gif
track.hubspot.com/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=398341404&v=1.1&a=305377&pi=5252701655&ct=landing-page&ccu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&rcu=http%3A%2F%2Finfo.sqrrl.com%2Fpractical-threat-hunting&cpi=5252701655&lpi=5252701655&lvi=5252701655&t=Your+Practical+Guide+to+Threat+Hunting&cts=1503605128748&vi=a0ef41224e424af4b70d36bd699929ce&nc=true&u=149536873.a0ef41224e424af4b70d36bd699929ce.1503605128739.1503605128739.1503605128739.1&b=149536873.1.1503605128739
Protocol
HTTP/1.1
Server
54.236.214.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-236-214-105.compute-1.amazonaws.com
Software
/
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
http://info.sqrrl.com/practical-threat-hunting?utm_campaign=Practical%20Threat%20Hunting%20Guide&utm_source=VI%20Briefing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Thu, 24 Aug 2017 20:05:28 GMT
P3P
CP="NOI CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
no-cache, no-store, no-transform
Access-Control-Allow-Credentials
false
Connection
keep-alive
X-Robots-Tag
none
Content-Length
45

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Domain/Path Name / Value
.sqrrl.com/ Name: hubspotutk
Value: a0ef41224e424af4b70d36bd699929ce
.sqrrl.com/ Name: __hssc
Value: 149536873.1.1503605128739
.sqrrl.com/ Name: __hssrc
Value: 1
.sqrrl.com/ Name: __hstc
Value: 149536873.a0ef41224e424af4b70d36bd699929ce.1503605128739.1503605128739.1503605128739.1
.info.sqrrl.com/ Name: _ceg.u
Value: ov7h53
.info.sqrrl.com/ Name: _ceir
Value: 1
.sqrrl.com/ Name: _gat
Value: 1
.sqrrl.com/ Name: _gid
Value: GA1.2.2052085731.1503605128
.info.sqrrl.com/ Name: _ceg.s
Value: ov7h53
.sqrrl.com/ Name: _ga
Value: GA1.2.324801841.1503605128

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
ajax.googleapis.com
api.usemessages.com
app.hubspot.com
cdn2.hubspot.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
gtrk.s3.amazonaws.com
info.sqrrl.com
js.hs-analytics.net
js.hs-scripts.com
js.hsforms.net
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
sample.crazyegg.com
script.crazyegg.com
sqrrl.com
static.hsstatic.net
track.hubspot.com
trk.cetrk.com
www.google-analytics.com
www.google.de
104.108.36.103
104.196.255.76
2.20.190.17
2606:2800:133:206e:1315:22a5:2006:24fd
2a00:1450:4001:81c::200a
2a00:1450:4001:824::2003
2a00:1450:4001:824::200a
2a00:1450:4001:824::200e
2a00:1450:401b:801::2003
34.199.224.60
52.216.18.96
52.84.32.134
54.225.247.90
54.231.40.82
54.236.214.105
88.221.60.45
94.31.29.55
060d5ad3f325883c9fea34c0de28f756085d2ea47d43d8b61dd73c9c45540942
0ee48f40589f0b380a590b6b153f923fb4bad7242ad4c7620badf1ce1d7f437a
130e4e9183e7e543e1f819de240c2865ce962ec73bb2e6bbd739d083e5cc3dc4
2a66878441fb8a0740fa332e6ee7e1c92c23eeb84cb3c209396a8af5c5ecb554
2e50bc3b8703e8f8503283d98410dfcb9f88f82e142513388d21307ddb992d5a
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
3659875c8d4f613af0c748450bf6489527f853512c4a4472dbd8168a3b1de937
3764a04b8323378f3a42719326abed2533ba9830c070272bbfd34ce4deba89bb
3c7e131eb393f829851955a1cd4b6cac3acc15ec35e237b6e24bf219d1e2e03f
3d4df34a7cf5088c6a63006c97dcc5639ca323396571a05e36c73f751ba13757
4c3176e361ac71ef869370ea7f5ec17507d1e1533521da416fbb3a06d11c34cd
522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
54a806d7a8abe1ce37afda6b8fc437f304f2709c1efebc38183b5fb077258144
567e5358968a212b44d941542a3168db060dfb5b55e2cbe58d4a6ef81eba7977
5954779c1d16bb91d9b5d063c9f0360a1794ca6eccc47563e3c9628795722eb6
5c3105f2dbd880e0f1f8bdaadc49950d163fedf0539d300759fb5405c7eee444
607658f298b81b71cb2cfd3dd5580e78939399781684f2a272c0b8e19c6d0080
610ea75c21e6c2f3ed33bf3930b856b8f737f05a41a67d81df49f94922f2417c
694769aa4939ace5d82f4b72d654960ac9911fdd14eaf2565bc382b1b76eec6a
6a2e4df67c895fe6f63a2bcc02a51049c248dca3bb469d622bd8b49b97b8cb08
6bc85fe9e543e5f498e951d1a9ebb5a92386c31293aa045ed440fc152f98fe2e
7705fee13417229d718f14947e9860d5bb2b25bd15c9f5cd834f2545c7bad0a6
7f008e39cb5cfe91982148a996bcb8b0f805ea7bddf2f262a2ac6951781bcb3e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8f464df57b13d05f2ce593e95be39e39983c89b973a06d5f7f9961cc99d6d47d
a6940f4b3c79ca2c334c38f8b23ca047d47b50bea2ee5f5d303c29443e32a7dd
ae5e8f1f33af5c8203d686f11b86843215c4bae39ffd2f1029609efd516dd259
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b60e73123ff79db4a3ba465232bc0cdab4d321dbeffc5cc6e6ee662daebb2bc3
b680bd5e0cf89f1cf642ddf966ae2b1170fe0208c0f8b907b20b4e1eedc1895f
c09794a6bd837aa5da0a75fd049d739f469d41a7398943e27f12eca88f537866
c21c3cf66cc16869fe00b0aa2eb05f5f90df8aad410e5a8d143a5f0fb4863c64
cd67a3eca7e0725d6f3620b69d09e8d1c2e988d2715b480bc14d3dcb6b9d0937
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
debc919203bb020d13504dc0c99a3b2deab9cb3202b05d8ef261afc7e95c4405
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f4d99554abfed86d8bb644f7e2fb5c7ae8e784aa80d416e57739b9bc17e11c
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
ea572637faa6e045a661b4be290e6b8af2bd21c1a725cc016ee215abb8fc20a0
ec8c5d245d604cecf2f7b08af0bb88d152d2175ca1f7943d8df4b4bf13cd86b8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79cf0f3c227de1e1d3a9dfe0539525d21e21897366c0dd0848b264e6af4136d