www.safebreach.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Submission: On April 23 via api (April 23rd 2024, 2:11:36 am UTC) from TR — Scanned from DE

Summary HTTP 152 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 31 IPs in 6 countries across 30 domains to perform 152 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.safebreach.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 10th 2024. Valid for: a year.

This is the only time www.safebreach.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
81	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
12	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	46.137.132.32 46.137.132.32	16509 (AMAZON-02) (AMAZON-02)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:29af	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1490	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:8ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.200.101.152 23.200.101.152	16625 (AKAMAI-AS) (AKAMAI-AS)
3	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.178.78.162 51.178.78.162	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	2606:4700::68... 2606:4700::6810:6ffe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4c8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:225... 2600:9000:225e:2200:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:9600:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
152	31

81 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.safebreach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.137.132.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

tribl.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:29af (United States)

ASN13335 (CLOUDFLARENET, US)

assets.calendly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1490 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.200.101.152 (Dublin, Ireland)

ASN16625 (AKAMAI-AS, US)
PTR: a23-200-101-152.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.178.78.162 (France)

ASN16276 (OVH, FR)
PTR: ns3165917.ip-51-178-78.eu

serve.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

535-ixz-934.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6ffe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4c8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:2200:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

safebreachinc.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:9600:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

safebreachinc.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
81	safebreach.com www.safebreach.com	1 MB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 306	151 KB
6	tribl.io tribl.io — Cisco Umbrella Rank: 36316	11 KB
5	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 4845 app.hubspot.com — Cisco Umbrella Rank: 5595 track.hubspot.com — Cisco Umbrella Rank: 2416	4 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7702	26 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4253 forms-na1.hsforms.com — Cisco Umbrella Rank: 6866	6 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 6963	4 KB
3	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4706	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	285 KB
2	insent.ai safebreachinc.widget.insent.ai	23 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4528 forms.hscollectedforms.net — Cisco Umbrella Rank: 4688	26 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	407 B
2	nrich.ai serve.nrich.ai — Cisco Umbrella Rank: 94664	2 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3820	6 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
2	gstatic.com fonts.gstatic.com	67 KB
1	linkedin.com www.linkedin.com Failed px.ads.linkedin.com — Cisco Umbrella Rank: 328	329 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4787	25 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2216	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2206	23 KB
1	mktoresp.com 535-ixz-934.mktoresp.com	318 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	63 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 12616	181 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2505	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 781	17 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 535	304 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
1	calendly.com assets.calendly.com — Cisco Umbrella Rank: 13317	4 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6663	154 KB
0	google.de Failed www.google.de Failed
152	30

	Domain	Requested by
81	www.safebreach.com	www.safebreach.com
12	cdn.cookielaw.org	www.safebreach.com cdn.cookielaw.org
6	tribl.io	www.safebreach.com
4	cdn.bizible.com	www.googletagmanager.com www.safebreach.com cdn.bizible.com
3	js.zi-scripts.com	www.safebreach.com js.zi-scripts.com
3	ws.zoominfo.com	www.safebreach.com js.zi-scripts.com
3	forms.hsforms.com	js.hsforms.net www.safebreach.com
3	www.googletagmanager.com	www.safebreach.com www.googletagmanager.com
2	track.hubspot.com
2	safebreachinc.widget.insent.ai	www.safebreach.com safebreachinc.widget.insent.ai
2	api.hubspot.com	cdn.bizible.com
2	stats.g.doubleclick.net	www.googletagmanager.com cdn.bizible.com
2	serve.nrich.ai	www.safebreach.com serve.nrich.ai
2	munchkin.marketo.net	www.safebreach.com munchkin.marketo.net
2	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
2	fonts.gstatic.com	fonts.googleapis.com
1	px.ads.linkedin.com	cdn.bizible.com
1	app.hubspot.com	js.usemessages.com
1	forms.hscollectedforms.net	cdn.bizible.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	535-ixz-934.mktoresp.com	munchkin.marketo.net
1	www.google.com	www.safebreach.com
1	forms-na1.hsforms.com	www.safebreach.com
1	cdn.bizibly.com	www.safebreach.com
1	js.hs-scripts.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	fonts.googleapis.com	www.safebreach.com
1	assets.calendly.com	www.safebreach.com
1	js.hsforms.net	www.safebreach.com
0	www.linkedin.com Failed	www.safebreach.com
0	www.google.de Failed	www.safebreach.com
152	35

This site contains links to these domains. Also see Links.

Domain
support.safebreach.com
security.safebreach.com
www.linkedin.com
twitter.com
www.facebook.com
www.grandviewresearch.com
www.gartner.com
www.blackhat.com
www.paloaltonetworks.com
nvd.nist.gov
github.com
partners.safebreach.com
www.youtube.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
www.safebreach.com Cloudflare Inc ECC CA-3	`2024-01-10` - `2024-12-31`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
tribl.io R3	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hsforms.net GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
calendly.com E1	`2024-04-02` - `2024-07-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
hs-scripts.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
zoominfo.com E1	`2024-04-19` - `2024-07-18`	3 months	crt.sh
*.nrich.ai ZeroSSL RSA Domain Secure Site CA	`2023-12-21` - `2024-12-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
usemessages.com E1	`2024-04-12` - `2024-07-11`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-03-29` - `2024-06-27`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Frame ID: 270054CD95F9FD3E491935897CF9F8C5
Requests: 154 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/43692056/threads/utk/ba59e474035d4879b865abd830da74e3?uuid=800e749ec21940ef8734fdf1a554faee&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=safebreach.com&inApp53=false&messagesUtk=ba59e474035d4879b865abd830da74e3&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: EEF0D9BF7B47B62D4601E1BCD1AA149E
Requests: 1 HTTP requests in this frame

Frame: https://safebreachinc.widget.insent.ai/?project_key=rOnNvHCUUfn5umnTiJGk&blog_url=www.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&event_listener=aJlEXifeaccWT2A&marketo_cookies=[%22_mch-safebreach.com-1713838291121-27134%22]&hubspot_cookies=[%2210a45c980435b9c8ab17ea2069e49f81%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 13E34A3DD7A969BA3F8C8912B8FB6EB0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

EDR as an Offensive Tool | SafeBreach

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Calendly (Appointment scheduling) Expand

