www.splunk.com Open in urlscan Pro
2.16.186.195 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s1528.t.en25.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259632bf041719053371829...
Effective URL:
https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_sou...
Submission: On March 01 via api (March 1st 2022, 7:42:41 pm UTC) from SE — Scanned from DE

Summary HTTP 143 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 59 IPs in 7 countries across 43 domains to perform 143 HTTP transactions. The main IP is 2.16.186.195, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.splunk.com. The Cisco Umbrella rank of the primary domain is 125284.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 22nd 2021. Valid for: a year.

This is the only time www.splunk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	209.167.231.27 209.167.231.27	7160 (NETDYNAMICS) (NETDYNAMICS)
1 1	209.167.231.17 209.167.231.17	7160 (NETDYNAMICS) (NETDYNAMICS)
31	2.16.186.195 2.16.186.195	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:fb:... 2a02:26f0:fb:59a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	63.33.186.64 63.33.186.64	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3668	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100:59a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 4	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	63.32.23.63 63.32.23.63	16509 (AMAZON-02) (AMAZON-02)
2	2a03:5f80:a::... 2a03:5f80:a::b212:e7c0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1	13.224.89.54 13.224.89.54	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	108.157.1.118 108.157.1.118	16509 (AMAZON-02) (AMAZON-02)
2	3.121.48.255 3.121.48.255	16509 (AMAZON-02) (AMAZON-02)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
8	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:303... 2606:4700:3035::6815:4687	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	92.122.145.25 92.122.145.25	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.230.123.66 34.230.123.66	14618 (AMAZON-AES) (AMAZON-AES)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
1	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	13.224.98.151 13.224.98.151	16509 (AMAZON-02) (AMAZON-02)
2	209.167.231.15 209.167.231.15	7160 (NETDYNAMICS) (NETDYNAMICS)
1 2	92.123.225.42 92.123.225.42	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a03:5f80:a::... 2a03:5f80:a::b212:e7d0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
2	52.19.175.219 52.19.175.219	16509 (AMAZON-02) (AMAZON-02)
3	63.34.233.44 63.34.233.44	16509 (AMAZON-02) (AMAZON-02)
2	70.42.32.159 70.42.32.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	20.62.48.180 20.62.48.180	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.248.91.176 34.248.91.176	16509 (AMAZON-02) (AMAZON-02)
1	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	13.224.89.10 13.224.89.10	16509 (AMAZON-02) (AMAZON-02)
2	13.224.89.123 13.224.89.123	16509 (AMAZON-02) (AMAZON-02)
1	108.156.255.177 108.156.255.177	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:400:12:dfa9:e200:93a1	() ()
1	54.155.132.239 54.155.132.239	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.154.242 52.46.154.242	() ()
1	13.224.89.104 13.224.89.104	16509 (AMAZON-02) (AMAZON-02)
1	18.66.248.29 18.66.248.29	16509 (AMAZON-02) (AMAZON-02)
2 2	52.215.3.215 52.215.3.215	() ()
1 2	13.224.89.69 13.224.89.69	() ()
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	108.156.253.112 108.156.253.112	16509 (AMAZON-02) (AMAZON-02)
1	13.49.35.59 13.49.35.59	() ()
143	59

1 209.167.231.27 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)
PTR: e027.en25.com

s1528.t.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.167.231.17 (United States) 1 redirects

ASN7160 (NETDYNAMICS, US)
PTR: e017.en25.com

s1528.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2.16.186.195 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-195.deploy.static.akamaitechnologies.com

www.splunk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:fb:59a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
02179917.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.186.64 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-186-64.eu-west-1.compute.amazonaws.com

seal.digicert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3668 (United States)

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:59a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.102 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
3801996.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.23.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-23-63.eu-west-1.compute.amazonaws.com

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:5f80:a::b212:e7c0 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-54.zrh50.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.1.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-1-118.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.48.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-48-255.eu-central-1.compute.amazonaws.com

tm.vendemore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics.vendemore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:4687 (United States)

ASN13335 (CLOUDFLARENET, US)

v2.listenloop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.145.25 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-145-25.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.230.123.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-123-66.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.38 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.98.151 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-98-151.zrh50.r.cloudfront.net

d2hya7iqhf5w3h.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.167.231.15 (United States)

ASN7160 (NETDYNAMICS, US)
PTR: now.eloqua.com

secure.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.225.42 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-225-42.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:5f80:a::b212:e7d0 (Russian Federation) 1 redirects

ASN50952 (DATAIX-AS Peering Ltd., RU)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.175.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-175-219.eu-west-1.compute.amazonaws.com

q-aeu1.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.34.233.44 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-233-44.eu-west-1.compute.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.62.48.180 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.91.176 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-91-176.eu-west-1.compute.amazonaws.com

k-aeu1.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-10.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.89.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-123.zrh50.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.255.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-255-177.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:400:12:dfa9:e200:93a1 (None, )

ASN- ()

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.132.239 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-132-239.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.154.242 (None, ) 1 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-104.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-29.dus51.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.3.215 (None, ) 2 redirects

ASN- ()

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.89.69 (None, ) 1 redirects

ASN- ()

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.253.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-253-112.dus51.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.49.35.59 (None, )

ASN- ()

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	splunk.com www.splunk.com — Cisco Umbrella Rank: 125284	546 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 7147 c.6sc.co — Cisco Umbrella Rank: 10540 b.6sc.co — Cisco Umbrella Rank: 5621	14 KB
8	doubleclick.net 3 redirects fls.doubleclick.net — Cisco Umbrella Rank: 428 3801996.fls.doubleclick.net — Cisco Umbrella Rank: 459757 ad.doubleclick.net — Cisco Umbrella Rank: 167 stats.g.doubleclick.net — Cisco Umbrella Rank: 67	2 KB
7	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3603 q-aeu1.contentsquare.net — Cisco Umbrella Rank: 10947 c.contentsquare.net — Cisco Umbrella Rank: 3506 k-aeu1.contentsquare.net — Cisco Umbrella Rank: 11308	67 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 59 analytics.google.com — Cisco Umbrella Rank: 861 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	77 KB
5	clarity.ms 1 redirects e.clarity.ms — Cisco Umbrella Rank: 2000 c.clarity.ms — Cisco Umbrella Rank: 693	24 KB
5	google.ca adservice.google.ca — Cisco Umbrella Rank: 12901 www.google.ca — Cisco Umbrella Rank: 8810	1 KB
5	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 443	110 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 439 www.linkedin.com — Cisco Umbrella Rank: 602 px4.ads.linkedin.com — Cisco Umbrella Rank: 5087	4 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1865 kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1862 eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net	1 KB
4	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 983 trc.taboola.com — Cisco Umbrella Rank: 571 trc-events.taboola.com — Cisco Umbrella Rank: 1715	19 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 331 c.bing.com — Cisco Umbrella Rank: 212	13 KB
3	company-target.com 1 redirects api.company-target.com — Cisco Umbrella Rank: 2778 segments.company-target.com	2 KB
3	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 263 s.amazon-adsystem.com	9 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 574 script.hotjar.com — Cisco Umbrella Rank: 726 vars.hotjar.com — Cisco Umbrella Rank: 809	68 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7855	32 KB
3	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 2190 tr.outbrain.com — Cisco Umbrella Rank: 1993	4 KB
3	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1475 insight.adsrvr.org — Cisco Umbrella Rank: 607	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	212 KB
3	eloqua.com 1 redirects s1528.t.eloqua.com — Cisco Umbrella Rank: 938319 secure.eloqua.com — Cisco Umbrella Rank: 59984	2 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	inzynk.io tags.inzynk.io analytics.inzynk.io	3 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	313 B
2	cloudfront.net d2hya7iqhf5w3h.cloudfront.net d6tizftlrpuof.cloudfront.net	7 KB
2	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 350 ib.adnxs.com — Cisco Umbrella Rank: 210	1 KB
2	quora.com q.quora.com — Cisco Umbrella Rank: 2912	842 B
2	vendemore.com tm.vendemore.com — Cisco Umbrella Rank: 191748 analytics.vendemore.com — Cisco Umbrella Rank: 194638	931 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	114 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 830	3 KB
2	pingdom.net rum-static.pingdom.net — Cisco Umbrella Rank: 4642 rum-collector-2.pingdom.net — Cisco Umbrella Rank: 4293	3 KB
2	digicert.com seal.digicert.com — Cisco Umbrella Rank: 7692	4 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1150 c.go-mpulse.net — Cisco Umbrella Rank: 549	51 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 548	66 B
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 2976	16 KB
1	demandbase.com scripts.demandbase.com — Cisco Umbrella Rank: 5604	16 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 10108	204 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 7499	477 B
1	listenloop.com v2.listenloop.com — Cisco Umbrella Rank: 114691 abm2.listenloop.com Failed	33 KB
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 29408	6 KB
1	akstat.io 02179917.akstat.io — Cisco Umbrella Rank: 53178	202 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 709	432 B
1	en25.com 1 redirects s1528.t.en25.com — Cisco Umbrella Rank: 866348	580 B
143	43

	Domain	Requested by
31	www.splunk.com	www.splunk.com
7	www.google-analytics.com	www.splunk.com www.google-analytics.com www.googletagmanager.com
6	b.6sc.co
5	cdn.cookielaw.org	www.splunk.com cdn.cookielaw.org
4	www.google.ca
4	stats.g.doubleclick.net	www.splunk.com www.googletagmanager.com
3	e.clarity.ms	bat.bing.com www.splunk.com
3	c.contentsquare.net	www.splunk.com
3	www.google.com
3	cdn.bizible.com	www.splunk.com cdn.bizible.com
3	bat.bing.com	www.googletagmanager.com www.splunk.com
3	www.googletagmanager.com	www.splunk.com www.googletagmanager.com
2	segments.company-target.com	1 redirects
2	match.prod.bidr.io	2 redirects
2	s.amazon-adsystem.com	1 redirects www.splunk.com
2	trc-events.taboola.com	www.splunk.com
2	px.ads.linkedin.com	2 redirects
2	c.clarity.ms	1 redirects
2	www.facebook.com
2	tr.outbrain.com	www.splunk.com
2	q-aeu1.contentsquare.net	www.splunk.com
2	secure.eloqua.com	www.splunk.com
2	insight.adsrvr.org	www.splunk.com
2	analytics.google.com	www.googletagmanager.com
2	ad.doubleclick.net	2 redirects
2	q.quora.com
2	connect.facebook.net	www.splunk.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	adservice.google.com	3801996.fls.doubleclick.net
2	seal.digicert.com	www.splunk.com
1	analytics.inzynk.io	www.splunk.com
1	d6tizftlrpuof.cloudfront.net	www.splunk.com
1	vars.hotjar.com	www.splunk.com
1	id.rlcdn.com
1	api.company-target.com	www.splunk.com
1	script.hotjar.com	www.splunk.com
1	w.usabilla.com	www.splunk.com
1	tags.inzynk.io	www.googletagmanager.com
1	c.amazon-adsystem.com	www.splunk.com
1	scripts.demandbase.com	www.splunk.com
1	static.hotjar.com	www.googletagmanager.com
1	analytics.vendemore.com	www.splunk.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	ib.adnxs.com	www.splunk.com
1	k-aeu1.contentsquare.net	www.splunk.com
1	c.bing.com	1 redirects
1	cdn.bizibly.com
1	eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	d2hya7iqhf5w3h.cloudfront.net	www.splunk.com
1	c.6sc.co	www.splunk.com
1	secure.adnxs.com	www.splunk.com
1	trc.taboola.com	cdn.taboola.com
1	amplify.outbrain.com	www.splunk.com
1	ws.zoominfo.com	www.splunk.com
1	v2.listenloop.com	www.splunk.com
1	j.6sc.co	www.splunk.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	www.splunk.com
1	tm.vendemore.com	www.splunk.com
1	js.adsrvr.org	www.googletagmanager.com
1	t.contentsquare.net	www.googletagmanager.com
1	cdn.taboola.com	www.googletagmanager.com
1	rum-collector-2.pingdom.net	www.splunk.com
1	02179917.akstat.io	s.go-mpulse.net
1	adservice.google.ca	adservice.google.com
1	geolocation.onetrust.com	www.splunk.com
1	3801996.fls.doubleclick.net	www.splunk.com
1	fls.doubleclick.net	1 redirects
1	c.go-mpulse.net	www.splunk.com
1	rum-static.pingdom.net	www.splunk.com
1	s.go-mpulse.net	www.splunk.com
1	s1528.t.eloqua.com	1 redirects
1	s1528.t.en25.com	1 redirects
0	abm2.listenloop.com Failed	v2.listenloop.com
143	77

