www.cobaltstrike.com Open in urlscan Pro
141.193.213.10 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cobaltstrike.com/
Submission: On November 07 via api (November 7th 2022, 9:57:05 pm UTC) from US — Scanned from DE

Summary HTTP 94 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 23 domains to perform 94 HTTP transactions. The main IP is 141.193.213.10, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.cobaltstrike.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 10th 2022. Valid for: a year.

This is the only time www.cobaltstrike.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	141.193.213.10 141.193.213.10	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	65.9.95.40 65.9.95.40	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	108.157.4.97 108.157.4.97	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	184.24.7.242 184.24.7.242	16625 (AKAMAI-AS) (AKAMAI-AS)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:170... 2a02:26f0:1700:18c::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
15	13.226.153.29 13.226.153.29	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	65.9.95.109 65.9.95.109	16509 (AMAZON-02) (AMAZON-02)
1	44.208.109.123 44.208.109.123	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:21ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
94	27

26 141.193.213.10 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.cobaltstrike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.9.95.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-40.prg50.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-97.dus51.r.cloudfront.net

static.helpsystems.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d3cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 184.24.7.242 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-7-242.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:18c::1c91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 13.226.153.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-153-29.dus51.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-109.prg50.r.cloudfront.net

consent-st.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.208.109.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-109-123.compute-1.amazonaws.com

prefmgr-cookie.truste-svc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eccc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	cobaltstrike.com www.cobaltstrike.com	665 KB
22	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 4072 consent-pref.trustarc.com — Cisco Umbrella Rank: 20590 consent-st.trustarc.com — Cisco Umbrella Rank: 34764	221 KB
9	6sc.co j.6sc.co — Cisco Umbrella Rank: 13392 c.6sc.co — Cisco Umbrella Rank: 18234 ipv6.6sc.co — Cisco Umbrella Rank: 14360 b.6sc.co — Cisco Umbrella Rank: 7837	13 KB
6	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 3084 ka-p.fontawesome.com — Cisco Umbrella Rank: 5770	96 KB
4	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 7818 track.hubspot.com — Cisco Umbrella Rank: 4040 forms.hubspot.com — Cisco Umbrella Rank: 5144	3 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 11531	33 KB
3	gstatic.com fonts.gstatic.com	70 KB
2	google.de www.google.de — Cisco Umbrella Rank: 3590	564 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 166	375 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3868 www.google.com — Cisco Umbrella Rank: 17	851 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 97	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 121	141 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 17880	204 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 8175	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 6774	88 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 3824	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 3839	22 KB
1	truste-svc.net prefmgr-cookie.truste-svc.net — Cisco Umbrella Rank: 36488	2 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 690	816 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 4088	928 B
1	helpsystems.com static.helpsystems.com	158 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1165	6 KB
94	23

	Domain	Requested by
26	www.cobaltstrike.com	www.cobaltstrike.com
15	consent-pref.trustarc.com	consent.trustarc.com consent-pref.trustarc.com www.cobaltstrike.com prefmgr-cookie.truste-svc.net
6	b.6sc.co	www.cobaltstrike.com
6	consent.trustarc.com	www.cobaltstrike.com consent.trustarc.com
5	ka-p.fontawesome.com	kit.fontawesome.com www.cobaltstrike.com
3	cdn.bizible.com	www.googletagmanager.com www.cobaltstrike.com cdn.bizible.com
3	fonts.gstatic.com	fonts.googleapis.com
2	api.hubspot.com	cdn.bizible.com
2	www.google.de	www.cobaltstrike.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.cobaltstrike.com www.googletagmanager.com
1	forms.hubspot.com	cdn.bizible.com
1	track.hubspot.com
1	cdn.bizibly.com	www.cobaltstrike.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	prefmgr-cookie.truste-svc.net	www.cobaltstrike.com
1	consent-st.trustarc.com	consent-pref.trustarc.com
1	www.google.com	www.cobaltstrike.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	region1.analytics.google.com	www.googletagmanager.com
1	j.6sc.co	www.cobaltstrike.com
1	js.hs-scripts.com	www.googletagmanager.com
1	static.helpsystems.com	www.cobaltstrike.com
1	fonts.googleapis.com	www.cobaltstrike.com
1	kit.fontawesome.com	www.cobaltstrike.com
1	maxcdn.bootstrapcdn.com	www.cobaltstrike.com
94	32

This site contains links to these domains. Also see Links.

Domain
download.cobaltstrike.com
cobalt-strike.github.io
www.coresecurity.com
cobaltstrikdev.wpengine.com
www.helpsystems.com

Subject Issuer	Validity	Valid
www.cobaltstrike.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-10` - `2023-04-10`	a year	crt.sh
*.trustarc.com Amazon	`2022-05-17` - `2023-06-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.helpsystems.com Amazon	`2022-06-17` - `2023-07-15`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.truste-svc.net Amazon	`2022-05-23` - `2023-06-21`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.cobaltstrike.com/
Frame ID: 80F9E94162B2B7926748771F2C6AEAFD
Requests: 74 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=helpsystems.com
Frame ID: 1922BE8236E033EBBE0D9AAB9D2B7C33
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
Frame ID: 54D893767E9386B6D45E7527372D218B
Requests: 15 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html
Frame ID: 2ADA9C078AB5CACEE87F63813D165E5F
Requests: 1 HTTP requests in this frame

Frame: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/
Frame ID: 6C69658143D2B51949CFBC5AC6CEC6AA
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/cookie_inneriframe.html
Frame ID: 6E19231087C11EA5DD3D9664A7DAC5BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cobalt Strike | Adversary Simulation and Red Team Operations

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

94
Requests

100 %
HTTPS

67 %
IPv6

23
Domains

32
Subdomains

27
IPs

3
Countries

1578 kB
Transfer

3908 kB
Size

23
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://download.cobaltstrike.com/download
Title: Download

Search URL Search Domain Scan URL

URL: https://cobalt-strike.github.io/community_kit/
Title: Community Kit

Search URL Search Domain Scan URL

URL: https://www.coresecurity.com/?__hstc=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&__hssc=173638140.1.1667858221549&__hsfp=3865676674
Title: Core Security

Search URL Search Domain Scan URL

URL: https://cobaltstrikdev.wpengine.com/core-impact/
Title: Core Impact

Search URL Search Domain Scan URL

URL: https://www.helpsystems.com/impressum?__hstc=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&__hssc=173638140.1.1667858221549&__hsfp=3865676674
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.helpsystems.com/privacy-policy?__hstc=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&__hssc=173638140.1.1667858221549&__hsfp=3865676674
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.helpsystems.com/cookie-policy?__hstc=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&__hssc=173638140.1.1667858221549&__hsfp=3865676674
Title: Cookie Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

94 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.cobaltstrike.com/ 48 KB
12 KB 536ms
465ms Document
text/html 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: 22fbaa84af5b742f7f2172fed43a3f6240d7c5d460af508fa8199dc2788bed0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 766952721a72907c-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 07 Nov 2022 21:57:00 GMT
link: <https://www.cobaltstrike.com/wp-json/>; rel="https://api.w.org/" <https://www.cobaltstrike.com/wp-json/wp/v2/pages/8928>; rel="alternate"; type="application/json" <https://www.cobaltstrike.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BG%2BH5YHUcwWYol12hzpQQS%2FG6NYtutWEtGYxejKrpqX1XIlsg0M24dIQvAqg1fD8292LIWF0MsIKwU1Dmln4UnsSDla2LoMqxr0Kgk6Ll1n0QL0DS6VwCvY9y3p3IFpybeXhjHTU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 11
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine

GET
H2 200 notice Show response
consent.trustarc.com/ 11 KB
5 KB 396ms
59ms Script
text/javascript 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&gtm=1&text=true&pn=1-0&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

a143b8e73e0aedad993cf30249d2a45a3f7ae8e271b73297c748522fa9fc2ece

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 2a9856881d192b485d1bf1928e98c7ec.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 1439
x-cache: Hit from cloudfront
cloudfront-viewer-country: DE
content-length: 4208
x-xss-protection: 1; mode=block
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=3600
cloudfront-viewer-country-region: NW
timing-allow-origin: *
x-amz-cf-id: VIk9vpZxxVpB4x17I2SgmFSMhh3Cu_3tRkrWLuy1aMznCJZRRo3gYg==
expires: Mon, 07 Nov 2022 22:33:01 GMT

GET
H2 200 style.css
www.cobaltstrike.com/wp-content/plugins/gutenberg/build/block-library/ 93 KB
13 KB 60ms
56ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.4.0
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d3605b8890101d2fbf3a0504c4ceadaf3945b6975aa00e8048f57a2fad3964f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affd-174e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0itrhcxQDw%2FHpDTE02ydPh29kV7DHuwhsNtpdxm6QYAcuUCAkUeV9f6Nbp%2BYtNOADF7MGRXxX4R4jPfX6elti7D8IHz59IipNjpyaGyHR0rfjKeRmfAIUkyaDaDSushDOLa5BOMi"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f77907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 theme.css
www.cobaltstrike.com/wp-content/plugins/gutenberg/build/block-library/ 3 KB
1014 B 47ms
41ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/plugins/gutenberg/build/block-library/theme.css?ver=14.4.0
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92e22a72c9ace53753d0ad447a0597268cea45581c54aa179ff66b54fc5d603b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affd-a6d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVJoj361Xqxw2h%2F9Szs0a8BjYRRlX%2BxJxkeDPRvQO14B99cud%2BF6YRwRFtySqLY4jT4InuCHwb0CpJAXClpSYwKn%2BpGKUdMa7UM4Z0hOktgUGuIRUU8h%2BMvcAPfOBy9cmjFazNod"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f7d907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 classic-themes.min.css
www.cobaltstrike.com/wp-includes/css/ 217 B
462 B 46ms
40ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Nov 2022 05:23:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361fec0-d9"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzZEp7LFl18%2FrgYsbZsJ6ry2h9R7m2leY6g1HncAs5NeZj5UeHWYOe0YEPvQgyL8C5MRZAjbttmke5yI2YqRtLesSbA6JcTEXN4vzmo8TZ9X3d0soGms%2F0qcGrGbcKDyOYyOmnOC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f7f907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 menu-image.css
www.cobaltstrike.com/wp-content/plugins/menu-image/includes/css/ 3 KB
1 KB 47ms
42ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/plugins/menu-image/includes/css/menu-image.css?ver=3.0.8
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75db663f63c3505c2d1d2c41b82da41465bcd39b390516728f7fd323f95f644e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affc-d0f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHCand4MEy9uzdxq84Ok%2FcdiRNo%2FCCPrhqz79DcGSSA%2FmKiJnrOfL5Sq4AXZwUdiTfX6HeHK25V3CX4moqbNGwOr1lkO8Hg8Hsk7KEmDTS2vRkGynZEjzhNPo01Y8ZtQRCOymhC7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f81907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 dashicons.min.css
www.cobaltstrike.com/wp-includes/css/ 58 KB
35 KB 47ms
42ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-includes/css/dashicons.min.css?ver=6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361aff4-e688"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sQc9JwITNSrksyzSjU3XITTeWb%2BJO7sNgDbhmeBWFPodOWYbPCg2sfePVaW076ZiIWXuH6XhqNYyEptmWBhisi7wg4v8kHnl0Lu6SOT0fynIikrlzsVrvEM9ZH5ROIuUJ3BUoGup"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f82907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 105ms
15ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.2

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 860
age: 1563463
cdn-cachedat: 08/25/2022 04:42:40
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"04425bbdc6243fc6e54bf8984fe50330"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 44001e188336ca248d5459295c1ad757
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 766952758fb89bf8-FRA
cdn-requestpullsuccess: True

GET
H2 200 main.min.css
www.cobaltstrike.com/wp-content/plugins/youtube-embed/css/ 211 B
455 B 41ms
36ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/plugins/youtube-embed/css/main.min.css?ver=5.2.3
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec9f8c9d2e03417ce6655dda5896fb14ee2aa66a94eefe83975d2458a6c1652f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-d3"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rVEJNgyA26o7%2BhxCywkgzDUhRGxrmylxfha1JQIPm5ejne4pD3Y5kXp%2BBq7hAtcQ7F67m8DtAwizZrDs%2Fub2f0nIDQM%2F7TaUCPEKYiHC8OoICI9yM25IlZ3m%2FCNj4nEVy8%2BiMfS"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f84907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 child-theme.min.css
www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/ 358 KB
51 KB 48ms
43ms Stylesheet
text/css 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/child-theme.min.css?ver=1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bf627256fb3cadccf0da8de3947f51a76873a76584dbaf65d394e079c5e3ced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-59990"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mY60fhm85%2BJjrfaT5OlKoXdWKwotkSg2x%2BkgoKSwbrBxwquYsWO831O3YXEV1RsUewEYlg59v8C1YnCHbFB16p0tO%2FoWMeJ9hFhMSSeDRxoZXgj6RTWAlYnRw2m668lN%2BaXYGvWO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f85907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
www.cobaltstrike.com/wp-includes/js/jquery/ 88 KB
32 KB 61ms
57ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Nov 2022 05:23:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361fec1-15e54"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hlYSxpi5GgzaUAHcy2G0mUGfcJRQMIJ2U%2FNeuGlFWiJ%2FYYuQALST7PooDU6Qh2jdFt1Jpp8UbXsZQZPKzoFXNp5F7x7nG%2FiK%2BKDX8XASryzvurfhJiyJnyfCjkLjdlA3lD4ZLw6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f86907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
www.cobaltstrike.com/wp-includes/js/jquery/ 11 KB
4 KB 61ms
57ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:46:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361aff3-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7vc3RBznhWUo0uLp1uym%2BJJyjHJNTI1uAxaAGYoG2yqaAMI%2F8eM2pxplwVxpbJE5xk%2B5uwZTOGl%2BS2iDQuSFQuaKSZ1s4LbNM1NHWGfAXfNQ4twttjfF8MTwButC0bOV52RtfKE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f88907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 mmenu.js Show response
www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/ 69 KB
18 KB 60ms
56ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/mmenu.js?ver=6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0916b04a6bd6a9c5a9c9721e8749a0d952b39ba9303399faeacba8a65dd9a92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-1122b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdRFK7w7FiB%2Fh0YriMtbknkrvuLRL3lTYcVxEnB5mf1tlwgH0Laftmk6pmLQN824r3akYDNG3zPhrC8sTqPCeJ3FDVM5sYazCrNoGNkuoPmOo7ZHuS1U7Jj4wXcAA20XCFxEf2aX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952750f89907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 mburger.js Show response
www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/ 6 KB
2 KB 62ms
59ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/mburger.js?ver=6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e56084b20ef7de5d9f01bd95bb64fbdaa055459691aa66af1c46a79f7d43d53

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-19ec"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2MAs2LrhrB1JA07WjM5hae3lMtnOsWEvtzxINXtivcCE8WoUtRxrFvOkgp6cWA3ziXk4IW3%2FaG%2BcOI2Ouq3AGcS843O7%2BK6bdsnG5hC6taeJHLQ7JZ8v0ozzAOVyqmpyRnCn7%2Fxj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fb9907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 mhead.js Show response
www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/ 2 KB
1 KB 62ms
58ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/mhead.js?ver=6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e4dab8d8160be12cf844bfb865757bd26d402d2c5f4ef44c9668765845802fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-964"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pz2oRKcOA7gPHPZe3L0nNsuyKuzTTGaTc2X4dZkYfUYBibNd5rB%2BbUjSm6EpdfWXQLKvMihfKitidsEY7poa34wEQjflb4WExYG9xCnVE%2Fpj4Dyk1BEIPdI22NHldKyN9JUutmSM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fbb907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 dcf00ad2d4.js Show response
kit.fontawesome.com/ 11 KB
4 KB 115ms
27ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/dcf00ad2d4.js