Overall confidence: 100%
Detected patterns

https://assets\.calendly\.com/assets/external/widget\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

lodash.*\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

152
Requests

97 %
HTTPS

63 %
IPv6

30
Domains

35
Subdomains

31
IPs

6
Countries

2415 kB
Transfer

8514 kB
Size

35
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://support.safebreach.com/
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://security.safebreach.com/
Title: Security Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?text=The%20Dark%20Side%20of%20EDR%3A%20Repurpose%20EDR%20as%20an%20Offensive%20Tool&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F

Search URL Search Domain Scan URL

URL: https://www.grandviewresearch.com/industry-analysis/endpoint-detection-response-market-report#:~:text=b.-,The%20global%20endpoint%20detection%20and%20response%20(EDR)%20market%20size%20was,USD%203.55%20billion%20by%202023.
Title: $17 billion by 2030

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions
Title: Gartner

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/asia-24/briefings/schedule/#the-dark-side-of-edr-repurpose-edr-as-an-offensive-tool-37846
Title: Black Hat Asia 2024

Search URL Search Domain Scan URL

URL: https://www.paloaltonetworks.com/cortex/cortex-xdr
Title: Cortex extended detection and response (XDR) platform

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16098
Title: CVE-2019-16098

Search URL Search Domain Scan URL

URL: https://github.com/SafeBreach-Labs/CortexVortex
Title: research repository

Search URL Search Domain Scan URL

URL: https://partners.safebreach.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://support.safebreach.com/s/login/?ec=302&startURL=%2Fs%2F
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/safebreach

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/safebreach/

Search URL Search Domain Scan URL

URL: https://twitter.com/safebreach

Search URL Search Domain Scan URL

URL: https://github.com/SafeBreach-Labs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCTosJ2lQCmPW9Y9hJmLf6TA

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 139

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1777625&time=1713838291301&li_adsId=e4d8f07a-e66f-47ff-b49d-2079a72eb3d6&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1777625&time=1713838291301&li_adsId=e4d8f07a-e66f-47ff-b49d-2079a72eb3d6&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&cookiesTest=true HTTP 0
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1777625%26time%3D1713838291301%26li_adsId%3De4d8f07a-e66f-47ff-b49d-2079a72eb3d6%26url%3Dhttps%253A%252F%252Fwww.safebreach.com%252Fblog%252Fdark-side-of-edr-offensive-tool%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue

152 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ 130 KB
33 KB 899ms
792ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

6730ad874a48f77990a0b68666b2d2584685650207511ed16dad2bef2cfa625a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' data: munchkin.marketo.net cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-eval' munchkin.marketo.net cookie-cdn.cookiepro.com go.safebreach.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com serve.nrich.ai googleads.g.doubleclick.net static.doubleclick.net tag.nrich.ai audience.nrich.ai connect.facebook.net www.comeet.co js.driftt.com ws.zoominfo.com https://www.googleadservices.com https://cdn.bizible.com https://snap.licdn.com https://px.ads.linkedin.com https://tags.clickagy.com https://www.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://js.zi-scripts.com/zi-tag.js https://safebreachinc.widget.insent.ai/insent https://ws-assets.zoominfo.com/formcomplete.js tribl.io https://tribl.io https://www.gstatic.com https://assets.calendly.com https://cdn.cookielaw.org https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://demostack.app https://js.usemessages.com 'nonce-uCInVl43nbqmhUA8c01Zsq/N5V4=' nonce-LLBHkd/nGV9aU3wl9Nq9+Tq1XuI= platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: https://go.safebreach.com https://www.comeet.co https://www.comeet.com https://cdn.bizible.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://.bluekai.com https://.agkn.com https://.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app https://api.hubspot.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://fonts.gstatic.com cookie-cdn.cookiepro.com https://cdn.bizible.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://cdn.bizible.com; media-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://cdn.bizible.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com; frame-src 'self' https://go.safebreach.com https://www.youtube-nocookie.com https://www.comeet.co https://www.comeet.com https://www.facebook.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com/ https://js.driftt.com https://cdn.bizible.com https://w.soundcloud.com https://bid.g.doubleclick.net https://optimize.google.com https://safebreachinc.widget.insent.ai https://www.google.com https://calendly.com https://td.doubleclick.net https://forms.hsforms.com https://demostack.app https://app.hubspot.com www.instagram.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://www.safebreach.com?gdsih-xxp-report;

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 878a52bb4d2b6a76-TXL
content-encoding: br
content-security-policy: default-src 'self' 'unsafe-eval' data: munchkin.marketo.net cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-eval' munchkin.marketo.net cookie-cdn.cookiepro.com go.safebreach.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com serve.nrich.ai googleads.g.doubleclick.net static.doubleclick.net tag.nrich.ai audience.nrich.ai connect.facebook.net www.comeet.co js.driftt.com ws.zoominfo.com https://www.googleadservices.com https://cdn.bizible.com https://snap.licdn.com https://px.ads.linkedin.com https://tags.clickagy.com https://www.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://js.zi-scripts.com/zi-tag.js https://safebreachinc.widget.insent.ai/insent https://ws-assets.zoominfo.com/formcomplete.js tribl.io https://tribl.io https://www.gstatic.com https://assets.calendly.com https://cdn.cookielaw.org https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://demostack.app https://js.usemessages.com 'nonce-uCInVl43nbqmhUA8c01Zsq/N5V4=' nonce-LLBHkd/nGV9aU3wl9Nq9+Tq1XuI= platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: https://go.safebreach.com https://www.comeet.co https://www.comeet.com https://cdn.bizible.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://*.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://*.bluekai.com https://*.agkn.com https://*.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app https://api.hubspot.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://fonts.gstatic.com cookie-cdn.cookiepro.com https://cdn.bizible.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://cdn.bizible.com; media-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://cdn.bizible.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com; frame-src 'self' https://go.safebreach.com https://www.youtube-nocookie.com https://www.comeet.co https://www.comeet.com https://www.facebook.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com/ https://js.driftt.com https://cdn.bizible.com https://w.soundcloud.com https://bid.g.doubleclick.net https://optimize.google.com https://safebreachinc.widget.insent.ai https://www.google.com https://calendly.com https://td.doubleclick.net https://forms.hsforms.com https://demostack.app https://app.hubspot.com www.instagram.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content;
content-type: text/html; charset=UTF-8
date: Tue, 23 Apr 2024 02:11:29 GMT
last-modified: Fri, 19 Apr 2024 20:08:56 GMT
link: <https://www.safebreach.com/wp-json/>; rel="https://api.w.org/" <https://www.safebreach.com/wp-json/wp/v2/resource/145802>; rel="alternate"; type="application/json" <https://www.safebreach.com/?p=145802>; rel=shortlink
permissions-policy: interest-cohort=(*)
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pass-why: custom-path
x-powered-by: WP Engine
x-xss-protection: 1; mode=block; report=https://www.safebreach.com?gdsih-xxp-report;