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.linkedin.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
www.splunk.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-22` - `2022-04-27`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
seal.digicert.com DigiCert SHA2 Secure Server CA	`2020-03-30` - `2022-06-03`	2 years	crt.sh
pingdom.net Cloudflare Inc ECC CA-3	`2021-12-14` - `2022-12-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.pingdom.net Amazon	`2021-12-07` - `2023-01-05`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
t.contentsquare.net Amazon	`2021-11-13` - `2022-12-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-09` - `2022-03-09`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.vendemore.com Trusted Secure Certificate Authority 5	`2022-01-27` - `2023-02-21`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.quora.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-30` - `2022-07-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.google.ca GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.eloqua.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-04` - `2022-12-23`	a year	crt.sh
q-aeu1.contentsquare.net Amazon	`2021-06-22` - `2022-07-21`	a year	crt.sh
c.contentsquare.net Amazon	`2021-09-14` - `2022-10-13`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
k-aeu1.contentsquare.net Amazon	`2021-09-13` - `2022-10-12`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.inzynk.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-07` - `2023-01-07`	a year	crt.sh
w.usabilla.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Frame ID: BE752D823C97346831344E671C365788
Requests: 133 HTTP requests in this frame

Frame: https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695
Frame ID: BAFA91F48C098E57953C12C1610BCAC1
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/
Frame ID: AD0C1ECE6EA3FFE6202B35A71BFCC1D5
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.ca/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/
Frame ID: 51F3D80C8F96A3A8ECF130B38BC73DEE
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=65d5w9m&ref=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&upid=zfbopfz&upv=1.1.0
Frame ID: F76B19DB97750F48CAA85B797792259E
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=t0q4wl6&ref=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&upid=afx4zne&upv=1.1.0
Frame ID: D05221962428732A32C81B7CF6C7D468
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: B99B1CEF70A156BFBD1FD2D0DEB6D1D1
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/26b58e1d9d1d.js?lv=1
Frame ID: FECD5210D6842FC957FD1C14A31504C2
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765&dcc=t
Frame ID: 19FC69819C348AF7F99E8CFF1431C290
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: BC733492664A74F466AFE6AABADD53DF
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/splunk-button-77a48f8f9f814cbca9e89a9cef1a2ace.png
Frame ID: 8A2F55A4D5083F61F4074C32DBFC0C36
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fighting Ransomware With Splunk Attack Range | Splunk

Page URL History Show full URLs

https://s1528.t.en25.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259... HTTP 302
https://s1528.t.eloqua.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259... HTTP 302
https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_... Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

143
Requests

94 %
HTTPS

34 %
IPv6

43
Domains

77
Subdomains

59
IPs

7
Countries

1466 kB
Transfer

5452 kB
Size

58
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/splunk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/splunk
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/splunk
Title: Linked In

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/splunkvideos
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/splunk/
Title: Instagram

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s1528.t.en25.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259632bf041719053371829457025&elqaid=52056&elqat=1 HTTP 302
https://s1528.t.eloqua.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259632bf041719053371829457025&elqaid=52056&elqat=1 HTTP 302
https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

https://fls.doubleclick.net/activityi;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695 HTTP 302
https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695

Request Chain 66

https://ad.doubleclick.net/ddm/activity/src=10512828;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=6120925553438.738? HTTP 302
https://ad.doubleclick.net/ddm/activity/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=6120925553438.738? HTTP 302
https://adservice.google.com/ddm/fls/z/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=6120925553438.738

Request Chain 89

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p6t3bl4mq HTTP 302
https://kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 90

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p6t3bl4mq HTTP 302
https://eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net/eum/results.txt

Request Chain 107

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&RedC=c.clarity.ms&MXFR=11FFE1F7E40467540835F0ADE00469BF HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&MUID=11AFC480672C6CE409AFD5DA66FE6DDA

Request Chain 111

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D66727%26time%3D1646163756890%26url%3Dhttps%253A%252F%252Fwww.splunk.com%252Fen_us%252Fform%252Ffighting-ransomware-with-splunk-attack-range.html%253FLST%253Dattack%2526utm_medium%253Demail%2526utm_source%253Dsplunk%2526utm_campaign%253DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%2526utm_content%253DTrendTopicsSec_.conf_cEm%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&liSync=true&e_ipv6=AQJ5MjoMoLKNSAAAAX9HAYjGoySx6UkCAvyJqQvc1bdp_7ebwCjxOyZTNpcb8AVfOtDnw09wJBwRQaUikrINnHudNL3vmg

Request Chain 127

https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765 HTTP 302
https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765&dcc=t

Request Chain 130

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg&verifyHash=74ecaa565352a0fc35285e2872784e2c8313c009

143 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request fighting-ransomware-with-splunk-attack-range.html Show response
www.splunk.com/en_us/form/
Redirect Chain

https://s1528.t.en25.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259632bf041719053371829457025&elqaid=52056&elqat=1
https://s1528.t.eloqua.com/e/er?s=1528&lid=41826&elqTrackId=2ce69e6f43da4bb79bab5855382fb23e&elq=93c259632bf041719053371829457025&elqaid=52056&elqat=1
https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&u...

81 KB
19 KB

10787ms
10665ms

Document
text/html

2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9ee6cfbe868635cf2bf2d04139aed4734a300d51aee5ed327c048ca6ab5dd442

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html;charset=utf-8
server: Apache
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
content-encoding: gzip
serverid: prod-web02
x-akamai-transformed: 9 15019 0 pmb=mNONE,1mRUM,2
cache-control: max-age=3600
expires: Tue, 01 Mar 2022 20:42:35 GMT
date: Tue, 01 Mar 2022 19:42:35 GMT
content-length: 18374
vary: Accept-Encoding
server-timing: edge; dur=8 origin; dur=10627 cdn-cache; desc=MISS
x-akam-sw-version: 0.5.0

Redirect headers

Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Tue, 01 Mar 2022 19:42:23 GMT
Content-Length: 365

GET
H2 200 clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 682 KB
77 KB 120ms
120ms Stylesheet
text/css 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

4d9457a2bf280fbe146f3c72b86ede0480e0d05648416ada351800a4536e473b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=20
content-length: 78517
last-modified: Thu, 24 Feb 2022 20:23:30 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-grid.083db1b81a5418f832a6c9e1dafbcb98.css
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 202 KB
7 KB 175ms
174ms Stylesheet
text/css 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-grid.083db1b81a5418f832a6c9e1dafbcb98.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

3c3a0bf4f49c977b90f65336d9a81773dafcf7efccdf895ad4dc37cabf2644d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=18
content-length: 6055
last-modified: Thu, 24 Feb 2022 20:45:25 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-jquery.883a5058c30de462aba759b4b88f08a9.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 88 KB
29 KB 181ms
180ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-jquery.883a5058c30de462aba759b4b88f08a9.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

b9504504e2cfc03db7ced6ce3bdb3c05b2bd22c2340821595f3030160857f1d2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=6
content-length: 28556
last-modified: Thu, 24 Feb 2022 20:24:23 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-auth.69c8562bacfa2d80d1ef458641228a7d.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 2 KB
1 KB 187ms
187ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-auth.69c8562bacfa2d80d1ef458641228a7d.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

b0445196f4e7220d18716d114a313d6593f82fa56af18a27e15b9fa0832601f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 852
last-modified: Thu, 24 Feb 2022 20:24:14 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 splunk-logo-dark.svg
www.splunk.com/content/dam/ 6 KB
3 KB 121ms
119ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk-logo-dark.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

2f2a4b60ec911788e2a5e294f7ee7e5fd7567878899a8e47c7a294fee1a52336

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 2341
last-modified: Tue, 01 Mar 2022 01:59:21 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlibs.407bc502fc16bc2b26b948a21323bed5.css
www.splunk.com/etc.clientlibs/splunk/core/components/content/text-image/v1/text-image/ 6 KB
2 KB 28ms
28ms Stylesheet
text/css 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/components/content/text-image/v1/text-image/clientlibs.407bc502fc16bc2b26b948a21323bed5.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

d1bcbe73c54a9e452e68320b9ef266af4ce352f5f24a59f7e83f4b3eca36ed24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=5
content-length: 953
last-modified: Thu, 24 Feb 2022 20:23:00 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlibs.e0385a25cf844e1ed31d84094a73b9d0.js Show response
www.splunk.com/etc.clientlibs/splunk/core/components/content/text-image/v1/text-image/ 1 KB
1 KB 28ms
28ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/components/content/text-image/v1/text-image/clientlibs.e0385a25cf844e1ed31d84094a73b9d0.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

e94ab746eb47d443256f516a8cc629122c8dfa64a37d7a7db72e6368b184cd8d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 595
last-modified: Thu, 24 Feb 2022 20:28:24 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlibs.81720ef0b1e1c11a431d84929b59d8d5.css
www.splunk.com/etc.clientlibs/splunk/core/components/content/socialband/v1/socialband/ 11 KB
2 KB 39ms
36ms Stylesheet
text/css 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/components/content/socialband/v1/socialband/clientlibs.81720ef0b1e1c11a431d84929b59d8d5.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

1c6fc18f5e15d5c827dc7a493a26e0a15c8ce09c74c1d0fd427c6973faba2835

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=7
content-length: 1356
last-modified: Thu, 24 Feb 2022 20:25:04 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlibs.ad6a3cae5c2f94507fee7403a8b11fde.js Show response
www.splunk.com/etc.clientlibs/splunk/core/components/content/socialband/v1/socialband/ 3 KB
2 KB 41ms
38ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/components/content/socialband/v1/socialband/clientlibs.ad6a3cae5c2f94507fee7403a8b11fde.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

77e37e42f86028d7b8e40a6d2172a7457e80cedd5bd7847a1833cdfff8b7efdd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=8
content-length: 1189
last-modified: Thu, 24 Feb 2022 20:25:10 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 utils.7d1c4e1c54f4b3bce718f5d6a06ffd06.js Show response
www.splunk.com/etc.clientlibs/clientlibs/granite/ 47 KB
9 KB 50ms
47ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/clientlibs/granite/utils.7d1c4e1c54f4b3bce718f5d6a06ffd06.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

446cb2c77c2807618caf4de745e133e0893780c448f2ce8b1b0266f08f9dfc83

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 8846
last-modified: Thu, 24 Feb 2022 20:25:03 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-vendors.115d62228c25b439c8f8e61de1661389.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 869 KB
201 KB 52ms
49ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-vendors.115d62228c25b439c8f8e61de1661389.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

bd3ee357733bef8c36973d775b800f4d198569ef4b448395ae2662b9718fbaf8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 205070
last-modified: Thu, 24 Feb 2022 20:23:27 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-dependencies.fd60b5d35b244903e72e8f040f86e9f5.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 9 KB
4 KB 70ms
68ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-dependencies.fd60b5d35b244903e72e8f040f86e9f5.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

af9deb07fe565c7f3b5accaee1b943e92b228bc019a40eb7d75802702c2568a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=8
content-length: 3303
last-modified: Thu, 24 Feb 2022 20:21:56 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 csrf.a9dcac4698709ca8e1cbc88363cf0793.js Show response
www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/ 10 KB
3 KB 86ms
83ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 2319
last-modified: Thu, 24 Feb 2022 20:27:04 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-site.5cfec8c096a465c173ac4ab8a72f5f8b.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 83 KB
19 KB 101ms
99ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.5cfec8c096a465c173ac4ab8a72f5f8b.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