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f433b7fd1447fb9ebd43603275f772c6f79825242cc1d827998bd80207a8efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 7669527589ac9956-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: Ftb37KVwJ1OxDpo7tNxD

GET
H2 200 fortra-skyblue.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 1 KB
829 B 44ms
42ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/fortra-skyblue.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6202b5d69e38fdbfdb3430db6b367d0d1dffb4345ad9b992a9090f37872dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 426628
etag: W/"6361affa-4f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRzUpt0WHoGx3N4YaZGfgoESrEdzymOEXuauwibQQHt1fS3bui7pokkAb0H647wWNfDxXRbxgEltx519WYuOtuuiw%2F2FYDYdLPgOzNZy%2FP3WKG6ScQN75HofHFQ5pjR2HOY3NsUj"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fbf907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cobalt-strike-dark-bg.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 11 KB
3 KB 39ms
37ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/cobalt-strike-dark-bg.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7ef58efaada2664bec27e9c84699bc2d2449babe6e21c3ead85e577feb92da8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 426628
etag: W/"6361affa-2c1e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CryPJDr1KZEMSjdN3dlnIxtmB4V4%2BUG32fOyAtuRaUaMwTo8%2FtSxHijL5C0tIi91Gh1d6R89djDqY7tIJVJia6psRtnQrgwT1bqRxUydU6MHIBJX%2BLQHYGaJNgcmtYAlJXtIeQZ9"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fc0907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fta-delta-white.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 297 B
539 B 43ms
41ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/fta-delta-white.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63a53143de1fa7c9ec3aecf4060efb78c336df0f384c4b7db72596f6b14a2781

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 426628
etag: W/"6361affa-129"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pifqn4W6l1LCzfwoSTpOqRHTGS8V%2BhyW8YVF4or4JZpDOWmM%2FR%2BLbe%2BuDJdUocBETFzMNSzGnUzwNizYdJP3N%2FzwxoH8CVcCuHKaKAR6%2FjGhhZhKhR5r%2BeV0SxLT%2B7fXg1k%2B1yyw"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fc1907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Cobalt-strike-anime-guy.png
www.cobaltstrike.com/wp-content/uploads/2022/10/ 156 KB
156 KB 40ms
38ms Image
image/webp 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/uploads/2022/10/Cobalt-strike-anime-guy.png
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebcdeb6f9203bcc4c63746fd8ad18cbe40eed32c71f5cff84bee12183e87a5dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 416099
cf-polished: origFmt=png, origSize=240291
content-disposition: inline; filename="Cobalt-strike-anime-guy.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 159352
cf-bgj: imgq:100,h2pri
last-modified: Tue, 01 Nov 2022 23:47:01 GMT
server: cloudflare
etag: "6361aff5-3aaa3"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9XJRuwDGa4TpSSD5aE%2BTNOYnx21EyyZvFVmO9bwtfFIDDfnLbMhCumWJx5wdtpqFViickyFknEFmFE6XDi%2FrmgCQjHfNuL4EGZ3ykPhvCEnLgqnw%2FqJmYGZEcau%2BjUqgKpkYBftb"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 766952753fc2907c-FRA

GET
H2 200 pricing.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 2 KB
1 KB 41ms
39ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/pricing.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125adb79c10603ee2d55161d8951bead4ff7f796967786b979791e02971690ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 416099
etag: W/"6361affa-6a0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3U9%2FLLX1L%2BWEU7xVlTqH0tGRGVM9oiSbHE0KRfatUU%2FfTfPeZPyzysEzquZdxDSuPglXnGO1HdtnHr0S9rXlqdsaxGi4cTzlPKA1JaONulQs8R83Q49uY5YNphtrcCbE1UUjbO%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fc3907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 in-touch.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 1 KB
956 B 46ms
44ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/in-touch.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0092b97349a18e065497f4007f9bd5c28e05031e2269c521fc80f38eeb9d414

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 416099
etag: W/"6361affa-4f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YbmmfKpOzHU%2BObamNoeZcy4OH6w%2F5s946ULivSVz0AiBo7FIxyExHY3nIB1eJBU2G1FBSYH1mBnz0V0kiQlXw%2FDXGWQh0G3sRsbQnFJcnIS2DkNRFPXMRVkTfBZuWSATikoYRwbd"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fc4907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 demo.svg
www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/ 1 KB
990 B 42ms
40ms Image
image/svg+xml 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/img/demo.svg
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c79f21bf9dba9c355aa19806c7f4fa81cc70d2f004f43612b1ca394c913c655d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 416099
etag: W/"6361affa-5a1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZulUfoMX%2FNyoMmEeaeLxZuW9QbKESVIcWtfobvcEsOhWLxQRFDLPMDZNF8Eg5wHgQ4nhAO7yiCgv4hnOH%2BlHH3LedJ1tRKWMO1cwWyMvgHGFJ%2F8WapqZBIziWRSBcD3pOzYzAW2A"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fc5907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ssba.js Show response
www.cobaltstrike.com/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
1 KB 40ms
37ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1667346428
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affc-7c3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LynEe40ezW9k8muW9kWM6ouhx0p8QG9gN6hopwciZdysEAbE%2F4m0D88pBxrN1E80SLWHGKjVuLSfKy3Q8gFVFiJ4t2mMQUa1DYbDwKrq8TGW6yMSHiZGrakQEjqPt0vUU%2F3RTZM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fbc907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 child-theme.min.js Show response
www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/ 83 KB
25 KB 42ms
40ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/js/child-theme.min.js?ver=5.9.8
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f962ea052383e066291f943eb01b1c0cc8314900431aae47bf271cc301239e10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361affa-14cdc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RBHObVR3gSX6hasK615%2Fzp6Hc9gDWaIsGPnk%2BA8zJ1oAjJTxy6T2LReVxuOuWgov4YYRWwD7oRLuOEPAokWlSr96cmrjmA5YhaBHaCbTCmWfxqJ5CeWVfiLpGMd0Y0nLRdDpeXs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fbe907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 wp-emoji-release.min.js Show response
www.cobaltstrike.com/wp-includes/js/ 18 KB
5 KB 43ms
43ms Script
application/javascript 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Nov 2022 23:46:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 434621
etag: W/"6361aff3-48b9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjZG67oIvoQ8rCtOAIrbvQ5ZvJ0Tjnc%2FIefk8rW6XvMtYOHXy%2FlPQbiQp160u78Nx8WRc8F7tR5fmTeo1oJ2oM%2FXwBPEMr%2F%2F0JKxB1BkpCt3F21%2FUFqSKWK1ixsGPUa8Ru3zTB9f"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 766952753fd0907c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 78ms
26ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/child-theme.min.css?ver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f1e145d88c4b3f343055576d559fa8999045d205ea2f4e0d84f3b539c56ced8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 20:43:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Nov 2022 21:57:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 179 KB
66 KB 107ms
64ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

079ad886571938b3263dc54cc210c7b270de91edcac87430bfeccc12ea9dd611

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66765
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 21:25:30 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Nov 2022 21:57:00 GMT

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 315 KB
53 KB 33ms
23ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=dcf00ad2d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dcf00ad2d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 6239940
etag: "610ae215-d3b2"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 766952766ae29956-FRA
content-length: 54194

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 50ms
40ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=dcf00ad2d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dcf00ad2d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 6239940
etag: "610ae215-1062"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 766952766ae19956-FRA
content-length: 4194

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 27 KB
3 KB 32ms
22ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=dcf00ad2d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dcf00ad2d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 6239940
etag: "610ae215-a2b"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 766952766adf9956-FRA
content-length: 2603