GET
H2 200 style.min.css
www.safebreach.com/wp-includes/css/dist/block-library/ 108 KB
14 KB 63ms
60ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Feb 2024 05:47:38 GMT
server: cloudflare
age: 65853
etag: W/"65dc25fa-1ae43"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ace6a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 frontend_blocks.css
www.safebreach.com/wp-content/plugins/berg-custom/dist/ 2 KB
609 B 104ms
102ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/berg-custom/dist/frontend_blocks.css?ver=1.0.0
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7086a4025effd5da7d23993106fd7a2a24b90987a06b991fbc2e5d4e07ab926d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:21:32 GMT
server: cloudflare
age: 65854
etag: W/"6625e5cc-799"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05acf6a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 frontend_blocks.css
www.safebreach.com/wp-content/plugins/berg/dist/ 8 KB
2 KB 63ms
61ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/berg/dist/frontend_blocks.css?ver=1.0.0
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b86cb9efeaf6a259531285ecad4bb3c4a74afc89d79c22f32712d4c2a4935c5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:20:53 GMT
server: cloudflare
age: 65853
etag: W/"6625e5a5-21e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad16a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
www.safebreach.com/wp-content/uploads/maxmegamenu/ 127 KB
9 KB 61ms
59ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 092840f652dddfd0ca3640148c6940a612ca13319e1bae8ff9f90472510e6e57

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 13 Jun 2023 06:59:58 GMT
server: cloudflare
age: 65853
etag: W/"648813ee-1fc2d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad36a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 dashicons.min.css
www.safebreach.com/wp-includes/css/ 58 KB
35 KB 68ms
66ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/css/dashicons.min.css?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: cloudflare
age: 65854
etag: W/"603ffca6-e688"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad46a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 all.min.css
www.safebreach.com/wp-content/plugins/megamenu-pro/icons/fontawesome6/css/ 100 KB
23 KB 104ms
102ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/megamenu-pro/icons/fontawesome6/css/all.min.css?ver=2.3.1.1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:41 GMT
server: cloudflare
age: 65854
etag: W/"66138da9-18f49"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad66a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 sassy-social-share-public.css
www.safebreach.com/wp-content/plugins/sassy-social-share/public/css/ 10 KB
3 KB 104ms
102ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.60
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8396e354653781b37e6a1c869d145ae9d8b450854e4a6dcff667e1b78afe037e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:39 GMT
server: cloudflare
age: 65854
etag: W/"66138da7-2906"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad76a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 vendor.css
www.safebreach.com/wp-content/themes/berg-theme/dist/css/ 131 KB
17 KB 66ms
64ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme/dist/css/vendor.css?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bf5d87704595e94001da5f922b17627a271dea1c944055c06de9bd404f1a8ee

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:19:57 GMT
server: cloudflare
age: 65854
etag: W/"6625e56d-20c50"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad86a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/ 1 MB
91 KB 98ms
96ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3006ec825fb5f937ebd7168b97f475a19a685638174a3ebb700bb88f848c34c2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:17:47 GMT
server: cloudflare
age: 65853
etag: W/"6625e4eb-125e0a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ad96a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 frontend.js Show response
www.safebreach.com/wp-content/plugins/stop-user-enumeration/frontend/js/ 486 B
363 B 60ms
58ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.4.9
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:39 GMT
server: cloudflare
age: 65853
etag: W/"66138da7-1e6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c05ada6a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 210ms
52ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zgTRIDojRJmnmBTwUyI2Vw==
age: 38278
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:50 GMT
server: cloudflare
etag: 0x8DC5FE06E4C260E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 8befe9e8-701e-008c-2f73-92518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c15b7c65b5-FRA

GET
H/1.1 200
OK h.js Show response
tribl.io/ 2 KB
1 KB 215ms
57ms Script
text/plain 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tribl.io/h.js?orgId=JokA2nvzKpH390z24RLk

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7af50cf95aee25377e0d294dfd490228f7bfa3829a47298137dd3495811cb4c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:30 GMT
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: keep-alive
ContentType: text/javascript
Content-Length: 833

GET
H/1.1 200
OK footer.js Show response
tribl.io/ 2 KB
2 KB 214ms
56ms Script
text/plain 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tribl.io/footer.js?orgId=JokA2nvzKpH390z24RLk

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f4a754e6ac062bf3b1a2a4b2194e6ba8f55710630cda839c52017b1c05e37cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:30 GMT
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: keep-alive
ContentType: text/javascript
Content-Length: 1027

GET
H2 200 safebreach-logo-newbrand-large-01.svg
www.safebreach.com/wp-content/uploads/2022/02/ 8 KB
3 KB 103ms
103ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/02/safebreach-logo-newbrand-large-01.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75c4c2a69d4ea85f946db4177ee732659405d7f4e74f2da34ef7e2e869f662f2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9a-21ec"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c09b066a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 sb-logo-white-copy.svg
www.safebreach.com/wp-content/uploads/2022/02/ 8 KB
3 KB 103ms
102ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/02/sb-logo-white-copy.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 588d0c70e38e61128de744dfb8ee3dcea06520d1d1f6927bd510ff17f5b39858

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9a-214a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c09b076a76-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 menu-img-one.png
www.safebreach.com/wp-content/uploads/2021/12/ 374 B
622 B 310ms
308ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/menu-img-one.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9da1092c825ba5f26912e9f63042a09bfd1d37afa07ec46eb28b81006cb2b7db

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 65854
cf-polished: origFmt=png, origSize=518
content-disposition: inline; filename="menu-img-one.webp"
alt-svc: h3=":443"; ma=86400
content-length: 374
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
etag: "620d2e9b-206"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1158f6-TXL

GET
H3 200 menu-img-two.png
www.safebreach.com/wp-content/uploads/2021/12/ 284 B
532 B 311ms
309ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/menu-img-two.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 085b96736f1f0271493cf3db411255d6f835d863dc159f599184ef7d86456734