3bdaaba0344423bf26f74345bba050eb46a237d7481fdf3942759cad7843e0b3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 19298
last-modified: Thu, 24 Feb 2022 20:23:20 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 clientlib-gatedForm.2f15c9dbdf629b9dcdf6c8d1555bedee.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 12 KB
4 KB 112ms
109ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-gatedForm.2f15c9dbdf629b9dcdf6c8d1555bedee.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

a393147ce1795987eaaebe86ee8c2e79337ea6a4bb6916843ae8dc52a5d56344

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 2975
last-modified: Thu, 24 Feb 2022 20:32:11 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:35 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 305ms
248ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de46b77a5b05ab09a32c1999473923ea2b42c8c1489a4a1fb15d551a45366df3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: tIKwvumWYF6u8xFeFGeRKQ==
age: 10552
vary: Accept-Encoding
content-length: 6486
x-ms-lease-status: unlocked
last-modified: Mon, 28 Feb 2022 20:23:36 GMT
server: cloudflare
etag: 0x8D9FAF833271C8F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 606ca165-601e-00e7-5de4-2cc8eb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e546070e85b9bd1-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 61ms
16ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 462
date: Tue, 01 Mar 2022 19:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 01 Mar 2022 21:34:53 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 449 KB
112 KB 107ms
62ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40f432b552a92a04057a9f98452c803733086ab31c912fd7efbc671c06cd0fb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114053
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Mar 2022 19:42:35 GMT

GET
H2 200 M7Q82-FTRNS-TEZ4E-UCSZ2-NQJ9C Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 88ms
43ms Script
application/javascript 2a02:26f0:fb:59a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/M7Q82-FTRNS-TEZ4E-UCSZ2-NQJ9C
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: br
last-modified: Tue, 18 Jan 2022 20:15:14 GMT
x-n: S
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 splunkdatasans_w_bd.woff2
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/ 21 KB
21 KB 116ms
115ms Font
font/woff2 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/splunkdatasans_w_bd.woff2

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6607d39e43283ed0bb6e98c94d643344392be4086426e171c96df8a3ac1f40b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 21288
last-modified: Thu, 24 Feb 2022 01:09:21 GMT
server: Apache
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 splunk_list_icons.woff
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunklistfont/ 2 KB
3 KB 131ms
131ms Font
font/woff 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunklistfont/splunk_list_icons.woff

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3fccdd8c3e912ec87960974747532ff2361075f74c394acf7b046eb04965bbbb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2328
last-modified: Thu, 24 Feb 2022 01:09:21 GMT
server: Apache
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 splunkdatasans_w_rg.woff2
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/ 21 KB
21 KB 133ms
133ms Font
font/woff2 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/splunkdatasans_w_rg.woff2

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

dc6dc98cca0dd4df6b20f3813bb9f7da0b6bf8e0abb42653c0ee673880caecfd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 21052
last-modified: Thu, 24 Feb 2022 01:04:12 GMT
server: Apache
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H/1.1 200
OK seal.min.js Show response
seal.digicert.com/seals/cascade/ 7 KB
4 KB 126ms
38ms Script
application/javascript 63.33.186.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://seal.digicert.com/seals/cascade/seal.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.33.186.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-186-64.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

277b0281ce8610bb77c2a8332c8544d26fa6ae6c6a29dd9418a3805d92a6ac14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Mar 2022 18:23:11 GMT
Server: nginx
ETag: W/"1df4-5d92c41e701c0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block, 1; mode=block

GET
H2 200 twitter-social-icon-dark.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 926 B
1 KB 133ms
132ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/twitter-social-icon-dark.svg

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

4357354dd00943934022a1a1f4b99429b6aaa840a42febede2a2fa5e1612f3f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 488
last-modified: Thu, 24 Feb 2022 20:27:00 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 facebook-social-icon-dark.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 964 B
1 KB 145ms
144ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/facebook-social-icon-dark.svg

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

2eba9592c9e23969a0ebcf104d6170a1a7c2296ee9a74543dc2dca67d0279874

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 481
last-modified: Thu, 24 Feb 2022 20:24:26 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 linkedin-social-icon-dark.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 2 KB
1 KB 155ms
154ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/linkedin-social-icon-dark.svg

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

5e95908f07fac78d27566fbd48eb83bc28f7ded8840acf1f03ee8981961f9bfc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=37
content-length: 772
last-modified: Thu, 24 Feb 2022 20:23:56 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 youtube-social-icon-dark.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 1 KB
1 KB 156ms
156ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/youtube-social-icon-dark.svg

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

397f524fd0ce1dce695fd3e572bf02ad7012e0eba8ebe44f01b6cfbd971e4954

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 480
last-modified: Thu, 24 Feb 2022 20:45:35 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 instagram-social-icon-dark.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 2 KB
1 KB 171ms
170ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/instagram-social-icon-dark.svg

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

b0cfec5981da1fc39edf3be6d8a8d6e390b6881c8d2674318ac3d06235f091af

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 828
last-modified: Thu, 24 Feb 2022 20:27:08 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 splunkdatasans_w_md.woff2
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/ 20 KB
21 KB 159ms
159ms Font
font/woff2 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/splunkdatasans/woff2/splunkdatasans_w_md.woff2

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b6757c564305ac26f444cf3b00f5bfdce1e0684ae40b80706e5d9cffb2d81176

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 20876
last-modified: Thu, 24 Feb 2022 01:09:21 GMT
server: Apache
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 95 KB
37 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-N4QZZ4H&cid=1603932068.1646163756

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0542255ad414e8a5c4571fa8be364cf062065fb84346b3aa2bb5d1219644bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37375
x-xss-protection: 0
expires: Tue, 01 Mar 2022 19:42:35 GMT

GET
H2 200 token.json Show response
www.splunk.com/libs/granite/csrf/ 2 B
577 B 44ms
44ms XHR
application/json 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/libs/granite/csrf/token.json

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-type-options: nosniff, nosniff
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
server: Apache
x-frame-options: SAMEORIGIN, SAMEORIGIN
date: Tue, 01 Mar 2022 19:42:35 GMT
serverid: prod-web01
content-type: application/json;charset=iso-8859-1
cache-control: max-age=5184000
server-timing: cdn-cache; desc=HIT, edge; dur=38
content-length: 2
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
expires: Sat, 30 Apr 2022 19:42:35 GMT

GET
H2 200 prum.min.js Show response
rum-static.pingdom.net/ 6 KB
3 KB 67ms
30ms Script
application/javascript 2606:4700:10::6816:3668
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-static.pingdom.net/prum.min.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3668 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c19455754ead9313cc2221c64f1c66e8378501d8099bdcb3d90bb0b1a170b5ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 14:01:38 GMT
server: cloudflare
age: 5788
etag: W/"609a8e42-1849"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=43200
cf-ray: 6e546071b9bb90f2-FRA

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 3 KB
1 KB 72ms
33ms XHR
application/json 2a02:26f0:7100:59a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=M7Q82-FTRNS-TEZ4E-UCSZ2-NQJ9C&d=www.splunk.com&t=5487213&v=1.720.0&sl=0&si=e7552f62-3234-44bd-b221-efa3fa915e32-r8302n&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=418654
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:7100:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 29442d1bb0a6681e3a7ed5f63e0afdecd5f1bbe7eb943c826f46f33a4f590d8b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 854

GET
H2 200 9ff638b7-8097-449d-9741-7b3c526b0da7.json Show response
cdn.cookielaw.org/consent/9ff638b7-8097-449d-9741-7b3c526b0da7/ 3 KB
2 KB 58ms
26ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/9ff638b7-8097-449d-9741-7b3c526b0da7/9ff638b7-8097-449d-9741-7b3c526b0da7.json

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a2de4125e63c0db3ebac9e9ec44092ac3a1fda1942dc370637a234775a374c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 1okM7ZzoEswIs0PBwY4sQQ==
age: 2104
vary: Accept-Encoding
content-length: 1368
x-ms-lease-status: unlocked
last-modified: Tue, 18 May 2021 21:25:04 GMT
server: cloudflare
etag: 0x8D91A43671CA02E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c1a14ac3-601e-006f-30c0-2c7032000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e54607218139b6e-FRA
expires: Tue, 01 Mar 2022 23:42:35 GMT

GET
H2

200

activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695 Show response
3801996.fls.doubleclick.net/ Frame BAFA
Redirect Chain

https://fls.doubleclick.net/activityi;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695
https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695

439 B
532 B

64ms
27ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

083bf8ac06c2d57deb5c48eb1ee40d9e55744ec602413a526fd627d949eb0ce5

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 01 Mar 2022 19:42:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 01 Mar 2022 19:42:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
location: https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK /
seal.digicert.com/seals/cascade/ 159 B
562 B 38ms
38ms Image
image/png 63.33.186.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seal.digicert.com/seals/cascade/?tag=jUwQ2nsl&referer=www.splunk.com&format=png&lang=en&an=min

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.33.186.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-186-64.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2707ebaa45efd183f1346054b3c821135ec6383fe937dc21b94614c22ca0d738

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Mar 2022 06:19:49 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: max-age=7776000
Connection: keep-alive
Content-Length: 159
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Mon, 30 May 2022 06:19:50 GMT

GET
H2 200 icomoon-v1.ttf
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/icomoon/ 38 KB
18 KB 27ms
26ms Font
font/ttf 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site/resources/resources/fonts/icomoon/icomoon-v1.ttf

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

925a4e7ba8676d9dac68a22654040b78cd3ce8864279190e78572c484deaace3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-site.3256dacadd85e6c7e32db013d9e7903a.css
Origin: https://www.splunk.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: gzip
x-content-type-options: nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=1
vary: Accept-Encoding
content-length: 17994
last-modified: Thu, 24 Feb 2022 01:01:00 GMT
server: Apache
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN
content-type: font/ttf
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 fighting-ransomware-with-splunk-attack-range.html
www.splunk.com/en_us/form/ 64 KB
64 KB 402ms
401ms Image
text/html 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: gzip
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: edge; dur=6, origin; dur=365, cdn-cache; desc=MISS
content-length: 18369
server: Apache
x-frame-options: SAMEORIGIN, SAMEORIGIN
date: Tue, 01 Mar 2022 19:42:36 GMT
vary: Accept-Encoding
content-type: text/html;charset=utf-8
expires: Tue, 01 Mar 2022 20:42:36 GMT
cache-control: max-age=3600
x-akamai-transformed: 9 15019 0 pmb=mNONE,1mRUM,2
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-akam-sw-version: 0.5.0
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 lp-bg-desktop.svg
www.splunk.com/content/dam/splunk2/en_us/images/heroes/ 5 KB
2 KB 52ms
51ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/heroes/lp-bg-desktop.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

33c4125037d87b89fa3c3ef72ded3ec9d21475f341c8b4a52e0f5de6ec907a82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=4
content-length: 985
last-modified: Thu, 24 Feb 2022 20:24:08 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 splunk-corp-logo.svg
www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/ 12 KB
5 KB 49ms
49ms Image
image/svg+xml 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.splunk.com/content/dam/splunk2/en_us/images/icon-library/footer/splunk-corp-logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

97c92fcdb6b1fec661b87d5293b7607d1e7c79bc66f76d3bc6e60105e4583bcc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web02
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 4031
last-modified: Thu, 24 Feb 2022 20:46:18 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:35 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 30 Apr 2022 19:42:35 GMT
cache-control: max-age=5184000
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 153 B
432 B 99ms
55ms XHR
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fba5ed9a21a948a1edf9f018055a8ed911df83da750fcb24177e2a3c539a085

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6e5460728efa5c08-FRA
access-control-allow-headers: Content-Type

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/ Frame AD0C 438 B
814 B 93ms
52ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/

Requested by

Host: 3801996.fls.doubleclick.net
URL: https://3801996.fls.doubleclick.net/activityi;dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b689a688f7bf84fa917d240d3c6083c8f20c9bcd49ed8641afbeb0fbb843798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3801996.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 01 Mar 2022 19:42:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.18.0/ 377 KB
84 KB 235ms
235ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf8fce049c8e10f0a036f50f5eb7c8dde06dc5bee833635f9db82de6f51f2418

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cIchS4lr7UaDx9LQCq2apA==
age: 10546
vary: Accept-Encoding
content-length: 85787
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:55 GMT
server: cloudflare
etag: 0x8D91E52BCFB1A90
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f36922aa-101e-0049-56c0-11eb86000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e54607428729bd1-FRA