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 111ms
34ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 535786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 17:07:14 GMT

GET
H2 200 bg-1.png
static.helpsystems.com/cobalt-strike/img/ 157 KB
158 KB 115ms
35ms Image
image/png 108.157.4.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.helpsystems.com/cobalt-strike/img/bg-1.png
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/child-theme.min.css?ver=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-97.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9de6faf69d60c4e5e426634bfd1c7afda005bd47ad2a0247befb29e3634f1a33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id: KhusPF34VVOftPiVFsa7UtvDT_9JL68m
date: Mon, 07 Nov 2022 21:05:42 GMT
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-amz-request-id: 8ZBDSQ7EV3VFZHV9
x-amz-cf-pop: DUS51-P2
x-amz-server-side-encryption: AES256
age: 3079
x-cache: Hit from cloudfront
content-length: 160799
x-amz-id-2: PtJ94D7k0SZPdIX1D7GFJLT6C/5fD8hWSp8zCVaMBOiyo7xvPQO1xS/NAMJw1UYR0vnWcrwRAB4=
last-modified: Thu, 18 Feb 2021 20:48:40 GMT
server: AmazonS3
etag: "cfca4bd5e4036da8fe6d3c0ca6303801"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: Arlt9AVJMBwAUz3qMkjWzDK3YYN6uGuJoSejCJWGdeZjWTA92z2KZA==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 100ms
29ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 535786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 17:07:14 GMT

GET
H2 200 fontawesome-webfont.woff2
www.cobaltstrike.com/wp-content/themes/cobaltstrike/fonts/ 75 KB
76 KB 24ms
23ms Font
font/woff2 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/child-theme.min.css?ver=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.cobaltstrike.com/wp-content/themes/cobaltstrike/css/child-theme.min.css?ver=1
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 434620
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Tue, 01 Nov 2022 23:47:06 GMT
server: cloudflare
etag: "6361affa-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRgGRGWHwLKf8TO8vYyAUKZ3RxiN8zHifnzOtQhjcRpw5KpIoozSRnXNCnADR1%2FBdhSDEZTfc4S6HqkmR2D81U7LyIoM2R8szDGeie2PEUuBXfMWYLHkle7jYTe2iGEizsLxyGNm"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7669527669c3907c-FRA

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 24 KB
24 KB 108ms
47ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 08:30:07 GMT
x-content-type-options: nosniff
age: 394013
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Nov 2023 08:30:07 GMT

GET
H2 200 features-screenshot-1.png
www.cobaltstrike.com/wp-content/uploads/2021/11/ 43 KB
43 KB 34ms
31ms Image
image/webp 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/uploads/2021/11/features-screenshot-1.png
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dd46fde5b293c1c7411d70e4e6e80eddfdd4443cae380c6605a72055a38b508

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 416092
cf-polished: origFmt=png, origSize=101947
content-disposition: inline; filename="features-screenshot-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43960
cf-bgj: imgq:100,h2pri
last-modified: Tue, 01 Nov 2022 23:47:03 GMT
server: cloudflare
etag: "6361aff7-18e3b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQT0HgFG5i3MK3V%2FMbGbtVK5lVX1pSEV0kA2kV%2BoT%2BWu9iKyQxwZj4s4s3eLy56HpiVPNx%2Fp7aX2JBYFuXGblylg4b%2FClfUqd7dqYP4gxv08GIZNNauRKNo4LJaRCeNIUl2seiTU"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7669527689e1907c-FRA

GET
H2 200 comics-cover.png
www.cobaltstrike.com/wp-content/uploads/2021/11/ 179 KB
180 KB 27ms
24ms Image
image/webp 141.193.213.10
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cobaltstrike.com/wp-content/uploads/2021/11/comics-cover.png
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.10 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335f61181969d6e7d3e311a7a47bf0ce3049340e69751a7cde258707dc0346b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 70485
cf-polished: origFmt=png, origSize=289802
content-disposition: inline; filename="comics-cover.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 183718
cf-bgj: imgq:100,h2pri
last-modified: Tue, 01 Nov 2022 23:47:03 GMT
server: cloudflare
etag: "6361aff7-46c0a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goT9YLgblhQj3QTaVFEAsxAnDxXEjbEl7Gah1WP1geGQXawVBT4FoiUJUzzqSbMsHdU6VRQQLJ3Wt3wrZoJQcEjjn0yDYFaRjesI3sysloehFZsz6ufc0HBzMeLwezpQdL%2FT1AnZ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7669527689e3907c-FRA

GET
H2 200 pro-fa-solid-900-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/ 19 KB
19 KB 27ms
25ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:58:39 GMT
server: cloudflare
age: 815773
etag: "610ae35f-4d48"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 766952770c009956-FRA
content-length: 19784

GET
H2 200 pro-fa-solid-900-5.11.0.woff2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/ 12 KB
12 KB 29ms
27ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.11.0.woff2
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bcade3d96c0c0fb1950e54b96b0f4cfa7f51e45a99dd8f12224fb0530ac432d

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:58:41 GMT
server: cloudflare
age: 4318467
etag: "610ae361-2f70"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 766952770c029956-FRA
content-length: 12144

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 61ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Nov 2022 21:24:49 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1931
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 07 Nov 2022 23:24:49 GMT

GET
H2 200 3478499.js Show response
js.hs-scripts.com/ 2 KB
928 B 394ms
133ms Script
application/javascript 2606:4700::6811:d3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/3478499.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0819dbd128cd986b1ca16181c25c930629f9ba985bbb7ea8a8fd35922dd147f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 07 Nov 2022 21:54:12 GMT
server: cloudflare
x-hubspot-correlation-id: 94f76356-c1ae-450f-8269-366c502c344d
x-trace: 2BEBE8E071CD223B941B6C8171BE3ED43A8F359AF7000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 76695278ef849156-FRA
expires: Mon, 07 Nov 2022 21:58:01 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 30 KB
10 KB 60ms
8ms Script
application/javascript 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 29 Sep 2022 20:55:46 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63360652-7700"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 9869
expires: Mon, 07 Nov 2022 21:57:00 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 66ms
8ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 8a0dc0b446ca012e7e25688bec45ec66b473c1e343c0c77850df7f8be0ea18ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
last-modified: Mon, 07 Nov 2022 19:42:52 GMT
server: ECS (frb/67D4)
age: 2520
etag: "e21ae41fe1f2d81:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32327

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
75 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HNS2ZVG55R&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

55aece158d84f9dcbced893109dc035e8e31bbda01dc6589e13d18ea5cafa8f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76792
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Nov 2022 21:57:00 GMT

GET
H2 200 v1.7-9931 Show response
consent.trustarc.com/asset/notice.js/v/ 76 KB
24 KB 40ms
39ms Script
text/javascript 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-9931

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&gtm=1&text=true&pn=1-0&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

a2287bb22f8ed8285baec2e9b8cfd84ea46d0a142884bea029c7c396fa3a0d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:48:06 GMT
content-encoding: gzip
via: 1.1 2a9856881d192b485d1bf1928e98c7ec.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 534
x-cache: Hit from cloudfront
pragma: public
last-modified: Thu, 20 Oct 2022 05:43:25 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: KKVHFmsncp9tXIp1QMCzlRsQ031Yu8SawomV3Jl7nCoD2aM6nGOxEA==
expires: Wed, 07 Dec 2022 21:48:06 GMT

GET
H2 200 get Show response
consent.trustarc.com/ Frame 1922 7 KB
2 KB 97ms
30ms Document
text/html 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=crossdomain.html&domain=helpsystems.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cobaltstrike.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3053
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 07 Nov 2022 21:06:07 GMT
expires: Wed, 07 Dec 2022 21:06:07 GMT
pragma: public
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding Origin
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-id: TNd5EmTsEYqUxMBFjBxtIqPuFggIm62bubuQJRYfFbgR-t_RqrCghA==
x-amz-cf-pop: PRG50-C1
x-cache: Hit from cloudfront