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 65854
cf-polished: origFmt=png, origSize=412
content-disposition: inline; filename="menu-img-two.webp"
alt-svc: h3=":443"; ma=86400
content-length: 284
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
etag: "620d2e9b-19c"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1258f6-TXL

GET
H3 200 menu-img-three.png
www.safebreach.com/wp-content/uploads/2021/12/ 450 B
700 B 311ms
309ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/menu-img-three.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b230997f5ead5e833b2642fd1cc9cfbbe8f3601caead9f293b9095912a47b4e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 65854
cf-polished: origFmt=png, origSize=605
content-disposition: inline; filename="menu-img-three.webp"
alt-svc: h3=":443"; ma=86400
content-length: 450
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
etag: "620d2e9b-25d"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1458f6-TXL

GET
BLOB 200
OK 113f57ea-8180-48df-8787-2f96ad649ec1
https://www.safebreach.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.safebreach.com/113f57ea-8180-48df-8787-2f96ad649ec1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H3 200 Group-90.png
www.safebreach.com/wp-content/uploads/2022/05/ 292 B
538 B 312ms
310ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/05/Group-90.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2554df887b9bc503956cd0ac7e9ee10ed46740eed67e3737972ce2a03710b2d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 65854
cf-polished: origFmt=png, origSize=433
content-disposition: inline; filename="Group-90.webp"
alt-svc: h3=":443"; ma=86400
content-length: 292
cf-bgj: imgq:100,h2pri
last-modified: Wed, 18 May 2022 09:00:09 GMT
server: cloudflare
etag: "6284b599-1b1"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1558f6-TXL

GET
H2 200 01-EDR.webp
www.safebreach.com/wp-content/uploads/2024/04/ 35 KB
35 KB 88ms
88ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/01-EDR.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97d48350002ed616195cc5ed8da7754c3c42858ee01845d0383efa238d66e566

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 17:42:13 GMT
server: cloudflare
age: 49361
etag: "66215b75-8c30"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c09b086a76-TXL
alt-svc: h3=":443"; ma=86400
content-length: 35888

GET
H3 200 02-EDR-1024x605.webp
www.safebreach.com/wp-content/uploads/2024/04/ 62 KB
62 KB 89ms
89ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/02-EDR-1024x605.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ca3fd76c50585b0cb3b866a45e67662cbd7fbf3f3fc35b67996802c0f1d5cf3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 17:42:31 GMT
server: cloudflare
age: 49362
etag: "66215b87-f796"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c14d0d58f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 63382

GET
H3 200 03-EDR.webp
www.safebreach.com/wp-content/uploads/2024/04/ 19 KB
20 KB 52ms
52ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/03-EDR.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0947a06bb8606cc4037610e77d85170b2e18d4d5877e41a828b56c394d5fd9e9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 17:42:33 GMT
server: cloudflare
age: 49361
etag: "66215b89-4de0"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c14d0e58f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 19936

GET
H3 200 24-04-MagicDot-Research-blog-1.webp
www.safebreach.com/wp-content/uploads/2024/04/ 57 KB
57 KB 313ms
311ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/24-04-MagicDot-Research-blog-1.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5078f4997f7a127570547feef5aea2986cd6dad51a756ebb999f5c280f192e2f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Apr 2024 21:09:37 GMT
server: cloudflare
age: 49352
etag: "66203a91-e376"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1658f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 58230

GET
H3 200 24-02-VfV-Cloud.webp
www.safebreach.com/wp-content/uploads/2024/03/ 80 KB
80 KB 314ms
312ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2024/03/24-02-VfV-Cloud.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1f6ed656c33aeeff51fe30eedc1877f5b0006553c29693251a2621e0d49b3ca

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Mon, 04 Mar 2024 16:36:32 GMT
server: cloudflare
age: 49349
etag: "65e5f890-140d4"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1958f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 82132

GET
H3 200 Hackers-Playbook-Dec-2023.webp
www.safebreach.com/wp-content/uploads/2023/12/ 333 KB
333 KB 316ms
314ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2023/12/Hackers-Playbook-Dec-2023.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dcc4870ad7c6d483e8f1b3baf6171d62d16465237ac2c2c158f69cd08d08c77

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Fri, 22 Dec 2023 21:37:53 GMT
server: cloudflare
age: 49350
etag: "658601b1-5326e"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1a58f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 340590

GET
H3 200 email-decode.min.js Show response
www.safebreach.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
835 B 39ms
39ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.safebreach.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Apr 2024 20:54:07 GMT
server: cloudflare
etag: W/"6622d9ef-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 878a52c20de458f6-TXL
expires: Thu, 25 Apr 2024 02:11:30 GMT

GET
H3 200 shell.js Show response
js.hsforms.net/forms/ 482 KB
154 KB 238ms
181ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/shell.js

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 285
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=878a4bcb797c2bce-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Tue, 23 Apr 2024 02:11:30 GMT
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 5f613b9a-be0c-4738-b1e6-015e9303138a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5f613b9a-be0c-4738-b1e6-015e9303138a
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptU6FHI%2FioUTjyTkbiueQBdrQ3DspRgYGceKudyUtQLeI3sew2bJ7W8K1mNkerOCVUJ94OaTfQmUunh50VoXB9IURCYV0J6ENS385x2Mz4mXv6Lk1NeNb%2FjCK3SvHlS%2F"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-6zsl2
cf-ray: 878a52c28d758f32-FRA
x-amz-cf-id: 9JRHT_0FqTiGovGdV_LdY5LIQu2oWzcBDZX0Je3NXqWO9Wuntx9JSw==

GET
H3 200 sb-logo-white.png
www.safebreach.com/wp-content/uploads/2021/12/ 1 KB
1 KB 353ms
351ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/sb-logo-white.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1bc9505462671f841ed0d09efcfdaf40560ecd855101557320c4171fa6976db

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 65854
cf-polished: origFmt=png, origSize=1302
content-disposition: inline; filename="sb-logo-white.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1094
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
etag: "620d2e9b-516"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c22e1b58f6-TXL