GET
H2 200 / Show response
adservice.google.ca/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/ Frame 51F3 194 B
657 B 54ms
53ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMOEpe_VpfYCFZlDHQkdAsEF3A;src=3801996;type=landi397;cat=splun025;ord=6795958348907.695;~oref=https://www.splunk.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 01 Mar 2022 19:42:36 GMT
expires: Tue, 01 Mar 2022 19:42:36 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/9ff638b7-8097-449d-9741-7b3c526b0da7/b7951409-db27-43d8-a4d6-4a3aaf33d3dd/ 71 KB
14 KB 29ms
29ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/9ff638b7-8097-449d-9741-7b3c526b0da7/b7951409-db27-43d8-a4d6-4a3aaf33d3dd/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52bb6e8d120c194fb3c184f9af610501526c368c6fc4224916eae858f12bc77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: l8lF6Z9Y6BID7iYM3kTxkw==
age: 2905
vary: Accept-Encoding
content-length: 14351
x-ms-lease-status: unlocked
last-modified: Tue, 18 May 2021 21:25:07 GMT
server: cloudflare
etag: 0x8D91A436927C281
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d57fb2d4-d01e-0093-33b0-2c4ead000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e5460748fec9b6e-FRA
expires: Tue, 01 Mar 2022 23:42:36 GMT

POST
H2 204 /
02179917.akstat.io/ 0
202 B 209ms
65ms Ping
image/gif 2a02:26f0:fb:59a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://02179917.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/M7Q82-FTRNS-TEZ4E-UCSZ2-NQJ9C

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:fb:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
content-type: image/gif
access-control-allow-origin: https://www.splunk.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Tue, 01 Mar 2022 19:42:36 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.18.0/assets/ 12 KB
3 KB 29ms
28ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.18.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.18.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: MrQfM8mTXwqoZ1+V6sXNuw==
age: 8484
vary: Accept-Encoding
content-length: 2938
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:48 GMT
server: cloudflare
etag: 0x8D91E52B88C8775
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 5a48657c-d01e-0150-07c0-1181bb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e546074d8949b6e-FRA

GET
H/1.1 200
OK beacon.gif Show response
rum-collector-2.pingdom.net/img/ 0
213 B 154ms
38ms XHR
text/plain 63.32.23.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-collector-2.pingdom.net/img/beacon.gif?id=552c4298abe53d666aa63604&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=1192&cE=1227&dLE=1192&dLS=1105&fS=1105&hS=1207&rE=-1&rS=-1&reS=1227&resS=11892&resE=11895&uEE=-1&uES=-1&dL=11896&dI=12433&dCLES=12433&dCLEE=12435&dC=12864&lES=12864&lEE=12865&s=nt&title=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&path=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html&ref=&sId=3h0gogvg&sST=1646163756&sIS=1&rV=0&v=1.4.1
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.23.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-23-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Tue, 01 Mar 2022 19:42:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 174 KB
64 KB 64ms
40ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5EPM2P39FV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44aa5b6ceabe0aaf0a599b23e838d5ca015390945086b8e2dfb8f258bff050ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65467
x-xss-protection: 0
expires: Tue, 01 Mar 2022 19:42:36 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 21ms
21ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:18:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 01 Mar 2022 20:18:39 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 463
date: Tue, 01 Mar 2022 19:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 01 Mar 2022 21:34:53 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1006 B
792 B 392ms
103ms Script
application/x-javascript 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: 0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 18:48:07 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57272
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 479

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 83ms
41ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4553624570D0454FBF4DDA371D8F1B40 Ref B: FRAEDGE1215 Ref C: 2022-03-01T19:42:36Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11333

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1341559/ 55 KB
17 KB 47ms
15ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1341559/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 472dbb1244faa0727bbec41dece6c0bfc8af473951759cd004058b15ccd4c39b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: 8BfUSSyEVA6dfexxiSWx.7mz6SduTGmi
content-encoding: gzip
etag: "b2902f800e239afcc76283b960191e32"
age: 12
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 17359
x-amz-id-2: tH62dRGjkQEQQqrZEBLJSDKOBpuOvVJuUK6GyYjc/Yb8THsso6c0UszjaSHK4/OOZLY+U1U6Iss=
x-served-by: cache-hhn4044-HHN
last-modified: Sun, 27 Feb 2022 11:03:25 GMT
server: AmazonS3
x-timer: S1646163756.354333,VS0,VE0
date: Tue, 01 Mar 2022 19:42:36 GMT
vary: Accept-Encoding
x-amz-request-id: P0TSCDQ8PX7KB73D
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 96
x-cache-hits: 1868

GET
H2 200 b05765359b5ba.js Show response
t.contentsquare.net/uxa/ 310 KB
66 KB 105ms
25ms Script
application/javascript 13.224.89.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/b05765359b5ba.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-54.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f43dea5e87cdfe5114ff8356ac20626fd76e2d7aefba937b112c46c0a25d49cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 28 Feb 2022 22:12:54 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 10:27:57 GMT
server: AmazonS3
age: 77383
etag: "605db4a74a21c3ff403dc0d5b695a685"
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
via: 1.1 7245e91891539560c1f484b1e46159c8.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 66611
x-amz-cf-id: DFI4mwWxI-8DomZP0ei6s8RYP6PFEfn8fgLr05vlrFGpedBsMcQZnQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 53ms
15ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: X3Xx4LLO9S+TEaZ70v3C5fD2EJdTmQQF3b2KXo4W7fXKbbNW8sSZDsnOk7V5GZrit/0Et1KuOPbDy8uUI4tmHg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 01 Mar 2022 19:42:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 66ms
19ms Script
application/x-javascript 108.157.1.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.1.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-1-118.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 03:31:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 58240
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-P2
X-Amz-Cf-Id: lN411VbVcAaoZKUQpXMxOiTMboEEkibdZwNDuD_-FCWF9IcfYzySWw==

GET
H2 200 cs.js Show response
tm.vendemore.com/cs/32fde63c-3af6-4cd0-a131-51e4701d5575/v2/ 408 B
548 B 92ms
20ms Script
application/javascript 3.121.48.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.vendemore.com/cs/32fde63c-3af6-4cd0-a131-51e4701d5575/v2/cs.js?c=1646163756321

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

3.121.48.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-48-255.eu-central-1.compute.amazonaws.com

Software

Resource Hash

6bd6f89b1e7f7eef3650d12eb6b8b0b9a839034f1917cccfafb5d22f549d5529

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Tue, 01 Mar 2022 19:42:36 GMT
vary: Accept-Encoding
access-control-allow-methods: POST, PUT, GET, OPTIONS, DELETE
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 3600
access-control-allow-headers: Authorization, Content-Type, username, password

GET
H/1.1 200
OK lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
6 KB 88ms
14ms Script
application/x-javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

da5d487f1fe8c4f5bba93bab0b071aed1249cf770ffdbc0144a86a4c2bae3c2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Connection: Keep-Alive
Last-Modified: Fri, 10 Dec 2021 19:19:18 GMT
x-amz-request-id: tx00000000000003ab1b035-006217d52f-2174fe1c-sfo2a
etag: "b407e44b8c40c183ae2c50df3bbcf151"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1646163756.dop135.fr8.t,1646163756.cds131.fr8.shn,1646163756.cds131.fr8.c
Content-Type: application/x-javascript
Cache-Control: max-age=170115
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 5673

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 32ms
28ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9979664

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

19eb5bede3a5070c1292df11a5965134c65621a059989fbe430a22a60cba2eea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37266
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Mar 2022 19:42:36 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 57ms
16ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Tue, 01 Mar 2022 19:42:36 GMT

GET
H2 200 analytics.bundle.js Show response
v2.listenloop.com/ 97 KB
33 KB 78ms
30ms Script
application/javascript 2606:4700:3035::6815:4687
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://v2.listenloop.com/analytics.bundle.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:4687 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7916c8a0b782df103da1877c280acf1d4966d9937c86aa16413cb9ddf40edf0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2510
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CSQRG9GFRNR0JRJ8
x-amz-id-2: 7EtCc8zgZsjblHQ1zDsSX+uqsIjABOlrNN77j+ZyicXyLY9F73Pau33yMP9iLwf6eWNoslKUPO4=
last-modified: Tue, 15 Feb 2022 14:25:06 GMT
server: cloudflare
etag: W/"bf01b3d358501ad8f4239cc90979eacb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkvdwgHlmO6UrbTCsMx3%2Fr%2FuIf%2B%2Ba7aY6tHnUeh1R7nQ7r1EHpATc0KVJff%2FgxHOvfG%2BxGyDnrOAepRyz4AxiX15VTjDJ6MSuSYxg5LrIbtGQim3C8Gw5AvxuB7ZNId%2FhmlNMbkUK7prHS3OIuIgjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 6e5460759dd89b5b-FRA

GET
H2 200 rz5la3FlMSNo3OYdIkfj Show response
ws.zoominfo.com/pixel/ 0
477 B 200ms
162ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/rz5la3FlMSNo3OYdIkfj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6e546075aa649b86-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 8 KB
3 KB 75ms
24ms Script
application/x-javascript 92.122.145.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.145.25 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-145-25.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Feb 2022 12:30:38 GMT
Server: AkamaiNetStorage
ETag: "23b34d08f648c3f51b232443afced826:1644409863.170279"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3150
Expires: Tue, 01 Mar 2022 20:02:36 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/7253deb1c35b4e138a11028e2dc890d6/ 43 B
421 B 418ms
105ms Image
image/gif 34.230.123.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/7253deb1c35b4e138a11028e2dc890d6/pixel?tag=GenerateLead&i=gtm&u=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.230.123.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-123-66.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,832658eab4e8aba5f55a0ee5e9ec2690,10.0.0.204,48344,84.19.175.183,,12858034564,1,1646163756.750,0.002,,.,0,0,0.000,0.000,-,0,0,197,170,85,10,34729,,,,,,-,
Content-Type: image/gif

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/7253deb1c35b4e138a11028e2dc890d6/ 43 B
421 B 415ms
105ms Image
image/gif 34.230.123.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/7253deb1c35b4e138a11028e2dc890d6/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.230.123.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-123-66.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,852b05135f5229ec985b302cd5b007cd,10.0.0.204,48366,84.19.175.183,,12858034594,1,1646163756.759,0.001,,.,0,0,0.000,0.000,-,0,0,197,184,92,10,34729,,,,,,-,
Content-Type: image/gif

GET
H3

200

fighting-ransomware-with-splunk-attack-range.html
adservice.google.com/ddm/fls/z/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=10512828;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splu...
https://ad.doubleclick.net/ddm/activity/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/...
https://adservice.google.com/ddm/fls/z/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/f...