GET
H2 200 log
consent.trustarc.com/ 43 B
442 B 231ms
163ms Image
image/gif 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=helpsystems.com&country=de&state=&behavior=expressed&c=a8b2

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: PRG50-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: Q0yaD3rq6oaULSzewa6WOK2CtSHyaWDmwnq5PqBFvH7NLaQi-BxNHQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
350 B 68ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HNS2ZVG55R&gtm=2oeb20&_p=1731603783&_gaz=1&cid=1079422439.1667858221&ul=en-us&_rdi=1&_geo=1&_s=1&sid=1667858220&sct=1&seg=0&dl=https%3A%2F%2Fwww.cobaltstrike.com%2F&dt=Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNS2ZVG55R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
350 B 70ms
20ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HNS2ZVG55R&cid=1079422439.1667858221&gtm=2oeb20&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HNS2ZVG55R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 87ms
37ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HNS2ZVG55R&cid=1079422439.1667858221&gtm=2oeb20&aip=1&z=252297808

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
816 B 65ms
15ms XHR
application/json 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Nov 2022 21:57:00 GMT
AN-X-Request-Uuid: 359176c4-2fc6-4b56-a65b-2ab45a27e81c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.cobaltstrike.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 37.58.57.2; 37.58.57.2; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
205 B 28ms
13ms XHR
text/html 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-7-242.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.cobaltstrike.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 24 B
264 B 57ms
8ms XHR
text/html 2a02:26f0:1700:18c::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:18c::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 22376326cd0560a692c6cc23da4d10a35d53e8781635f4d207b05edb6acc9e3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2030:a004:1::11
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 24
expires: Mon, 07 Nov 2022 21:57:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 54ms
21ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1731603783&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cobaltstrike.com%2F&ul=en-us&de=UTF-8&dt=Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1950128950&gjid=1657602453&cid=1079422439.1667858221&tid=UA-172665686-1&_gid=1395993277.1667858221&_r=1&gtm=2wgb20NN4FLFJ&z=1342694633

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cobaltstrike.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 269ms
244ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2030%3Aa004%3A1%3A%3A11%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 253ms
246ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A00%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6&an_uid=0

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 62ms
24ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-172665686-1&cid=1079422439.1667858221&jid=1950128950&gjid=1657602453&_gid=1395993277.1667858221&_u=YCDACEAABAAAACAAI~&z=915602240

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cobaltstrike.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 07 Nov 2022 21:57:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cobaltstrike.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
consent-pref.trustarc.com/ Frame 54D8 5 KB
3 KB 59ms
15ms Document
text/html 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-9931

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://www.cobaltstrike.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40613
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 07 Nov 2022 10:40:07 GMT
etag: W/"5147-1666069570000"
expect-ct: max-age=86400; enforce;
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-amz-cf-id: LZT9OuTOUCVIMxwc3Y7TVD2LuF3OzwYoSJpqd5TnDOjk7MJASkdJjw==
x-amz-cf-pop: DUS51-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
541 B 85ms
85ms Image
image/gif 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=helpsystems.com&behavior=expressed&country=de&language=de&rand=0.46223859653370214

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
cloudfront-viewer-country: DE
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: max-age=3600
cloudfront-viewer-country-region: NW
timing-allow-origin: *
x-amz-cf-id: Fa09T-E6XyiMqYu7qg7sJe27XwoyfzZHvUAiFBgfdvs90pzgSvj6xg==
expires: Mon, 07 Nov 2022 22:57:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 62ms
25ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-172665686-1&cid=1079422439.1667858221&jid=1950128950&_u=YCDACEAABAAAACAAI~&z=1700242529

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 72ms
38ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-172665686-1&cid=1079422439.1667858221&jid=1950128950&_u=YCDACEAABAAAACAAI~&z=1700242529

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 defaultpreferencemanager.nocache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 54D8 5 KB
3 KB 32ms
32ms Script
application/javascript 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

8cd45983252377ab47167a01dc25622b9a2ed372ccef7809b5b987e7f5804aee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:28 GMT
server: nginx
etag: W/"4867-1666069588000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: dSqe-zNppFfdgIks8b52cNTeJ2X-8ksZefasyw27GkWYKhc8mTGTlw==
expires: Mon, 07 Nov 2022 21:56:59 GMT

GET
H2 200 get Show response
consent-st.trustarc.com/ Frame 54D8 20 KB
5 KB 145ms
75ms Script
text/javascript 65.9.95.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.109 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-109.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: public
date: Sat, 05 Nov 2022 05:05:28 GMT
content-encoding: gzip
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: PRG50-C1
age: 233493
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: _U8kVFvSKbGqV6mIH5toPQmHmI2UXRqd0c4f4vEgtNATwRwGeN2TVQ==
expires: Mon, 05 Dec 2022 05:05:28 GMT

GET
H2 200 loading.gif
consent-pref.trustarc.com/images/ Frame 54D8 3 KB
3 KB 11ms
10ms Image
image/gif 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 05:55:51 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 57669
x-cache: Hit from cloudfront
content-length: 2608
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
server: nginx
etag: W/"2608-1666069570000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/gif
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: zE1h2I6HlUgHlMAmNmh7QNBXvzK2rm2y0sQvyLMIvaKsxN-zwa8TJw==

GET
H2 200 900F1BE3E033349C4A8AEE7E6836E50C.cache.html Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 2ADA 139 KB
46 KB 11ms
11ms Document
text/html 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

f76a484bb66130b90832bfe73e4b5acb2da46d8dac2abb34b6d60ecab7f4365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1613456
cache-control: max-age=315360000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 20 Oct 2022 05:46:04 GMT
etag: W/"142492-1666069588000"
expect-ct: max-age=86400; enforce;
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 18 Oct 2022 05:06:28 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-amz-cf-id: fN5oEq7TowR1sqCW1BDyP73C1hKDv5pjGS-nXC9gfMPCkbC9R27IrQ==
x-amz-cf-pop: DUS51-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 54D8 969 B
1 KB 31ms
31ms XHR
application/json 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 900F1BE3E033349C4A8AEE7E6836E50C
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 468
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: JAyFoemYIBQ_xIEfkC-ts3Zud2lRgBK60sDMtuD_HcgZKQM6sN8drA==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 54D8 48 B
622 B 94ms
94ms XHR
application/json 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

e792f8066b5ce9cd23819a8e45de56b6308f67755cd8a40707968a17682cd20c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 900F1BE3E033349C4A8AEE7E6836E50C
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 48
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: Obe3YObDmRQY5TYornh4T7pA_J_TUIEFr7LP_EJ-zxBU9Ysl6MzOCw==

GET
H2 200 EuPreferenceManager.css
consent-pref.trustarc.com/ Frame 54D8 28 KB
7 KB 34ms
33ms Stylesheet
text/css 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/EuPreferenceManager.css

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

11304b88bdf5cd5f42513b9aa8bd3206653770f4f125b852285db812c731cf24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
x-cache: RefreshHit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
server: nginx
etag: W/"29043-1666069570000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: oyKNZ9RRBCLqulQIvl6IdSmfcd1gaa8N7UFO7Q-b699VRJR_FZT_Cw==
expires: Mon, 07 Nov 2022 21:57:00 GMT

GET
H2 200 10.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/ Frame 54D8 253 KB
87 KB 12ms
12ms XHR
application/javascript 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/10.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

9a3922ab13028b40a17d282752146872724c3f994b88d7329227f1300f4de7b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:46:04 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 1613457
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:28 GMT
server: nginx
etag: W/"259516-1666069588000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: jdsh3tpL2qDEOEhhPDtgfRpQCxYxP8f6uDHy8LH5t7-1cvtL9vX1EQ==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/ Frame 54D8 19 KB
8 KB 13ms
11ms XHR
application/javascript 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/1.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