GET
H3 200 facebook.svg
www.safebreach.com/wp-content/uploads/2021/12/ 505 B
541 B 354ms
352ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/facebook.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17ae9e8b094566b5035ab4bdeaad98409f5e8986ae0db8a191879e4aceb484d2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9a-1f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e1c58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 linkedin.svg
www.safebreach.com/wp-content/uploads/2021/12/ 484 B
519 B 355ms
353ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/linkedin.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f31b57cf5dc33839628dd3b16bfab3f0ec31114bf8cdb4174612341a82c82fb8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9b-1e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e1e58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 twitter.svg
www.safebreach.com/wp-content/uploads/2021/12/ 789 B
699 B 355ms
354ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/twitter.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: af831239d83e566a816ad3867bc7e063f215d24dd87fbc3a10ff4093f30e07a7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9b-315"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e1f58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 github.svg
www.safebreach.com/wp-content/uploads/2021/12/ 867 B
734 B 356ms
354ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/github.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ec39f0e4290dce2c228d3f68d732d698aec3339628ecc7920281ec257c71fd8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9a-363"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e2058f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 You.svg
www.safebreach.com/wp-content/uploads/2022/01/ 1 KB
830 B 356ms
355ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/01/You.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 495b162e5c074fefa7c26847421f1d1ac6898ac18a306db5ce39be395ef20ee0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 65854
etag: W/"620d2e9a-4fe"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e2158f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.min.js Show response
www.safebreach.com/wp-includes/js/jquery/ 86 KB
31 KB 62ms
61ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Feb 2024 05:47:40 GMT
server: cloudflare
age: 65854
etag: W/"65dc25fc-15601"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22dfb58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery-migrate.min.js Show response
www.safebreach.com/wp-includes/js/jquery/ 13 KB
5 KB 235ms
234ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: cloudflare
age: 65854
etag: W/"6482bd64-3509"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22dfe58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 vendor.js Show response
www.safebreach.com/wp-content/themes/berg-theme/dist/js/ 212 KB
65 KB 236ms
234ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme/dist/js/vendor.js
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e3bdf5154e65b94131b4e5a968ecf598d6c5bd39b2c94e29163ed9d6eb735d2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:19:56 GMT
server: cloudflare
age: 65854
etag: W/"6625e56c-3517c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0258f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 frontend_blocks_custom.js Show response
www.safebreach.com/wp-content/plugins/berg-custom/dist/ 1 KB
821 B 57ms
55ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/berg-custom/dist/frontend_blocks_custom.js?ver=1.0.0
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d0f2b5df2e4baa14da9cee4dc3f50d68ec0e392759f900dbe467226ea2df21e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:21:24 GMT
server: cloudflare
age: 65854
etag: W/"6625e5c4-4cc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0458f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 lodash.min.js Show response
www.safebreach.com/wp-includes/js/dist/vendor/ 69 KB
25 KB 60ms
58ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 211fdb26a74dac46f2bd297c0f02953de9e69355035cad239d87acf21c5a6a0e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
server: cloudflare
age: 65854
etag: W/"649c934e-115ad"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0558f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 main.js Show response
www.safebreach.com/wp-content/themes/berg-theme-child/dist/js/ 326 KB
98 KB 239ms
236ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/js/main.js
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dded58f9b04eb467fc1ad27a05420000e95be5998387f43810be7e19b25ea4ab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:17:43 GMT
server: cloudflare
age: 65854
etag: W/"6625e4e7-517d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0758f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 frontend_blocks.js Show response
www.safebreach.com/wp-content/plugins/berg/dist/ 134 KB
43 KB 273ms
270ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/berg/dist/frontend_blocks.js?ver=1.0.0
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d6893c57974392484d8116c198b7eb3da710475318222a21da4ce0f65225fd9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:20:45 GMT
server: cloudflare
age: 65854
etag: W/"6625e59d-21816"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0858f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 advance-accordion-block.js Show response
www.safebreach.com/wp-content/plugins/berg/src/block/advance-accordion/js/ 3 KB
1 KB 306ms
304ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/berg/src/block/advance-accordion/js/advance-accordion-block.js?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28aa4b159b32b6a6829cb9c4faacf50809cdc7be6a363570fe13b185f14b05a1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 03:01:52 GMT
server: cloudflare
age: 65854
etag: W/"61c143a0-d19"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0a58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 sassy-social-share-public.js Show response
www.safebreach.com/wp-content/plugins/sassy-social-share/public/js/ 123 KB
41 KB 307ms
305ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.60
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88e837b16a510d57917487740558a4e2cd531680b4822617f86cf3aa32f23686

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:40 GMT
server: cloudflare
age: 65854
etag: W/"66138da8-1eaf9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0b58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 hoverIntent.min.js Show response
www.safebreach.com/wp-includes/js/ 1 KB
921 B 308ms
306ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: cloudflare
age: 65854
etag: W/"625095f6-5db"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0c58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 maxmegamenu.js Show response
www.safebreach.com/wp-content/plugins/megamenu/js/ 33 KB
6 KB 309ms
306ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=3.3.1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a875e1d5f8cfe252cc8f5e04d750dd8c771fb8aceabd435d548425a445ab61d3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:41 GMT
server: cloudflare
age: 65854
etag: W/"66138da9-82aa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0e58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 public.js Show response
www.safebreach.com/wp-content/plugins/megamenu-pro/assets/ 25 KB
5 KB 310ms
307ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/plugins/megamenu-pro/assets/public.js?ver=2.3.1.1
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24a6b196f2d7f4ad17b251295d25bf9a73eb5ab8329f1f3510b019006800b35d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Apr 2024 06:24:41 GMT
server: cloudflare
age: 65854
etag: W/"66138da9-6577"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c22e0f58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 widget.js Show response
assets.calendly.com/assets/external/ 11 KB
4 KB 460ms
222ms Script
application/javascript 2606:4700:4400::6812:29af
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/external/widget.js

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:29af , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ac0b4dc5e9a051c3a12feb1406fb45030caa091adbef913e4533dabae487634

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:19:48 GMT
cf-bgj: minify
server: cloudflare
age: 126
etag: W/"3dda49c0223b617e2f088c195726b562"
vary: Accept-Encoding
content-type: application/javascript
content-encoding: br
cache-control: public, max-age=300
cf-ray: 878a52c3a9903a76-FRA
expires: Wed, 24 Apr 2024 02:11:30 GMT

GET
H2 200 css2
fonts.googleapis.com/ 16 KB
1 KB 136ms
50ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:wght@400;500&family=Inter:wght@300;400;500;600;700;800&display=swap

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

debe3eb4148cc6d948519523cf7dbf94183e0d9ab092a7afc70dbe4f7c6489dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Apr 2024 02:11:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Apr 2024 02:11:30 GMT