42 B
63 B

80ms
55ms

Image
image/gif

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=6120925553438.738

Protocol

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=10512828;dc_pre=CJaqx-_VpfYCFZXGsgodR3kAjw;type=just-0;cat=splnk00y;u1=fighting-ransomware-with-splunk-attack-range.html;u2=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=6120925553438.738
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 68ms
18ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: cbda94666db24554bf77638fc059848d381c3c98f7f24641fa830abcd5793de7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
last-modified: Fri, 25 Feb 2022 01:51:55 GMT
server: ECS (frb/67D4)
age: 70673
etag: "f35c8b44ea29d81:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32300

GET
H2 200 clientlib-eloqua.js Show response
www.splunk.com/etc.clientlibs/splunk/core/clientlibs/ 7 KB
3 KB 77ms
77ms Script
application/javascript 2.16.186.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.splunk.com/etc.clientlibs/splunk/core/clientlibs/clientlib-eloqua.js

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.186.195 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-186-195.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

0ac7890faec9d44f806cf17037d78c8c2afefe4c192c5650bf1519ec8067b569

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
content-encoding: br
x-content-type-options: nosniff, nosniff
serverid: prod-web01
server-timing: cdn-cache; desc=HIT, edge; dur=21
content-length: 1982
last-modified: Thu, 24 Feb 2022 20:46:14 GMT
server: Akamai Resource Optimizer
date: Tue, 01 Mar 2022 19:42:36 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
expires: Tue, 08 Mar 2022 19:42:36 GMT
cache-control: max-age=604800
accept-ranges: bytes
x-webkit-csp: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com
x-content-security-policy: frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 24ms
24ms Ping
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 69ms
23ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1728220224&gjid=1474900477&_gid=1601467983.1646163756&_u=aHDAiUAjRAAAAE~&z=1119245796

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 01 Mar 2022 19:42:36 GMT
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/1341559/trc/3/ 2 KB
1 KB 46ms
40ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1341559/trc/3/json?tim=1646163756375&data=%7B%22id%22%3A201%2C%22ii%22%3A%22%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1646163756369%2C%22cv%22%3A%2220220224-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dsplunk-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1646163756374%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A91%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1341559/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4438511ceb65f76f3abd890ae95d3235d04f2ee7604295e9bb1efddd1ede8705

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms: 24
date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
server: nginx
x-timer: S1646163756.459983,VS0,VE24
x-served-by: cache-hhn4044-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 1642523699107798 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 38ms
19ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1642523699107798?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

76e599989fc5f26dcef7359acfac9ecbc1a8d2af202317fbbc9bfdfc92fee93f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89173
x-xss-protection: 0
pragma: public
x-fb-debug: LVH+d9TEO3WQmcDyqcFdSlG1o9zjhht0BxZDbwFan2IxMu8eBw7dY2Ad+203uEroFZrPezAS4dm/SQPDc91y7Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 01 Mar 2022 19:42:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
700 B 53ms
20ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 01 Mar 2022 19:42:36 GMT
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: be2b202a-d04a-43de-8425-a969b8fd08b8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.splunk.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
370 B 58ms
16ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 169f96420737e9e608bf2961c95031365eb3c055b2445a880b75ff2470f92200

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.splunk.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

POST
H2 204 collect
analytics.google.com/g/ 0
347 B 68ms
23ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-5EPM2P39FV&gtm=2oe2s0&_p=1768101330&sr=1600x1200&_gaz=1&ul=en-us&cid=1603932068.1646163756&_s=1&dl=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&dt=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&sid=1646163756&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.cookieDomain=auto&ep.allowLinker=true&ep.page=%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&up.2=Not%20Logged%20In&up.3=1603932068.1646163756&up.4=1646163756298.ktp5nd7&up.5=2022-03-01T19%3A42%3A36.298%2B00%3A00&up.16=1646163756298.844204a6-dcc5-4329-a80a-ccb02015b4d0&up.24=GA4%20-%20Pageview&up.32=0.30531067977386406_1646163756299&up.35=35
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5EPM2P39FV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 23ms
23ms Ping
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-5EPM2P39FV&cid=1603932068.1646163756&gtm=2oe2s0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5EPM2P39FV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 82ms
39ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-5EPM2P39FV&cid=1603932068.1646163756&gtm=2oe2s0&aip=1&z=170062322

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 84ms
43ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1728220224&_u=aHDAiUAjRAAAAE~&z=409163802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 59ms
43ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1728220224&_u=aHDAiUAjRAAAAE~&z=409163802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame F76B 0
182 B 122ms
39ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=65d5w9m&ref=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&upid=zfbopfz&upv=1.1.0
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK analytics-an-min.js Show response
d2hya7iqhf5w3h.cloudfront.net/scripts/ 4 KB
5 KB 362ms
116ms Script
application/javascript 13.224.98.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2hya7iqhf5w3h.cloudfront.net/scripts/analytics-an-min.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.98.151 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-98-151.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 856480dfbd572e8e51fd582b4744916dc6708b2cf12eb311d749f0dc16250410

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 01:40:46 GMT
Via: 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront)
Last-Modified: Wed, 05 May 2021 13:48:14 GMT
Server: AmazonS3
Age: 64910
ETag: "e2295ad89bc05d51307a0a73d8f7aa14"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: ZRH50-C1
Accept-Ranges: bytes
Content-Length: 4603
X-Amz-Cf-Id: m3weS_JkvF0DBHG0u2zkReD27yPdmecxiSH8WFbaQdMy5Ss5UWH8Cw==

GET
H/1.1 200
OK svrGP.aspx Show response
secure.eloqua.com/visitor/v200/ 79 B
485 B 466ms
121ms Script
application/javascript 209.167.231.15
NETDYNAMICS

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.eloqua.com/visitor/v200/svrGP.aspx?pps=70&siteid=1528&ref=https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack%26utm_medium=email%26utm_source=splunk%26utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content=TrendTopicsSec_.conf_cEm&ms=448

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

209.167.231.15 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

now.eloqua.com

Software

Resource Hash

aa0ae27aad06c96bb28817ddfee911bd79b404cb71b0a34f5a48e980342b8f54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 01 Mar 2022 19:42:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-cache, no-store
Content-Type: application/javascript; charset=utf-8
Content-Length: 106
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK svrGP.aspx
secure.eloqua.com/visitor/v200/ 49 B
352 B 511ms
175ms Image
image/gif 209.167.231.15
NETDYNAMICS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1528&ref2=elqNone&tzo=0&ms=448

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

209.167.231.15 , United States, ASN7160 (NETDYNAMICS, US),

Reverse DNS

now.eloqua.com

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 01 Mar 2022 19:42:36 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-cache, no-store
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame D052 0
181 B 118ms
39ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=t0q4wl6&ref=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&upid=afx4zne&upv=1.1.0
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 5962822.js Show response
bat.bing.com/p/action/ 684 B
756 B 192ms
191ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5962822.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: 8b835da150acd47012845d699cc5f4c6b6023f1af40b3fc1ddbffb2a809ec04d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:35 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34985A1D9A694943958EFF254B5348FE Ref B: FRAEDGE1215 Ref C: 2022-03-01T19:42:36Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 587

GET
H2 204 0
bat.bing.com/action/ 0
149 B 40ms
40ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5962822&tm=gtm002&Ver=2&mid=9c0a3278-be4e-4a69-9b14-7268753d4645&sid=bef615d0999711ecbf92d932cd6f5a15&vid=bef61810999711ec9953097874f5e0f1&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&p=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&r=&lt=12865&evt=pageLoad&msclkid=N&sv=1&rn=904558
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 649EEDA673A54AC09C53158207306EA1 Ref B: FRAEDGE1215 Ref C: 2022-03-01T19:42:36Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 244ms
198ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=null&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A36%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1

200
OK

results.txt Show response
kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p6t3bl4mq
https://kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

297ms
16ms

XHR
text/plain

92.123.225.42
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 92.123.225.42 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-42.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Tue, 01 Mar 2022 19:42:36 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p6t3bl4mq
https://eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

416ms
100ms

XHR
text/plain

2a03:5f80:a::b212:e7d0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2a03:5f80:a::b212:e7d0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:37 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net/eum/results.txt
Date: Tue, 01 Mar 2022 19:42:36 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

OPTIONS
H2 200 quota
q-aeu1.contentsquare.net/ Frame 0
0 131ms
39ms Preflight 52.19.175.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q-aeu1.contentsquare.net/quota?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.175.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-175-219.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.splunk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
content-length: 0
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With

POST
H2 200 quota Show response
q-aeu1.contentsquare.net/ 29 B
243 B 39ms
38ms XHR
application/json 52.19.175.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q-aeu1.contentsquare.net/quota?
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.175.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-175-219.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 70c705d49e04d07b8353972235ca2f2f7f48c1ddbb671829a282558b991a8fa1

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 01 Mar 2022 19:42:36 GMT
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression
content-length: 29
access-control-allow-methods: POST, OPTIONS
content-type: application/json

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 128ms
38ms Image
text/plain 63.34.233.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=2961&uu=3b33c9e0-7d63-a02b-fcfe-cf2230b64415&sn=1&lv=1646163756&lhd=1646163756&hd=1646163756&pn=1&dw=1600&dh=1310&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&uc=0&la=en-US&v=11.9.6&r=560059
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.233.44 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-233-44.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
BLOB 200
OK 4edfb38b-93a2-415c-a6ba-999680abe37c
https://www.splunk.com/ 6 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.splunk.com/4edfb38b-93a2-415c-a6ba-999680abe37c
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a711aab19c5df69d73526417881b1d074b5da0e304524db0c73d5241ac94470e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Length: 6483
Content-Type: application/javascript

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
239 B 418ms
108ms Script
application/javascript 70.42.32.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.outbrain.com/cachedClickId?marketerId=00dec6765add4cbe626ad185350fba927c,00d61f3947fbcca6a300f9bcb5900fda25
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
content-encoding: gzip
X-TraceId: 219f649c144f8d20b0d739c8c06fbe93
Content-Length: 56
Content-Type: application/javascript

GET
H/1.1 200
OK unifiedPixel
tr.outbrain.com/ 43 B
256 B 393ms
97ms Image
image/gif 70.42.32.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/unifiedPixel?marketerId=00dec6765add4cbe626ad185350fba927c,00d61f3947fbcca6a300f9bcb5900fda25&obApiVersion=1.1&obtpVersion=1.6.0&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&optOut=false&bust=09252025188401791
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:37 GMT
Cache-Control: no-cache
X-TraceId: 8eebd4f00a933b14711f4334fe6e61c7
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 24ms
24ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 49ms
16ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1642523699107798&ev=PageView&dl=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&rl=&if=false&ts=1646163756541&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1646163756540.1972965138&it=1646163756388&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 01 Mar 2022 19:42:36 GMT

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 38ms
36ms Image
text/plain 63.34.233.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=11.9.6&pid=2961&uu=3b33c9e0-7d63-a02b-fcfe-cf2230b64415&sn=1&pn=1&dv=N4IgxgzgsghgLmAFgSwHYHMDSBTAniALhAAYA6AZmIFZyBGYgNgHYBOJp8gDgYBZGB9WrwZDyTKgwBMLFiAA0IKNgAmyAK4BbQiGwaYyADbyQAZQD2agE5hs2iAAcDa1AGtjAYRgb7%2B9Km0AZriS5ACOtPzoBgBGBvzKfvxgZqhw%2FBDYYPzYqPxwljnKcGb2yJAZWaTJqAFJuiAAvkAAAA%3D%3D&r=017231
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.233.44 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-233-44.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
304 B 17ms
17ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=1e6d0e154d984e74ffd6073f71b5f391&_biz_s=24ba32&_biz_l=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&_biz_t=1646163756581&_biz_i=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&_biz_n=0&rnd=746265&cdn_o=a&_biz_z=1646163756582
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
last-modified: Thu, 24 Feb 2022 01:07:00 GMT
server: ECS (frb/6739)
age: 498936
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
204 B 20ms
17ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=1e6d0e154d984e74ffd6073f71b5f391&_biz_s=24ba32&_biz_l=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&_biz_t=1646163756585&_biz_i=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&rnd=759307&cdn_o=a&_biz_z=1646163756585
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
last-modified: Thu, 24 Feb 2022 23:57:34 GMT
server: ECS (frb/67C2)
age: 416702
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 46ms
23ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1056490782&gjid=588517847&_gid=1601467983.1646163756&_u=aHDACUAjRAAAAG~&z=698102121

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 01 Mar 2022 19:42:36 GMT
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
419 B 615ms
614ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=1e6d0e154d984e74ffd6073f71b5f391&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.02.16
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 4ceb64d7f886a6353044279cb00597ce7588729af196426a849554617e00134f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
cache-control: private, must-revalidate, max-age=21600
server: ECS (frb/6711)
content-type: text/javascript; charset=utf-8
etag: 57200AE7
content-length: 116
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 70ms
43ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1056490782&_u=aHDACUAjRAAAAG~&z=529534250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 64ms
40ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=1056490782&_u=aHDACUAjRAAAAG~&z=529534250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
e.clarity.ms/s/0.6.32/ 53 KB
23 KB 416ms
108ms Script
application/javascript 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5962822.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:37 GMT
content-encoding: br
etag: "1d82c9e8417ef90"
last-modified: Mon, 28 Feb 2022 12:27:14 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 22927
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&RedC=c.clarity.ms&MXFR=11FFE1F7E40467540835F0ADE00469BF
https://c.clarity.ms/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&MUID=11AFC480672C6CE409AFD5DA66FE6DDA

42 B
369 B

37ms
37ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&MUID=11AFC480672C6CE409AFD5DA66FE6DDA
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
last-modified: Fri, 18 Feb 2022 21:27:03 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7f9eac45e25d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2782D128BCC5417AA4C4613C1CC31C40 Ref B: FRAEDGE1215 Ref C: 2022-03-01T19:42:36Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=7B3634015F2E443995A2661C6BA70E6F&MUID=11AFC480672C6CE409AFD5DA66FE6DDA
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 102ms
102ms Script
application/x-javascript 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 23:50:54 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=69498
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

POST
H2 200 recording Show response
k-aeu1.contentsquare.net/v2/ 0
187 B 210ms
40ms XHR
text/plain 34.248.91.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=11.9.6&pid=2961&uu=3b33c9e0-7d63-a02b-fcfe-cf2230b64415&sn=1&pn=1&ri=1
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.91.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-91-176.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Mar 2022 19:42:36 GMT
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS

GET
H/1.1 200
OK getuidj Show response
ib.adnxs.com/ 11 B
700 B 73ms
35ms XHR
application/json 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 01 Mar 2022 19:42:36 GMT
X-Proxy-Origin: 84.19.175.183; 84.19.175.183; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 97a82596-c03c-4c58-a200-4627adbf33f8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.splunk.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D66727%26time%3D1646163756890%26url%3Dhttps%253A%252F%252Fwww.splunk.com%252Fen_us...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm...