7a2ffdbb208abc0c4162ae77535687b761c1e9a98a034cfe8dba4bff522c80c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:46:04 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 1613457
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:28 GMT
server: nginx
etag: W/"19787-1666069588000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: 3dCWpoVYpLv97q9YEcyjubs-Ph3GboVEncWuN1sZ65q-kj6D3yQwig==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie_iframe.html Show response
prefmgr-cookie.truste-svc.net/cookie_js/ Frame 6C69 5 KB
2 KB 455ms
106ms Document
text/html 44.208.109.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.109.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-109-123.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://consent-pref.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 21:57:01 GMT
etag: W/"5014-1657163800000"
expect-ct: max-age=31536000
last-modified: Thu, 07 Jul 2022 03:16:40 GMT
permissions-policy: geolocation=(), microphone=(), payment=()
referrer-policy: origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 54D8 786 B
911 B 40ms
38ms XHR
application/json 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

6de57940f4e65bfbdfedf90150068a0880d58e70e6328ca55ca1bdc2d7f9301a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 900F1BE3E033349C4A8AEE7E6836E50C
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 321
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: swGlz6pOKGc7pEyaodb4U9CHn0Y_est1T54VuzTz7qGSvvN6-in4mg==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 54D8 24 KB
7 KB 41ms
41ms XHR
application/json 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

554008a2a8ed087640afa2529308c94093037068345160b2e5cf5fede0ef2cf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 900F1BE3E033349C4A8AEE7E6836E50C
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 6347
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: WU3ewMakp5EO-IIZx_Dw0okHksjRnzM9dFnHtkkVp_z9aiXwjj1uYg==

GET
H2 200 3478499.js Show response
js.hs-analytics.net/analytics/1667858100000/ 71 KB
22 KB 186ms
145ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1667858100000/3478499.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3478499.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c25727f85b9a4a48603b6d5977d35a3ef639749a0274c02a98f947b305d3d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: K7259NCQDXXP3DVY
x-amz-server-side-encryption: AES256
x-amz-id-2: dk8TOzNK/FfpeOB/xhL+KM1a2146YEt2gS9sYCWMKfenfoMxXMfKCispVSHVm1R5lTyOQ8xgfug=
last-modified: Fri, 04 Nov 2022 20:26:12 GMT
server: cloudflare
etag: W/"bb94fcd21ccb52e17ff07424b0fcf314"
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 7669527a0f289238-FRA
expires: Mon, 07 Nov 2022 22:02:01 GMT

GET
H2 200 3478499.js Show response
js.hs-banner.com/ 60 KB
16 KB 441ms
411ms Script
text/javascript 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3478499.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3478499.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6baee970705dcbd441607fcf994543be1f30153bf313ead4023144d3f3d7e5c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-amz-version-id: EaCNeUkcMDz265lpqy_l93Dk.Bnh5dtm
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: HK3AG0Z7A48XH0JP
x-amz-server-side-encryption: AES256
x-amz-id-2: wjGnMW/5pENgcm9okH+7gCE/j/StAXyrqEag2lFVNOgWNpCVyRbbfw+h3zm5Fi7Af1IW1OEyDO8=
last-modified: Fri, 28 Oct 2022 19:52:46 GMT
server: cloudflare
etag: W/"8ebff836e9ab613d36e49d6148db5caa"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.cobaltstrike.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 76695279ffe89bf2-FRA
expires: Mon, 07 Nov 2022 22:02:01 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 548 KB
88 KB 71ms
31ms Script
application/javascript 2606:4700::6811:e9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3478499.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3855bfa2d2ca2c87e33eb53baf78e86305b469743f8038a353d3709170af5877

Request headers

Referer: https://www.cobaltstrike.com/
Origin: https://www.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-amz-version-id: KhB59u4NuDuWX66mGRFuhkI5gjuG325U
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 32747
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1118/bundle/main/lead-flows-release.js&cfRay=766632fc98509016-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Mon, 07 Nov 2022 11:27:56 UTC
server: cloudflare
etag: W/"a3c3903aee4f14a643a059fe24214e75"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=86400, max-age=0
cf-ray: 7669527a0ac39004-FRA
x-amz-cf-id: P4c9lWQY5DPZH22Q4pZKiLlcxHl-fUXzJBl-crW3fj70ZyKD9D-ALQ==
x-hs-target-asset: lead-flows-js/static-1.1118/bundle/main/lead-flows-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 73 KB
21 KB 98ms
47ms Script
application/javascript 2606:4700::6811:eccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3478499.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9eeecb88a881d5d9211772ad6df8b3f15f04e31bd83255e747c9e304e8d9182

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
x-amz-version-id: LxkNftZmJL4iG28NxmZyBRCp75gMWnm4
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 165
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.11084/bundles/project.js&cfRay=76694e74284f9193-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Fri, 04 Nov 2022 01:35:58 UTC
server: cloudflare
etag: W/"0a63c83bb8a126e6337b60cf6a219925"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
cache-control: max-age=600
cf-ray: 7669527a2ab6918c-FRA
x-amz-cf-id: eFb6GQh1v_V9zMDx4Np6nqtVfUo1Ochd0lcXTNu13gP742TmAdBCDQ==
x-hs-target-asset: conversations-embed/static-1.11084/bundles/project.js

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
328 B 12ms
10ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=449f6bfbe7d14690b8b8898b5d39210e&_biz_s=151ab6&_biz_l=https%3A%2F%2Fwww.cobaltstrike.com%2F&_biz_t=1667858221097&_biz_i=Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations&_biz_n=0&rnd=462029&cdn_o=a&_biz_z=1667858221098
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:01 GMT
last-modified: Wed, 02 Nov 2022 14:12:17 GMT
server: ECS (frb/6760)
age: 459890
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
204 B 54ms
19ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=449f6bfbe7d14690b8b8898b5d39210e&_biz_s=151ab6&_biz_l=https%3A%2F%2Fwww.cobaltstrike.com%2F&_biz_t=1667858221100&_biz_i=Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations&rnd=36349&cdn_o=a&_biz_z=1667858221100
Requested by: Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 21:57:01 GMT
last-modified: Thu, 03 Nov 2022 23:58:36 GMT
server: ECS (frb/67C2)
age: 338305
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
522 B 144ms
126ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=449f6bfbe7d14690b8b8898b5d39210e&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.03
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 1ba940b833defff419128fc0e40170a0de0ed9f5a490f8bdde20eb201fb0d6d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:00 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: A9EEC0D6
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 218

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 54D8 4 KB
5 KB 21ms
20ms Image
image/png 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Requested by

Host: www.cobaltstrike.com
URL: https://www.cobaltstrike.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:27:04 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 67790
x-cache: Hit from cloudfront
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
server: nginx
etag: W/"4197-1666069570000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: k5wZ2wouipARQLHLD-02UItCGLjXUCwvebQVNE4t5c7hoLgwRnIrvA==

GET
H3 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 263 B
1 KB 166ms
156ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=3478499&conversations-embed=static-1.11084&mobile=false&messagesUtk=612ed5560a024aaa878113c46f2bf070&traceId=612ed5560a024aaa878113c46f2bf070