GET
H2 200 42606b90-b1fe-41ea-a320-c734cd69a01a.json Show response
cdn.cookielaw.org/consent/42606b90-b1fe-41ea-a320-c734cd69a01a/ 5 KB
2 KB 269ms
189ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/42606b90-b1fe-41ea-a320-c734cd69a01a/42606b90-b1fe-41ea-a320-c734cd69a01a.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1154be083e51e78352a289a540a53b24895712135fa572c7ada9d55c1f1766df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13319
content-md5: ITgLmDBuO4NcA97nxtWLtA==
content-length: 1749
x-ms-lease-status: unlocked
last-modified: Fri, 17 Nov 2023 03:15:23 GMT
server: cloudflare
etag: 0x8DBE71B70610AF7
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 4d9cf6d7-601e-0074-132f-610d73000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c37ce62c18-FRA
expires: Wed, 24 Apr 2024 02:11:30 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 294 KB
101 KB 268ms
179ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

982c6830e8e36d88b6148978539ac7e435d5d97d80b07fb9ec666db2ddcce0db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103494
x-xss-protection: 0
last-modified: Tue, 23 Apr 2024 00:45:32 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 Apr 2024 02:11:30 GMT

GET
H/1.1 200
OK analytics.js Show response
tribl.io/ 19 KB
6 KB 60ms
59ms Script
application/javascript 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tribl.io/analytics.js
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-132-32.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 30e0c355dca9b065dd06bf034ede814dca5dc1e4c3d143106b5b92e71aa2e1be

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Apr 2024 02:18:02 GMT
Server: nginx
ETag: W/"6615f6da-4c52"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H3 200 menu_bg.png
www.safebreach.com/wp-content/uploads/2021/12/ 17 KB
17 KB 348ms
348ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/menu_bg.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2377ad8530691d6de23435c520b3ed312a92711ed617cca840d259721f0de205

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 56021
cf-polished: origSize=46625, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 17031
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
etag: "620d2e9b-b621"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c23e2658f6-TXL

GET
H3 200 icons-8-loader.svg
www.safebreach.com/wp-content/uploads/2021/12/ 2 KB
1004 B 349ms
348ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-loader.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d43b17a949f3545f472334a5a417f3e99bece784c545fd3e24f5bbe4a1e2a26

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-6e3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e2858f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-workflow.svg
www.safebreach.com/wp-content/uploads/2021/12/ 1 KB
860 B 349ms
349ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-workflow.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31220886e818cd4a1ae18508f68dcebfcce6a4fc1916b5ce6c01b2294cfb1de6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-59b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e2c58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-service-copy.svg
www.safebreach.com/wp-content/uploads/2021/12/ 4 KB
2 KB 350ms
350ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-service-copy.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8968f16fe2db90e1f44bd7e9f679355521af5857ac3333fcdd135d8041fc5747

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-f31"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e2e58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-admin-settings-male.svg
www.safebreach.com/wp-content/uploads/2021/12/ 3 KB
2 KB 351ms
350ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-admin-settings-male.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a9c7eea3de39fd83461f6ab4bd676bf7a63e4bab6a6d18df1dc38c9fdbae317

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-aec"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3058f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-news.svg
www.safebreach.com/wp-content/uploads/2021/12/ 3 KB
1 KB 351ms
351ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-news.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a97c568af531f4a39044be90c62110246b96ddb3385a9965dfad62c9454be163

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-b12"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3458f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-sprite-v1.3.svg
www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/ 31 KB
7 KB 351ms
351ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/icon-sprite-v1.3.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01eab240d56f3dc7c0529ec0bcb3ae2d4e038f3f89afe917bffe869c8f5c5072

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:17:43 GMT
server: cloudflare
age: 65854
etag: W/"6625e4e7-7ca4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3658f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 by-need-icon-20x20.png
www.safebreach.com/wp-content/uploads/2023/04/ 684 B
937 B 354ms
354ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2023/04/by-need-icon-20x20.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf15dc1f2860288136db694d8d172124719f1f0a76c8f5121121151bb0f06273

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 56021
cf-polished: origFmt=png, origSize=957
content-disposition: inline; filename="by-need-icon-20x20.webp"
alt-svc: h3=":443"; ma=86400
content-length: 684
cf-bgj: imgq:100,h2pri
last-modified: Fri, 28 Apr 2023 05:27:59 GMT
server: cloudflare
etag: "644b595f-3bd"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c23e3758f6-TXL

GET
H3 200 by-industry-icon-20x20.png
www.safebreach.com/wp-content/uploads/2023/04/ 456 B
712 B 354ms
354ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2023/04/by-industry-icon-20x20.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23d6114b8d4c4586649f37f20ffc41ea009c720f6f9afbb5c33a8ea17f62f78c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 56021
cf-polished: origFmt=png, origSize=1012
content-disposition: inline; filename="by-industry-icon-20x20.webp"
alt-svc: h3=":443"; ma=86400
content-length: 456
cf-bgj: imgq:100,h2pri
last-modified: Fri, 28 Apr 2023 05:28:25 GMT
server: cloudflare
etag: "644b5979-3f4"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c23e3858f6-TXL

GET
H3 200 icons-8-layers.svg
www.safebreach.com/wp-content/uploads/2021/12/ 3 KB
1 KB 354ms
354ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-layers.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 140c0a3622f2612d50648567d4254e118328ab09f2bef5e7c4eebcb6e98f7ef5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-af8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3a58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-radar.svg
www.safebreach.com/wp-content/uploads/2021/12/ 2 KB
1 KB 355ms
355ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-radar.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 953a6c9a250520c4b25381e689110e155feb5e77e0cbf3ba0ab326ccdaf49739

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-7e3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3b58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-event-accepted.svg
www.safebreach.com/wp-content/uploads/2021/12/ 1 KB
951 B 355ms
355ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-event-accepted.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c50641e35657c2e4c9133124509ecd978d9dd671e259e3ce79cf4ecb66202d07

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-5ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3c58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 Technology-Partners.svg
www.safebreach.com/wp-content/uploads/2022/05/ 6 KB
2 KB 356ms
355ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/05/Technology-Partners.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: af138e158fd40e44f13388c5236a48996babaf260812e97c061ee7649cc15bfd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 May 2022 09:02:23 GMT
server: cloudflare
age: 56021
etag: W/"6284b61f-1613"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3d58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 Channel-Partners.svg
www.safebreach.com/wp-content/uploads/2022/05/ 11 KB
4 KB 356ms
356ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/05/Channel-Partners.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f77bcb423717d0d40733cfc15eff6d7660ca150eb79391b2609f94d04751b7f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 May 2022 09:03:35 GMT
server: cloudflare
age: 56021
etag: W/"6284b667-2ae0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3e58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-company.svg
www.safebreach.com/wp-content/uploads/2021/12/ 2 KB
691 B 356ms
356ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-company.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914f0db0588d92991cbfd454c64a63bc214c4b635f9087cabc664ac82f3c0763