0
264 B

168ms
134ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&liSync=true&e_ipv6=AQJ5MjoMoLKNSAAAAX9HAYjGoySx6UkCAvyJqQvc1bdp_7ebwCjxOyZTNpcb8AVfOtDnw09wJBwRQaUikrINnHudNL3vmg
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:37 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 069202BECBCF4E08BC31583B5FDACC81 Ref B: FRAEDGE1413 Ref C: 2022-03-01T19:42:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXZLV4Ah2eKg6yZLi5QFQ==
x-li-fabric: prod-lva1

Redirect headers

date: Tue, 01 Mar 2022 19:42:36 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 34F0AD00D2484F53B3CAA64CBF054A8B Ref B: FRAEDGE1416 Ref C: 2022-03-01T19:42:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=66727&time=1646163756890&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&liSync=true&e_ipv6=AQJ5MjoMoLKNSAAAAX9HAYjGoySx6UkCAvyJqQvc1bdp_7ebwCjxOyZTNpcb8AVfOtDnw09wJBwRQaUikrINnHudNL3vmg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXZLV3+Bsf3HkMI8TDiYw==

GET
H2 200 visit Show response
analytics.vendemore.com/ 35 B
383 B 53ms
19ms XHR
text/plain 3.121.48.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.vendemore.com/visit?vlmref=&vaid=&url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&title=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&path=%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html&domain=www.splunk.com&referrer=

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

3.121.48.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-48-255.eu-central-1.compute.amazonaws.com

Software

Resource Hash

d42187b097ed9e26a2d3f656d006ac2bc632af8769521e21320c1c8f3ce399d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:36 GMT
access-control-max-age: 3600
access-control-allow-methods: POST, GET, OPTIONS, HEAD
content-type: text/plain;charset=ISO-8859-1
access-control-allow-origin: https://www.splunk.com
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-headers: Content-Type
content-length: 35

POST
H3 200 / Show response
www.facebook.com/tr/ Frame B99B 0
18 B 36ms
17ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.splunk.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.splunk.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Tue, 01 Mar 2022 19:42:37 GMT

POST
H2 204 collect Show response
e.clarity.ms/ 0
70 B 219ms
218ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://www.splunk.com
date: Tue, 01 Mar 2022 19:42:37 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 197ms
196ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=36bb1002b05e00002c771e6270010000c1950000&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A36%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:37 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 errors Show response
c.contentsquare.net/ 0
320 B 120ms
39ms XHR
text/plain 63.34.233.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.contentsquare.net/errors?v=11.9.6&pid=2961&uu=3b33c9e0-7d63-a02b-fcfe-cf2230b64415&sn=1&pn=1
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.233.44 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-233-44.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:37 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1341559/log/3/ 0
247 B 71ms
23ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1341559/log/3/unip?en=pre_d_eng_tb&tos=1574&scd=91&ssd=1&est=1646163756372&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1646163757946&vi=1646163756369&ri=4818506e3d03149408a277fa491492bd&ref=null&cv=20220224-6-RELEASE&item-url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://www.splunk.com
pragma: no-cache
date: Tue, 01 Mar 2022 19:42:38 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 201ms
201ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=36bb1002b05e00002c771e6270010000c1950000&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A37%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
e.clarity.ms/ 0
48 B 109ms
109ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://www.splunk.com
date: Tue, 01 Mar 2022 19:42:38 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 192ms
192ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=36bb1002b05e00002c771e6270010000c1950000&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A38%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:39 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 189ms
189ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=36bb1002b05e00002c771e6270010000c1950000&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A39%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:40 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 hotjar-778215.js Show response
static.hotjar.com/c/ 36 KB
5 KB 98ms
47ms Script
application/javascript 13.224.89.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-778215.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.89.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-89-10.zrh50.r.cloudfront.net

Software

Resource Hash

fa64849f60cfe0ca64118e407be17946a7e341ad6509a640cc5c5d6c976c92ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:40 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 3
etag: W/aee27b72f0de985939c9b0365ac1e379
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: JBuXDDxprh6Geds2M8RhIrrlt-0RczQnZJcW6XbznaVWzosw0i9ySg==
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)

GET
H2 200 FQgOcAAM.min.js Show response
scripts.demandbase.com/ 60 KB
16 KB 144ms
31ms Script
application/javascript 13.224.89.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.demandbase.com/FQgOcAAM.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.89.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-89-123.zrh50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

be2da6f7cd2b1aca420ceea5b5513b3c50af4028188ec5e9b2b7b6a99fc54030

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: BewRy25ngjO8i3vAYosZ6n149apW_g9U
content-encoding: gzip
etag: W/"b967a9f688becc172d3007933f1ff35c"
age: 302
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Tue, 26 Oct 2021 19:03:42 GMT
server: AmazonS3
date: Tue, 01 Mar 2022 19:37:39 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 d7147e532e5cf73689fcb39fa760bcf2.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 5RwY9kW1mlxsaFDwDQ0hhFJ54dR09imidz70LsdiMoi3gbx5HNYEsA==

GET
H2 200 amzn.js Show response
c.amazon-adsystem.com/aat/ 7 KB
7 KB 58ms
19ms Script
text/javascript 108.156.255.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aat/amzn.js
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-255-177.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 45153d776213fa86c1ef7dca51e36d669e1b697b53907f3bf7cd3ee706edbaec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: RCjAxJ8CrRqbtKQCS4KIrWhcLcYrBklc
via: 1.1 b0067143f1e1520182fe27b53cced2a6.cloudfront.net (CloudFront)
last-modified: Thu, 11 Nov 2021 17:52:19 GMT
server: AmazonS3
age: 35640
etag: "4e42700e21a922978b72507ad18a7fea"
x-cache: Hit from cloudfront
content-type: text/javascript
date: Tue, 01 Mar 2022 09:48:41 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 6674
x-amz-cf-id: peXPpY0ZmEHtBEBiRxRRWYckA2ZZWxXax-PKIBR1abPW3jK8HJFJ4A==

GET
H2 200 iztag.js Show response
tags.inzynk.io/dji5wmjz/ 2 KB
2 KB 317ms
17ms Script
application/octet-stream 2600:9000:21f3:400:12:dfa9:e200:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/dji5wmjz/iztag.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TPV7TP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:400:12:dfa9:e200:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 190c08a2a71914aea41b81c0560a4ac7d9025253978f3a071517c46cade59d23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 02:42:39 GMT
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
last-modified: Fri, 20 Aug 2021 06:39:28 GMT
server: AmazonS3
age: 62318
etag: "c9936ed3ec34fabd8dfbb2042792c78a"
x-cache: Hit from cloudfront
content-type: application/octet-stream
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 2010
x-amz-cf-id: XOpPmGK3Q-pln0ZbHGi0JH0egvuiZOY4Rr7ZULmgATY5lRh1gIGdVw==

GET
H2 200 26b58e1d9d1d.js Show response
w.usabilla.com/ Frame FECD 73 KB
16 KB 130ms
37ms Script
text/javascript 54.155.132.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/26b58e1d9d1d.js?lv=1
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.132.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-132-239.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 40d2bd95b6f102155c19ca086b11bc365e9d48399ca617017e41e988b6389cb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:40 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "b6ae303fe7ed2ac287d2f2a5135bccf3"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 16462

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 19FC
Redirect Chain

https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765
https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765&dcc=t

65 B
973 B

127ms
127ms

Document
text/html

52.46.154.242

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765&dcc=t

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.154.242 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

115d83ece49fd1c5769409aab9d78572eed86cd38a0556b4cdeeac82c83091d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

Server: Server
Date: Tue, 01 Mar 2022 19:42:41 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 65
Connection: keep-alive
x-amz-rid: 4ZCZED8ZQH10VJTQCD0F
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Tue, 01 Mar 2022 19:42:41 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: TTMA8WD5GNSGJP12N1DM
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?pid=3fcbe918-6424-4b3d-95aa-68d72d53fbd1&event=PageView&ts=1646163760765&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 modules.aad83dd2745be7dbcfcf.js Show response
script.hotjar.com/ 236 KB
62 KB 82ms
29ms Script
application/javascript 13.224.89.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.aad83dd2745be7dbcfcf.js

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.89.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-89-104.zrh50.r.cloudfront.net

Software

Resource Hash

d967813345debd8efd8a0cc45b1fcc67b7781cfadd0d3325881b40b4cb5b0f85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 15:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13774
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 62882
access-control-allow-origin: *
last-modified: Tue, 01 Mar 2022 15:52:38 GMT
etag: "ab6ed16ce68422722df247c7b3feefef"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5a.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ojqIqLmjjzQGFlLK837DTBwB9Ej2yNcd2xxpOlvTdP1H1xnK9wp5BQ==

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1022 B
1 KB 145ms
85ms XHR
application/json 18.66.248.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&page_title=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&src=tag&key=3ba085cbec5f85b5afa666ed40e727757c9caa91
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-29.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: abae649736be1dbe1c15fdc5726d3d6fa116e1bc89a63eeea210873d47a701c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:41 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: DUS51-P1
x-cache: Miss from cloudfront
request-id: b2ea3e6f-ebe3-431e-b409-8085f38c0eb1
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.splunk.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pEOHSIgQ3xL1KgiEIzQxwn51Ab2Em7s5lt0-fSR24tJbpbnM5OSHAQ==
expires: Mon, 28 Feb 2022 19:42:41 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg&verifyHash=74ecaa565352a0fc35285e2872784e2c8313c009

26 B
409 B

125ms
125ms

Image
image/gif

13.224.89.69

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg&verifyHash=74ecaa565352a0fc35285e2872784e2c8313c009
Protocol: HTTP/1.1
Server: 13.224.89.69 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:41 GMT
Via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 6b9e0781580fba5e
X-Amz-Cf-Id: OU6K-bpnsYIH_0ceT77GhOyQrdyBULpaz6FKHOmQ0qVHNEMFar7h0g==

Redirect headers

Date: Tue, 01 Mar 2022 19:42:41 GMT
Via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAHNeU7EPO4AAH8xJ62Xhg&verifyHash=74ecaa565352a0fc35285e2872784e2c8313c009
Connection: keep-alive
trace-id: 111eca0389745905
Content-Length: 0
X-Amz-Cf-Id: FA7-Ytr7UsMYqgbEUsdHdcg2gmU86AhZCKTzZezXdb6_iLedYr3eXA==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 58ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:40 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 box-acca23410e696f2ca3087d947271c3d0.html Show response
vars.hotjar.com/ Frame BC73 2 KB
1 KB 82ms
27ms Document
text/html 13.224.89.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-123.zrh50.r.cloudfront.net
Software: /
Resource Hash: e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/

Response headers

content-type: text/html
content-length: 1044
date: Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6f65fac4e8efe167ff5132c0c54c5729"
last-modified: Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 01ec1718bcc130455b377ec6b38ad50c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: LiMt2RXpekNsDRwB6S2zxlrsWuGa8PhO1R49iecqTSY5DXwTM_RQiA==
age: 2199034