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

117a64534eeb3158e9563bc622b13d0403d0e6ee954c276229e88b3cd4495d86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cobaltstrike.com/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 1291c3c5-3941-4b04-9bf3-77380ab2cd11
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 208
server: cloudflare
x-trace: 2B6460C91F0CAECC401D5E0734B434BD803C5DC8E4000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cobaltstrike.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SaXr5IbEESsAii%2BfjtY7Wo%2BtoeFmAp06GG%2BWdoAZ10lRonGTluPGR16cBK8IaSLaJZVpGkrOv9PxcP%2Fq4%2FcYj07TG5b7oCB9oEuLgvD3JKH42AYC4z%2F%2FZMP8RGFtEKdNGERhCwxsnWnEFUsVNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 7669527bbd809b71-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 168ms
140ms Preflight
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.cobaltstrike.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.cobaltstrike.com
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7669527acff391d8-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Mon, 07 Nov 2022 21:57:01 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyF9lmTRyackCEwCAfEYXSsuJJcw%2FV1aHAeSvPl7QGlAVkbSrjcz97ug%2BtRS4htYR%2B5w4r3NkoJwCQdJMjcCObjVqUhN9P2XT9waidGP1t53T4d1BOBT1xAYCBavlOS5HCuCjXzE096IleG8TA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-hubspot-correlation-id: 9c7f9ec4-833f-48c9-a0b6-3c9a91a40049
x-trace: 2B957468CBC1CCDF3E57DDBD83DC2A557299050457000000000000000000

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
895 B 189ms
167ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3865676674&v=1.1&a=3478499&rcu=https%3A%2F%2Fwww.cobaltstrike.com%2F&pu=https%3A%2F%2Fwww.cobaltstrike.com%2F&t=Cobalt+Strike+%7C+Adversary+Simulation+and+Red+Team+Operations&cts=1667858221554&vi=7caef898f8754f4db659863b6c69426a&nc=true&u=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&b=173638140.1.1667858221549&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 80dd8e45-c959-4203-948d-9ff371098c51
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtJ1VmDsO3%2FmYF9sduln%2BZ7F0HJi1f2h07YrSUNYMqyXrQ0QVfQ%2B8B8FH7qnKeZgOp3cHvTq966I4Lb20QwzTxuGKjSJzNSVok4w0CHpFM4mrisfdJa5f90plQ2lukDq1dCnDywilrjZIBvyU1rF"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7669527ce9629bcb-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 254 B
870 B 152ms
151ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3478499&utk=7caef898f8754f4db659863b6c69426a&__hstc=173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1&__hssc=173638140.1.1667858221549&currentUrl=https%3A%2F%2Fwww.cobaltstrike.com%2F

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02dbd26ad71ecdb4741a40509a146c118eee0add3b2573886bad3a91f7aaf6f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 1cd720be-d888-437f-b2dc-ef5e8dce0c9b
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cobaltstrike.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pyE%2B6tDr9se7GpHn2Wq2r5%2ByI9ko1WpWolDqUjR1NAymRCuWQdNp%2BfNINU3HHE0y%2BgaPrWet4iDpaTLBCjVdUF%2FmA%2F%2Bsn8CfFJ3wwbuU23SKorQ7%2FtAH1%2BVc3D4DmPwq8PmoobkVzpVPzuxMOVxx"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7669527cfc2c91d8-FRA

GET
H2 200 6.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/ Frame 54D8 7 KB
4 KB 11ms
11ms XHR
application/javascript 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/900F1BE3E033349C4A8AEE7E6836E50C/6.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

1a0c308606a223352aea3c72b20001e073ab7b42f6a33e3ff49050d135677d85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 05:46:04 GMT
content-encoding: gzip
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 1613457
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:28 GMT
server: nginx
etag: W/"7220-1666069588000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: N3cyStGsDWQgdaRGhoCT-xE2m8T-Ir7DnWH6rbzgMur8_5JZglm7uA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 54D8 3 KB
4 KB 63ms
63ms Image
image/svg+xml 65.9.95.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/get?name=%20fortra_Logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-40.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

e396c79b7c0d5a855f996af8807bdf7318a87f7d4a198fa08a2c65e5cfa34330

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: public
date: Mon, 07 Nov 2022 21:02:47 GMT
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: PRG50-C1
age: 3254
vary: Origin
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 3554
x-amz-cf-id: ScK3ztzEjwOZcODi7XtYKUikaNPQc_asKdlNNkuWhb-QRojZSaXGzw==
expires: Wed, 07 Dec 2022 21:02:47 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 297ms
296ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:02 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 cookie_inneriframe.html Show response
consent-pref.trustarc.com/ Frame 6E19 2 KB
1 KB 16ms
15ms Document
text/html 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/cookie_inneriframe.html