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-693"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e3f58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-leadership.svg
www.safebreach.com/wp-content/uploads/2021/12/ 2 KB
896 B 357ms
357ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-leadership.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7919670aa5c2efe71fd29a16ce17977fcd53cae652913885f9bb513352ef94b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-70b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e4058f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-job-seeker.svg
www.safebreach.com/wp-content/uploads/2021/12/ 1 KB
825 B 357ms
357ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/icons-8-job-seeker.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: edf976a43356e227196d3d2679ec91c8da99c839e7e4fc7a90db14d0cd089a00

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:27 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9b-482"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e4158f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icons-8-army-star.svg
www.safebreach.com/wp-content/uploads/2022/01/ 4 KB
2 KB 357ms
357ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2022/01/icons-8-army-star.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31e3c28638863caa9051ba1775bebcb7d0856a32344d05aa5fa0014787182632

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/uploads/maxmegamenu/style.css?ver=116a21
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9a-e95"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c23e4258f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 webinar-background.webp
www.safebreach.com/wp-content/uploads/2023/08/ 24 KB
25 KB 358ms
358ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2023/08/webinar-background.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aca576254844106e72473a0db35c3feaa106a5e4a6570a48fdce8ffd2fabb8f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 31 Aug 2023 20:15:04 GMT
server: cloudflare
age: 56021
etag: "64f0f4c8-61ec"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c23e4458f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 25068

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 single-post-background.png
www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/ 9 KB
9 KB 355ms
355ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/single-post-background.png
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d21f0e5caafc7ca7219e609cd762b90a87cdf485b0583df0da809e1fce1ff5e7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
age: 56021
cf-polished: origFmt=png, origSize=10166
content-disposition: inline; filename="single-post-background.webp"
alt-svc: h3=":443"; ma=86400
content-length: 9326
cf-bgj: imgq:100,h2pri
last-modified: Mon, 22 Apr 2024 04:17:43 GMT
server: cloudflare
etag: "6625e4e7-27b6"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c24e4c58f6-TXL

GET
H3 200 cta_bg.svg
www.safebreach.com/wp-content/uploads/2021/12/ 3 KB
847 B 356ms
356ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/cta_bg.svg
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: daf182d03ad744219a653776d1b22881f9ce29edd8a6b522078907cbe3525039

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
age: 56021
etag: W/"620d2e9a-aa4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c24e4e58f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 260ms
41ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500&family=Inter:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.safebreach.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 15:53:06 GMT
x-content-type-options: nosniff
age: 209904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Apr 2025 15:53:06 GMT

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f

Request headers

Referer
Origin: https://www.safebreach.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 206 Ransomware_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 1 MB
0 337ms
337ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Ransomware_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:33 GMT
server: cloudflare
age: 49310
etag: "662162cd-1ebcedc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-32231131/32231132
cache-control: public, max-age=31536000
cf-ray: 878a52c26e7458f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 32231132

GET
H3 206 LSASS_Dump_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 60 KB
0 536ms
536ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/LSASS_Dump_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:46 GMT
server: cloudflare
age: 49311
etag: "662162da-fd07bc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-16582587/16582588
cache-control: public, max-age=31536000
cf-ray: 878a52c26e7758f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 16582588

GET
H3 206 Password_Bypass_Demo_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 51 KB
0 567ms
567ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Password_Bypass_Demo_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:54 GMT
server: cloudflare
age: 49312
etag: "662162e2-2394b8"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-2331831/2331832
cache-control: public, max-age=31536000
cf-ray: 878a52c26e7a58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 2331832

GET
H3 206 Run_As_Malware_Final_Demo.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 76 KB
0 594ms
594ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Run_As_Malware_Final_Demo.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 19:48:43 GMT
server: cloudflare
age: 49312
etag: "6621791b-284f09e"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-42266781/42266782
cache-control: public, max-age=31536000
cf-ray: 878a52c26e7d58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 42266782

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 193ms
87ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept: application/json
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 878a52c48dea1c2c-FRA
access-control-allow-headers: Content-Type

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/43692056/1830aba9-31aa-4bb4-82cc-289210cdc9e9/ 10 KB
4 KB 235ms
181ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/43692056/1830aba9-31aa-4bb4-82cc-289210cdc9e9/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/shell.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66ed266b3e66708f6fefa23d04edf2efe13ccb3bf447bf19c1980285a19db353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 710cb6e3-b65e-4e3c-a895-160f69a7201e
x-envoy-upstream-service-time: 23
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 710cb6e3-b65e-4e3c-a895-160f69a7201e
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.safebreach.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 878a52c57b2a58ea-TXL
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xmfhh

GET
H3 200 footer-bg.webp
www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/ 91 KB
91 KB 189ms
189ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/images/footer-bg.webp
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac4a8540b46883a3e8b89867ff00dd73c7f7328b8a63b4f6369e7a4f4f30cfad

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/wp-content/themes/berg-theme-child/dist/css/style.css?ver=6.4.3
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Mon, 22 Apr 2024 04:17:43 GMT
server: cloudflare
age: 65854
etag: "6625e4e7-16ad2"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52c539ec58f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 92882

GET
H2 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/ 20 KB
21 KB 46ms
44ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500&family=Inter:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.safebreach.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 19 Apr 2024 19:24:11 GMT
x-content-type-options: nosniff
age: 283639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20960
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Apr 2025 19:24:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 295 KB
98 KB 58ms
57ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ETQN9J5R1N&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c84f8f50449ecf1bfd10c18f82c550712096a0a60645653aa7d174a4e4621e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 100128
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 Apr 2024 02:11:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 154ms
43ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 23 Apr 2024 01:48:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1402
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 23 Apr 2024 03:48:08 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 543ms
39ms Script
application/javascript 2a02:26f0:3500:16::215:1490
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1490 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Apr 2024 07:42:51 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=69218
accept-ranges: bytes
content-length: 17238

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 193ms
39ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67D4) /

Resource Hash

4c903880e86c99ed05c1387b955f7de1f6b97ccdd3ae9db3bf1c82cad6ac8a5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Apr 2024 15:03:17 GMT
server: ECS (frb/67D4)
age: 17766
etag: "c630b1b56a92da1:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25393