GET
H2 204 unip Show response
trc-events.taboola.com/1341559/log/3/ 0
246 B 22ms
22ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1341559/log/3/unip?en=pre_d_eng_tb&tos=4575&scd=91&ssd=1&est=1646163756372&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1646163760947&vi=1646163756369&ri=4818506e3d03149408a277fa491492bd&ref=null&cv=20220224-6-RELEASE&item-url=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://www.splunk.com
pragma: no-cache
date: Tue, 01 Mar 2022 19:42:40 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK splunk-button-77a48f8f9f814cbca9e89a9cef1a2ace.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 8A2F 2 KB
2 KB 78ms
19ms Image
image/png 108.156.253.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/splunk-button-77a48f8f9f814cbca9e89a9cef1a2ace.png
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/en_us/form/fighting-ransomware-with-splunk-attack-range.html?LST=attack&utm_medium=email&utm_source=splunk&utm_campaign=FY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm&utm_content=TrendTopicsSec_.conf_cEm
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-112.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8946e8ab0408c419e21f26f0da2b8cf9c984eb9b29400d3289750398cb23e3ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 22 Dec 2021 02:28:32 GMT
Via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 18 May 2021 14:55:26 GMT
Server: AmazonS3
Age: 6023650
ETag: "77a48f8f9f814cbca9e89a9cef1a2ace"
X-Cache: Hit from cloudfront
x-amz-version-id: quw00hIHAjydomrSDmVhxRmQN7ZVmEoP
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: DUS51-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1834
X-Amz-Cf-Id: 8Rqr4ZJZsB8saGzSVvOn2XvgpdxiMQ9--jZVWHyVWZoSRZoXHfwkrQ==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 24ms
24ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1768101330&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&dr=%2F&dp=%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&ul=en-us&de=UTF-8&dt=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=demandbase&ea=demandbase%20loaded&el=%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&_u=aHDACUAjRAAAAG~&jid=869269754&gjid=1580140223&cid=1603932068.1646163756&tid=UA-399680-1&_gid=1601467983.1646163756&_r=1&gtm=2wg2s0TPV7TP&cd2=Not%20Logged%20In&cd3=1603932068.1646163756&cd4=1646163761069.d8pj5vlq&cd5=2022-03-01T19%3A42%3A41.69%2B00%3A00&cd36=GA1.1.1603932068.1646163756&cd6=66805821&cd7=SMB&cd8=Keyweb%20AG&cd9=Keyweb&cd10=Manufacturing&cd11=Industrial%20Equipment&cd12=%245M%20-%20%2410M&cd13=Small&cd14=Erfurt&cd15=TH&cd17=DE&cd26=Manufacturing&cd27=keyweb.de&cd28=0&cd29=0&cd30=1&cd31=0&z=169351583

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dji5wmjz Show response
analytics.inzynk.io/v/ 209 B
479 B 400ms
55ms Script
text/plain 13.49.35.59

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/v/dji5wmjz?izcid=&iztid=&u=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&t=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&p=%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html&d=www.splunk.com&r=
Requested by: Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.49.35.59 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: eab6c2bbdc0d08f3ed5990a3bb8c2b3cfa4848dcb34d51273626bb297e1e1dad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:42:41 GMT
server: nginx/1.18.0
content-length: 209
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 23ms
22ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=869269754&gjid=1580140223&_gid=1601467983.1646163756&_u=aHDACUAjRAAAAG~&z=860112829

Requested by

Host: www.splunk.com
URL: https://www.splunk.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 01 Mar 2022 19:42:41 GMT
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 40ms
40ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=869269754&_u=aHDACUAjRAAAAG~&z=446626032

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-399680-1&cid=1603932068.1646163756&jid=869269754&_u=aHDACUAjRAAAAG~&z=446626032

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 189ms
189ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=581214e52f923b1a91064a134ca689d7&svisitor=36bb1002b05e00002c771e6270010000c1950000&session=f8bfa263-c776-4edb-8cf2-3d508a8036f0&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2001%20Mar%202022%2019%3A42%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Splunk%20Threat%20Research%20Team%20is%20constantly%20addressing%20new%20Ransomware%20campaigns%20with%20different%20variants%20and%20payloads%20that%20challenge%20defenders%20in%20the%20enterprise.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&pageViewId=64843680-a078-430d-8344-19f00fd01f58&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.splunk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 01 Mar 2022 19:42:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 204 collect
analytics.google.com/g/ 0
17 B 50ms
24ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-5EPM2P39FV&gtm=2oe2s0&_p=1768101330&sr=1600x1200&ul=en-us&cid=1603932068.1646163756&dl=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&dt=Fighting%20Ransomware%20With%20Splunk%20Attack%20Range%20%7C%20Splunk&sid=1646163756&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5EPM2P39FV&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.splunk.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:42:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.splunk.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET analytics_data
abm2.listenloop.com/api/v1/public/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: abm2.listenloop.com
URL: https://abm2.listenloop.com/api/v1/public/analytics_data?public_key=JRsJMiSyunHf8gYEStaz

Verdicts & Comments Add Verdict or Comment

242 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

58 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.eloqua.com/	1970-01-20 10:46:14	Name: ELOQUA Value: GUID=D08CD7A69FE948DF981CA9569B0273E8
.eloqua.com/	1970-01-20 10:46:14	Name: ELQSTATUS Value: OK
.splunk.com/	1970-01-20 01:17:30	Name: _gid Value: GA1.2.1601467983.1646163756
.splunk.com/	1970-01-25 12:40:03	Name: trackAffiliate Value:
.splunk.com/	1970-01-20 03:25:39	Name: _gcl_au Value: 1.1.241347491.1646163756
.splunk.com/	1970-01-20 01:16:05	Name: _cs_mk Value: 0.30531067977386406_1646163756299
www.splunk.com/	1970-01-20 01:16:07	Name: acCode Value: null
.splunk.com/	1970-01-20 10:01:39	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Mar+01+2022+19%3A42%3A36+GMT%2B0000+(GMT)&version=6.18.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.splunk.com%2Fen_us%2Fform%2Ffighting-ransomware-with-splunk-attack-range.html%3FLST%3Dattack%26utm_medium%3Demail%26utm_source%3Dsplunk%26utm_campaign%3DFY23Q1_GLBL_DGN_Cont_SEC_EN_TrendTopicsSec_.conf_cEm%26utm_content%3DTrendTopicsSec_.conf_cEm&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1
.splunk.com/	1970-01-20 01:16:03	Name: _dc_gtm_UA-399680-1 Value: 1
.6sc.co/	1970-01-20 18:47:15	Name: 6suuid Value: 36bb1002b05e00002c771e6270010000c1950000
.bing.com/	1970-01-20 10:37:39	Name: MUID Value: 11AFC480672C6CE409AFD5DA66FE6DDA
.splunk.com/	1970-01-20 01:17:30	Name: _uetsid Value: bef615d0999711ecbf92d932cd6f5a15
.splunk.com/	1970-01-20 10:37:39	Name: _uetvid Value: bef61810999711ec9953097874f5e0f1
www.splunk.com/	1970-01-20 01:26:08	Name: _an_uid Value: 0
www.splunk.com/	1970-01-20 18:47:15	Name: _gd_visitor Value: 733eb100-4f0a-4009-8ee9-3e2555434580
www.splunk.com/	1970-01-20 01:16:18	Name: _gd_session Value: f8bfa263-c776-4edb-8cf2-3d508a8036f0
www.splunk.com/	1970-01-20 18:47:15	Name: _gd_svisitor Value: 36bb1002b05e00002c771e6270010000c1950000
.splunk.com/	1970-01-20 10:45:27	Name: _cs_c Value: 0
.splunk.com/	1970-01-20 10:45:27	Name: _cs_id Value: 3b33c9e0-7d63-a02b-fcfe-cf2230b64415.1646163756.1.1646163756.1646163756.1.1680327756509
.splunk.com/	1970-01-20 01:16:03	Name: _gat Value: 1
.splunk.com/	1970-01-20 03:25:39	Name: _fbp Value: fb.1.1646163756540.1972965138
.ws.zoominfo.com/	1970-01-20 10:01:39	Name: visitorId Value: 8b06a10a0f139b6206e5292ede6346f48400cea86e561c0d4b55995a15937043
.splunk.com/	1970-01-20 10:01:39	Name: _biz_uid Value: 1e6d0e154d984e74ffd6073f71b5f391
.splunk.com/	1970-01-20 01:16:05	Name: _biz_sid Value: 24ba32
.splunk.com/	1970-01-20 10:01:39	Name: _biz_nA Value: 1
.doubleclick.net/	1970-01-20 10:37:39	Name: IDE Value: AHWqTUk2wKIWZiDTKs5WJKf-c42qKU3VMfE-pDLEQ8X-TcoMcfQrkW4CO0-LkB4_OXg
.bizible.com/	1970-01-20 10:01:39	Name: _BUID Value: 1e6d0e154d984e74ffd6073f71b5f391
.splunk.com/	1970-01-20 10:01:39	Name: _biz_pendingA Value: %5B%5D
.splunk.com/	1970-01-20 01:16:05	Name: _cs_s Value: 1.5.0.1646165556685
.bizibly.com/	1970-01-20 10:01:39	Name: _BUID Value: d3947d7c3170b4b9d148c6f05f37d7c9
.c.bing.com/	1970-01-20 10:37:39	Name: SRM_B Value: 11AFC480672C6CE409AFD5DA66FE6DDA
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:37:39	Name: MUID Value: 11AFC480672C6CE409AFD5DA66FE6DDA
.c.clarity.ms/	1970-01-20 01:16:04	Name: ANONCHK Value: 0
analytics.vendemore.com/	1970-01-20 10:01:39	Name: vaid Value: 16144102685858895
www.splunk.com/	1970-01-20 10:01:39	Name: vlmref Value: 16144102685857626
www.splunk.com/	1970-01-20 10:01:39	Name: vaid Value: 16144102685858895
www.splunk.com/	1970-01-20 01:16:04	Name: outbrain_cid_fetch Value: true
.linkedin.com/	1970-01-20 01:59:15	Name: UserMatchHistory Value: AQLB2GkbY--KTAAAAX9HAYfDtsqERczGjS8nN2md2qtPSMClRd5vXJ50jg5vWdxBFlyU4O_CjDOMhg
.linkedin.com/	1970-01-20 01:59:15	Name: AnalyticsSyncHistory Value: AQKl1Gh4baLnegAAAX9HAYfD_rSFA0gwmdCPUie3_JHExNZ7YJH8NiDLYENvHXA9xHbrdcgSBRrbX6LXYw_86Q
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:47:57	Name: bcookie Value: "v=2&d137c4ad-15fe-45b0-8993-f12f5a73eef2"
.linkedin.com/	1970-01-20 01:17:30	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2634:u=1:x=1:i=1646163756:t=1646250156:v=2:sig=AQHXIziGmHBG_ydoaYFfMFt8P2dNaAAJ"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 18:47:57	Name: bscookie Value: "v=1&202203011942374c1d9d78-47ac-495c-8403-2309bc80ec22AQEbuFamJiJah8CoyY0jl3W0ckbIx6_j"
.linkedin.com/	1970-01-20 18:41:40	Name: li_gc Value: MTswOzE2NDYxNjM3NTc7MjswMjEnYrcMVM7WhZTdNfzJl0efcLSdYNErIHJ6oUdmqNytlA==
.splunk.com/	1970-01-20 10:01:39	Name: _clck Value: 1cq2ws5\|1\|eze\|0
.splunk.com/	1970-01-20 10:01:39	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.splunk.com/	1970-01-20 01:17:30	Name: _clsk Value: 1sf7j3z\|1646163757587\|1\|1\|e.clarity.ms/collect
.splunk.com/	1970-01-20 10:01:39	Name: _hjSessionUser_778215 Value: eyJpZCI6ImE1YmFiNmRlLTczZTUtNTY2Zi1hM2IxLTQzNThkMWQxMmZmYyIsImNyZWF0ZWQiOjE2NDYxNjM3NjA5ODMsImV4aXN0aW5nIjpmYWxzZX0=
.splunk.com/	1970-01-20 01:16:05	Name: _hjFirstSeen Value: 1
www.splunk.com/	1970-01-20 01:16:03	Name: _hjIncludedInSessionSample Value: 1
.splunk.com/	1970-01-20 01:16:05	Name: _hjSession_778215 Value: eyJpZCI6IjcxZDE0OGM0LWQ1ZjMtNDhmMy1iNDdlLWRmOWRkZjRiZTRmNiIsImNyZWF0ZWQiOjE2NDYxNjM3NjEwMTcsImluU2FtcGxlIjp0cnVlfQ==
.splunk.com/	1970-01-20 01:16:05	Name: _hjAbsoluteSessionInProgress Value: 0
.splunk.com/	1970-01-20 18:47:15	Name: _ga Value: GA1.2.1603932068.1646163756
.splunk.com/	1970-01-20 01:16:03	Name: _gat_UA-399680-1 Value: 1
.bidr.io/	1970-01-20 01:16:04	Name: checkForPermission Value: ok
.splunk.com/	1970-01-20 18:47:15	Name: _ga_5EPM2P39FV Value: GS1.1.1646163756.1.0.1646163761.55