Requested by

Host: prefmgr-cookie.truste-svc.net
URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://prefmgr-cookie.truste-svc.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 65387
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 07 Nov 2022 03:47:14 GMT
etag: W/"2008-1666069570000"
expect-ct: max-age=86400; enforce;
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-amz-cf-id: 5jq13WVQVm62Al94OrpQa5Is3FJPvreFsRbC2rJOtke3qkfkysKiQg==
x-amz-cf-pop: DUS51-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 54D8 4 KB
5 KB 11ms
10ms Image
image/png 13.226.153.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/900F1BE3E033349C4A8AEE7E6836E50C.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.153.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-153-29.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystems_110322&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 17:27:04 GMT
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-C1
age: 67791
x-cache: Hit from cloudfront
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Oct 2022 05:06:10 GMT
server: nginx
etag: W/"4197-1666069570000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: jO7Mp5bIyfGWe-PQmgit1s2aXg9U7YRzx8H8RkpbVzmg7pmJgP511g==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 244ms
243ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 263ms
263ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A03%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A02%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 271ms
271ms Image
image/gif 184.24.7.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b0e7a654cb6a9f76b986f2b6cbdbfabf&svisitor=null&visitor=c26a8d87-a4a4-42cb-8e0c-84656838e716&session=51ae06fd-55a1-4b8e-8afb-36121b0b762e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Nov%202022%2021%3A57%3A03%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Cobalt%20Strike%20in%20an%20adversary%20simulation%20tool%20that%20can%20emulate%20the%20tactics%20and%20techniques%20of%20a%20quiet%20long-term%20embedded%20threat%20actor%20in%20an%20IT%20network%20using%20Beacon%2C%20a%20post-exploitation%20agent%20and%20covert%20channels.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strike%20%7C%20Adversary%20Simulation%20and%20Red%20Team%20Operations%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cobaltstrike.com%2F&pageViewId=4cc24b17-7882-4795-8490-bfeccef82fd6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.7.242 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-7-242.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 21:57:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cobaltstrike.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed,eu
.cobaltstrike.com/	1970-01-20 16:53:38	Name: _ga_HNS2ZVG55R Value: GS1.1.1667858220.1.0.1667858220.60.0.0
.cobaltstrike.com/	1970-01-20 16:53:38	Name: _ga Value: GA1.2.1079422439.1667858221
.cobaltstrike.com/	1970-01-20 07:19:04	Name: _gid Value: GA1.2.1395993277.1667858221
.cobaltstrike.com/	1970-01-20 07:17:38	Name: _gat_UA-172665686-1 Value: 1
www.cobaltstrike.com/	1970-01-20 16:53:38	Name: _gd_visitor Value: c26a8d87-a4a4-42cb-8e0c-84656838e716
www.cobaltstrike.com/	1970-01-20 07:17:52	Name: _gd_session Value: 51ae06fd-55a1-4b8e-8afb-36121b0b762e
www.cobaltstrike.com/	1970-01-20 07:27:43	Name: _an_uid Value: 0
.6sc.co/	1970-01-20 16:53:38	Name: 6suuid Value: 9ef01002becd00002d7f696358000000c05c0200
.cobaltstrike.com/	1970-01-20 16:03:14	Name: _biz_uid Value: 449f6bfbe7d14690b8b8898b5d39210e
.cobaltstrike.com/	1970-01-20 07:17:40	Name: _biz_sid Value: 151ab6
.cobaltstrike.com/	1970-01-20 16:03:14	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 16:03:14	Name: _BUID Value: 449f6bfbe7d14690b8b8898b5d39210e
.cobaltstrike.com/	1970-01-20 16:03:14	Name: _biz_pendingA Value: %5B%5D
.bizibly.com/	1970-01-20 16:03:14	Name: _BUID Value: 7b8160c85809cabcc064c3f5992db507
.cobaltstrike.com/	1970-01-20 16:03:14	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
prefmgr-cookie.truste-svc.net/	1970-01-20 07:17:38	Name: cookie_3rdparty Value: enabled
.cobaltstrike.com/	1970-01-20 11:36:50	Name: __hstc Value: 173638140.7caef898f8754f4db659863b6c69426a.1667858221548.1667858221548.1667858221548.1
.cobaltstrike.com/	1970-01-20 11:36:50	Name: hubspotutk Value: 7caef898f8754f4db659863b6c69426a
.cobaltstrike.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cobaltstrike.com/	1970-01-20 07:17:40	Name: __hssc Value: 173638140.1.1667858221549
.hubspot.com/	1970-01-20 07:17:40	Name: __cf_bm Value: P7WFHFW5RIRHWBcP7KBAqJYZPBS3rj.4FAR3JYDiCzA-1667858221-0-AR4KHO6KfwWOd6bSk7gkz6jdovA1TjGu9NRfjffyBtBYIEKjtTr+uDfWEvGqOtQDpphq/MSAs0xIO1CopAdBVNY=
consent-pref.trustarc.com/	1970-01-20 07:17:38	Name: token_test Value: Mon Nov 07 2022 21:57:01 GMT+0000 (GMT)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
b.6sc.co
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.usemessages.com
ka-p.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
prefmgr-cookie.truste-svc.net
region1.analytics.google.com
secure.adnxs.com
static.helpsystems.com
stats.g.doubleclick.net
track.hubspot.com
www.cobaltstrike.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
108.157.4.97
13.226.153.29
141.193.213.10
152.195.15.58
184.24.7.242
185.89.210.180
2001:4860:4802:32::36
2606:4700:4400::6812:21ab
2606:4700::6811:46b0
2606:4700::6811:d3cc
2606:4700::6811:e9cc
2606:4700::6811:eccc
2606:4700::6812:1734
2606:4700::6812:acf
2606:4700::6813:9a53
2606:4700::6813:9b53
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:400c:c00::9a
2a02:26f0:1700:18c::1c91
44.208.109.123
65.9.95.109
65.9.95.40
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02dbd26ad71ecdb4741a40509a146c118eee0add3b2573886bad3a91f7aaf6f0
079ad886571938b3263dc54cc210c7b270de91edcac87430bfeccc12ea9dd611
0819dbd128cd986b1ca16181c25c930629f9ba985bbb7ea8a8fd35922dd147f3
0c25727f85b9a4a48603b6d5977d35a3ef639749a0274c02a98f947b305d3d96
0e4dab8d8160be12cf844bfb865757bd26d402d2c5f4ef44c9668765845802fd
11304b88bdf5cd5f42513b9aa8bd3206653770f4f125b852285db812c731cf24
117a64534eeb3158e9563bc622b13d0403d0e6ee954c276229e88b3cd4495d86
125adb79c10603ee2d55161d8951bead4ff7f796967786b979791e02971690ff
1a0c308606a223352aea3c72b20001e073ab7b42f6a33e3ff49050d135677d85
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
1ba940b833defff419128fc0e40170a0de0ed9f5a490f8bdde20eb201fb0d6d0
22376326cd0560a692c6cc23da4d10a35d53e8781635f4d207b05edb6acc9e3a
22fbaa84af5b742f7f2172fed43a3f6240d7c5d460af508fa8199dc2788bed0e
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
335f61181969d6e7d3e311a7a47bf0ce3049340e69751a7cde258707dc0346b8
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
3855bfa2d2ca2c87e33eb53baf78e86305b469743f8038a353d3709170af5877
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
4d3605b8890101d2fbf3a0504c4ceadaf3945b6975aa00e8048f57a2fad3964f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
554008a2a8ed087640afa2529308c94093037068345160b2e5cf5fede0ef2cf0
55aece158d84f9dcbced893109dc035e8e31bbda01dc6589e13d18ea5cafa8f6
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5bf627256fb3cadccf0da8de3947f51a76873a76584dbaf65d394e079c5e3ced
5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe
5f433b7fd1447fb9ebd43603275f772c6f79825242cc1d827998bd80207a8efb
63a53143de1fa7c9ec3aecf4060efb78c336df0f384c4b7db72596f6b14a2781
6baee970705dcbd441607fcf994543be1f30153bf313ead4023144d3f3d7e5c0
6bcade3d96c0c0fb1950e54b96b0f4cfa7f51e45a99dd8f12224fb0530ac432d
6de57940f4e65bfbdfedf90150068a0880d58e70e6328ca55ca1bdc2d7f9301a
6e56084b20ef7de5d9f01bd95bb64fbdaa055459691aa66af1c46a79f7d43d53
6e6202b5d69e38fdbfdb3430db6b367d0d1dffb4345ad9b992a9090f37872dba
6f1e145d88c4b3f343055576d559fa8999045d205ea2f4e0d84f3b539c56ced8
75db663f63c3505c2d1d2c41b82da41465bcd39b390516728f7fd323f95f644e
7a2ffdbb208abc0c4162ae77535687b761c1e9a98a034cfe8dba4bff522c80c4
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a0dc0b446ca012e7e25688bec45ec66b473c1e343c0c77850df7f8be0ea18ad
8cd45983252377ab47167a01dc25622b9a2ed372ccef7809b5b987e7f5804aee
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
92e22a72c9ace53753d0ad447a0597268cea45581c54aa179ff66b54fc5d603b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a3922ab13028b40a17d282752146872724c3f994b88d7329227f1300f4de7b7
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9dd46fde5b293c1c7411d70e4e6e80eddfdd4443cae380c6605a72055a38b508
9de6faf69d60c4e5e426634bfd1c7afda005bd47ad2a0247befb29e3634f1a33
a0092b97349a18e065497f4007f9bd5c28e05031e2269c521fc80f38eeb9d414
a143b8e73e0aedad993cf30249d2a45a3f7ae8e271b73297c748522fa9fc2ece
a2287bb22f8ed8285baec2e9b8cfd84ea46d0a142884bea029c7c396fa3a0d9f
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
a9eeecb88a881d5d9211772ad6df8b3f15f04e31bd83255e747c9e304e8d9182
aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c79f21bf9dba9c355aa19806c7f4fa81cc70d2f004f43612b1ca394c913c655d
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e396c79b7c0d5a855f996af8807bdf7318a87f7d4a198fa08a2c65e5cfa34330
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
e792f8066b5ce9cd23819a8e45de56b6308f67755cd8a40707968a17682cd20c
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ebcdeb6f9203bcc4c63746fd8ad18cbe40eed32c71f5cff84bee12183e87a5dd
ec9f8c9d2e03417ce6655dda5896fb14ee2aa66a94eefe83975d2458a6c1652f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0916b04a6bd6a9c5a9c9721e8749a0d952b39ba9303399faeacba8a65dd9a92
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
f76a484bb66130b90832bfe73e4b5acb2da46d8dac2abb34b6d60ecab7f4365a
f7ef58efaada2664bec27e9c84699bc2d2449babe6e21c3ead85e577feb92da8
f962ea052383e066291f943eb01b1c0cc8314900431aae47bf271cc301239e10
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.cobaltstrike.com Open in urlscan Pro 141.193.213.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

94 Requests

100 %HTTPS

67 %IPv6

23 Domains

32 Subdomains

27 IPs

3 Countries

1578 kBTransfer

3908 kBSize

23 Cookies

7 Outgoing links

Redirected requests

94 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cobaltstrike.com Open in urlscan Pro
141.193.213.10 Public Scan

Screenshot
Live screenshot

Full Image

94
Requests

100 %
HTTPS

67 %
IPv6

23
Domains

32
Subdomains

27
IPs

3
Countries

1578 kB
Transfer

3908 kB
Size

23
Cookies

94 HTTP transactions
0 data transactions