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Security-Policy	frame-ancestors .splunk.com .touchcast.com .salesforce.com, frame-ancestors .splunk.com *.touchcast.com
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179917.akstat.io
3801996.fls.doubleclick.net
abm2.listenloop.com
ad.doubleclick.net
adservice.google.ca
adservice.google.com
amplify.outbrain.com
analytics.google.com
analytics.inzynk.io
analytics.vendemore.com
api.company-target.com
b.6sc.co
bat.bing.com
c.6sc.co
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
c.contentsquare.net
c.go-mpulse.net
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
cdn.taboola.com
connect.facebook.net
d2hya7iqhf5w3h.cloudfront.net
d6tizftlrpuof.cloudfront.net
e.clarity.ms
eaarwyaqcaaaekqdl6aaacqaabrb45zm-p6t3bl-88c032fde-clienttons-s.akamaihd.net
fls.doubleclick.net
geolocation.onetrust.com
ib.adnxs.com
id.rlcdn.com
insight.adsrvr.org
j.6sc.co
js.adsrvr.org
k-aeu1.contentsquare.net
kqj27n24ppqsuyq6o4wa-p6t3bl-33e5d7b04-clientnsv4-s.akamaihd.net
match.prod.bidr.io
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
px.ads.linkedin.com
px4.ads.linkedin.com
q-aeu1.contentsquare.net
q.quora.com
rum-collector-2.pingdom.net
rum-static.pingdom.net
s.amazon-adsystem.com
s.go-mpulse.net
s1528.t.eloqua.com
s1528.t.en25.com
script.hotjar.com
scripts.demandbase.com
seal.digicert.com
secure.adnxs.com
secure.eloqua.com
segments.company-target.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
t.contentsquare.net
tags.inzynk.io
tm.vendemore.com
tr.outbrain.com
trc-events.taboola.com
trc.taboola.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
v2.listenloop.com
vars.hotjar.com
w.usabilla.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
www.splunk.com
abm2.listenloop.com
104.111.233.140
108.156.253.112
108.156.255.177
108.157.1.118
13.107.42.14
13.224.89.10
13.224.89.104
13.224.89.123
13.224.89.54
13.224.89.69
13.224.98.151
13.49.35.59
141.226.228.48
142.250.185.102
151.101.129.44
152.195.15.58
18.66.248.29
2.16.186.195
20.62.48.180
205.185.216.42
209.167.231.15
209.167.231.17
209.167.231.27
2600:9000:21f3:400:12:dfa9:e200:93a1
2606:4700:10::6814:b944
2606:4700:10::6816:3668
2606:4700:3035::6815:4687
2606:4700::6810:9440
2606:4700::6810:a852
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:808::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:82a::2003
2a00:1450:400c:c06::9b
2a02:26f0:7100:59a::11a6
2a02:26f0:fb:59a::11a6
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:5f80:a::b212:e7c0
2a03:5f80:a::b212:e7d0
3.121.48.255
3.33.220.150
34.230.123.66
34.248.91.176
35.244.174.68
37.252.172.36
37.252.173.38
52.142.114.2
52.19.175.219
52.215.3.215
52.46.154.242
54.155.132.239
63.32.23.63
63.33.186.64
63.34.233.44
70.42.32.159
92.122.145.25
92.123.225.42
0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
083bf8ac06c2d57deb5c48eb1ee40d9e55744ec602413a526fd627d949eb0ce5
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0ac7890faec9d44f806cf17037d78c8c2afefe4c192c5650bf1519ec8067b569
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
115d83ece49fd1c5769409aab9d78572eed86cd38a0556b4cdeeac82c83091d3
169f96420737e9e608bf2961c95031365eb3c055b2445a880b75ff2470f92200
190c08a2a71914aea41b81c0560a4ac7d9025253978f3a071517c46cade59d23
19eb5bede3a5070c1292df11a5965134c65621a059989fbe430a22a60cba2eea
1c6fc18f5e15d5c827dc7a493a26e0a15c8ce09c74c1d0fd427c6973faba2835
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
2707ebaa45efd183f1346054b3c821135ec6383fe937dc21b94614c22ca0d738
277b0281ce8610bb77c2a8332c8544d26fa6ae6c6a29dd9418a3805d92a6ac14
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
29442d1bb0a6681e3a7ed5f63e0afdecd5f1bbe7eb943c826f46f33a4f590d8b
2eba9592c9e23969a0ebcf104d6170a1a7c2296ee9a74543dc2dca67d0279874
2f2a4b60ec911788e2a5e294f7ee7e5fd7567878899a8e47c7a294fee1a52336
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
33c4125037d87b89fa3c3ef72ded3ec9d21475f341c8b4a52e0f5de6ec907a82
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
397f524fd0ce1dce695fd3e572bf02ad7012e0eba8ebe44f01b6cfbd971e4954
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3bdaaba0344423bf26f74345bba050eb46a237d7481fdf3942759cad7843e0b3
3c3a0bf4f49c977b90f65336d9a81773dafcf7efccdf895ad4dc37cabf2644d1
3fccdd8c3e912ec87960974747532ff2361075f74c394acf7b046eb04965bbbb
40d2bd95b6f102155c19ca086b11bc365e9d48399ca617017e41e988b6389cb7
40f432b552a92a04057a9f98452c803733086ab31c912fd7efbc671c06cd0fb7
4357354dd00943934022a1a1f4b99429b6aaa840a42febede2a2fa5e1612f3f6
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4438511ceb65f76f3abd890ae95d3235d04f2ee7604295e9bb1efddd1ede8705
446cb2c77c2807618caf4de745e133e0893780c448f2ce8b1b0266f08f9dfc83
44aa5b6ceabe0aaf0a599b23e838d5ca015390945086b8e2dfb8f258bff050ec
45153d776213fa86c1ef7dca51e36d669e1b697b53907f3bf7cd3ee706edbaec
472dbb1244faa0727bbec41dece6c0bfc8af473951759cd004058b15ccd4c39b
4a2de4125e63c0db3ebac9e9ec44092ac3a1fda1942dc370637a234775a374c1
4ceb64d7f886a6353044279cb00597ce7588729af196426a849554617e00134f
4d9457a2bf280fbe146f3c72b86ede0480e0d05648416ada351800a4536e473b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b689a688f7bf84fa917d240d3c6083c8f20c9bcd49ed8641afbeb0fbb843798
5e95908f07fac78d27566fbd48eb83bc28f7ded8840acf1f03ee8981961f9bfc
6607d39e43283ed0bb6e98c94d643344392be4086426e171c96df8a3ac1f40b9
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
6bd6f89b1e7f7eef3650d12eb6b8b0b9a839034f1917cccfafb5d22f549d5529
6fba5ed9a21a948a1edf9f018055a8ed911df83da750fcb24177e2a3c539a085
70c705d49e04d07b8353972235ca2f2f7f48c1ddbb671829a282558b991a8fa1
76e599989fc5f26dcef7359acfac9ecbc1a8d2af202317fbbc9bfdfc92fee93f
77e37e42f86028d7b8e40a6d2172a7457e80cedd5bd7847a1833cdfff8b7efdd
7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
856480dfbd572e8e51fd582b4744916dc6708b2cf12eb311d749f0dc16250410
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8946e8ab0408c419e21f26f0da2b8cf9c984eb9b29400d3289750398cb23e3ea
8b835da150acd47012845d699cc5f4c6b6023f1af40b3fc1ddbffb2a809ec04d
925a4e7ba8676d9dac68a22654040b78cd3ce8864279190e78572c484deaace3
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
97c92fcdb6b1fec661b87d5293b7607d1e7c79bc66f76d3bc6e60105e4583bcc
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ee6cfbe868635cf2bf2d04139aed4734a300d51aee5ed327c048ca6ab5dd442
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a393147ce1795987eaaebe86ee8c2e79337ea6a4bb6916843ae8dc52a5d56344
a52bb6e8d120c194fb3c184f9af610501526c368c6fc4224916eae858f12bc77
a711aab19c5df69d73526417881b1d074b5da0e304524db0c73d5241ac94470e
aa0ae27aad06c96bb28817ddfee911bd79b404cb71b0a34f5a48e980342b8f54
abae649736be1dbe1c15fdc5726d3d6fa116e1bc89a63eeea210873d47a701c2
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af9deb07fe565c7f3b5accaee1b943e92b228bc019a40eb7d75802702c2568a9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0445196f4e7220d18716d114a313d6593f82fa56af18a27e15b9fa0832601f5
b0cfec5981da1fc39edf3be6d8a8d6e390b6881c8d2674318ac3d06235f091af
b6757c564305ac26f444cf3b00f5bfdce1e0684ae40b80706e5d9cffb2d81176
b7916c8a0b782df103da1877c280acf1d4966d9937c86aa16413cb9ddf40edf0
b9504504e2cfc03db7ced6ce3bdb3c05b2bd22c2340821595f3030160857f1d2
bd3ee357733bef8c36973d775b800f4d198569ef4b448395ae2662b9718fbaf8
be2da6f7cd2b1aca420ceea5b5513b3c50af4028188ec5e9b2b7b6a99fc54030
bf8fce049c8e10f0a036f50f5eb7c8dde06dc5bee833635f9db82de6f51f2418
c0542255ad414e8a5c4571fa8be364cf062065fb84346b3aa2bb5d1219644bf6
c19455754ead9313cc2221c64f1c66e8378501d8099bdcb3d90bb0b1a170b5ec
ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
cbda94666db24554bf77638fc059848d381c3c98f7f24641fa830abcd5793de7
d1bcbe73c54a9e452e68320b9ef266af4ce352f5f24a59f7e83f4b3eca36ed24
d42187b097ed9e26a2d3f656d006ac2bc632af8769521e21320c1c8f3ce399d0
d967813345debd8efd8a0cc45b1fcc67b7781cfadd0d3325881b40b4cb5b0f85
da5d487f1fe8c4f5bba93bab0b071aed1249cf770ffdbc0144a86a4c2bae3c2c
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc6dc98cca0dd4df6b20f3813bb9f7da0b6bf8e0abb42653c0ee673880caecfd
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de46b77a5b05ab09a32c1999473923ea2b42c8c1489a4a1fb15d551a45366df3
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e94ab746eb47d443256f516a8cc629122c8dfa64a37d7a7db72e6368b184cd8d
eab6c2bbdc0d08f3ed5990a3bb8c2b3cfa4848dcb34d51273626bb297e1e1dad
eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f43dea5e87cdfe5114ff8356ac20626fd76e2d7aefba937b112c46c0a25d49cf
fa64849f60cfe0ca64118e407be17946a7e341ad6509a640cc5c5d6c976c92ac
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.splunk.com Open in urlscan Pro 2.16.186.195 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

143 Requests

94 %HTTPS

34 %IPv6

43 Domains

77 Subdomains

59 IPs

7 Countries

1466 kBTransfer

5452 kBSize

58 Cookies

5 Outgoing links

Page URL History

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.splunk.com Open in urlscan Pro
2.16.186.195 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

94 %
HTTPS

34 %
IPv6

43
Domains

77
Subdomains

59
IPs

7
Countries

1466 kB
Transfer

5452 kB
Size

58
Cookies

143 HTTP transactions
1 data transactions