GET
H2 200 43692056.js Show response
js.hs-scripts.com/ 2 KB
1 KB 432ms
330ms Script
application/javascript 2606:4700::6810:8ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/43692056.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c933341c706585ad984edc08fec339db210f452afa751d376d0d4903e9686c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ac14dfc9-4481-4443-9c96-1e0c1e4d1250
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ac14dfc9-4481-4443-9c96-1e0c1e4d1250
last-modified: Tue, 23 Apr 2024 02:03:26 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.safebreach.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-zhwhl
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 878a52c5eaed194b-FRA
expires: Tue, 23 Apr 2024 02:13:01 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/ 421 KB
101 KB 53ms
53ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: B7RJGeSCnZZuAb1NQkB81w==
age: 78305
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 103637
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:02 GMT
server: cloudflare
etag: 0x8DBB9A2763B37CA
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 370b2d5d-e01e-0045-3ee5-1dec60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c54dde65b5-FRA

GET
H3 206 Ransomware_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 84 KB
84 KB 222ms
56ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Ransomware_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce64d8fa001b8f9dbcc1f7b17866203fcbdbb6594eb3cb8e9ea4c91df9eadf82

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=32145408-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:33 GMT
server: cloudflare
age: 49310
etag: "662162cd-1ebcedc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 32145408-32231131/32231132
cache-control: public, max-age=31536000
cf-ray: 878a52c66b7758f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 85724

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 266ms
82ms Script
application/x-javascript 23.200.101.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.101.152 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-200-101-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H3 200 wp-emoji-release.min.js Show response
www.safebreach.com/wp-includes/js/ 18 KB
5 KB 159ms
159ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: cloudflare
age: 56021
etag: W/"63db0985-4904"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878a52c57a3558f6-TXL
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK _t.gif
tribl.io/ 42 B
575 B 332ms
331ms Image
image/gif 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tribl.io/_t.gif?i=JokA2nvzKpH390z24RLk&s=o2wZ&u=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&h=www.safebreach.com&bw=1600&bh=1200&t=0&rnd=4035969357440

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Tue, 23 Apr 2024 02:11:31 GMT
Strict-Transport-Security: max-age=31536000;
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Connection: keep-alive
Content-Length: 42

GET
H3 200 6215407fea39af00200a4960 Show response
ws.zoominfo.com/pixel/ 0
647 B 355ms
303ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6215407fea39af00200a4960

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
content-length: 0
cf-ray: 878a52c66afdaca4-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 200 tracker.js Show response
serve.nrich.ai/tracker/assets/ 2 KB
1 KB 181ms
54ms Script
text/javascript 51.178.78.162
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://serve.nrich.ai/tracker/assets/tracker.js?nto=nt

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.78.162 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3165917.ip-51-178-78.eu

Software

nginx /

Resource Hash

e239d85b0b206199f1c623846ccfddba8df1692e55c211ca1043a90131b72290

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
x-xss-protection: 1; mode=block
server: nginx
etag: W/"63b-SYs8H/V261iRHGSxXwFroK2NkQQ"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type,Content-Range,Range
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type,Content-Range,Range
expires: Tue, 23 Apr 2024 02:11:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 246 KB
85 KB 64ms
64ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-852557669

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W6ZT7LQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

27449869b6a9b5cbd671b495459a5755f739acd5458e068eda3ada69e71617e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87060
x-xss-protection: 0
last-modified: Tue, 23 Apr 2024 00:45:32 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 Apr 2024 02:11:30 GMT

GET
H3 206 LSASS_Dump_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 66 KB
0 160ms
55ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/LSASS_Dump_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=16515072-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:46 GMT
server: cloudflare
age: 49311
etag: "662162da-fd07bc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 16515072-16582587/16582588
cache-control: public, max-age=31536000
cf-ray: 878a52c66b7a58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 67516

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 153ms
47ms Ping
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ETQN9J5R1N&cid=1373463183.1713838291&gtm=45je44h0v870363021z8859611012za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ETQN9J5R1N&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.safebreach.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H3 206 Run_As_Malware_Final_Demo.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 92 KB
92 KB 106ms
50ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Run_As_Malware_Final_Demo.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bea592b6b260886d7debb14f7a068a877e5e1622eefee75a6722a4e6e5eee175

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=42172416-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 19:48:43 GMT
server: cloudflare
age: 49312
etag: "6621791b-284f09e"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 42172416-42266781/42266782
cache-control: public, max-age=31536000
cf-ray: 878a52c67b8e58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 94366

GET
H3 206 Password_Bypass_Demo_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 197 KB
0 103ms
49ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Password_Bypass_Demo_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=2129920-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:54 GMT
server: cloudflare
age: 49312
etag: "662162e2-2394b8"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 2129920-2331831/2331832
cache-control: public, max-age=31536000
cf-ray: 878a52c68bb058f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 201912

GET
H2 200 ipv
cdn.bizible.com/ 43 B
305 B 39ms
39ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=93e22d8cdc8b4aa1fc5229438835b582&_biz_l=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&_biz_t=1713838290947&_biz_i=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&_biz_n=0&rnd=646071&cdn_o=a&_biz_z=1713838290948

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BA) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Apr 2024 21:15:25 GMT
server: ECS (frb/67BA)
age: 276965
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
181 B 50ms
40ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=93e22d8cdc8b4aa1fc5229438835b582&_biz_l=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&_biz_t=1713838290949&_biz_i=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&rnd=74629&cdn_o=a&_biz_z=1713838290949

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:30 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Apr 2024 21:15:25 GMT
server: ECS (frb/6752)
age: 276965
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 47ms
47ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1026913385&t=pageview&_s=1&dl=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&ul=de-de&de=UTF-8&dt=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=782584103&gjid=202922047&cid=1373463183.1713838291&tid=UA-159899843-1&_gid=142491833.1713838291&_r=1&_slc=1&gtm=45He44h0n81W6ZT7LQv859611012za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=775933638

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.safebreach.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
882 B 191ms
149ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 02cfae35-d003-4b2d-a740-5a3cf6db025f
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 02cfae35-d003-4b2d-a740-5a3cf6db025f
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-89xcg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 878a52c6efd96a75-TXL

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/42606b90-b1fe-41ea-a320-c734cd69a01a/52959356-edb8-4d7b-98fb-2c177c5e39c9/ 52 KB
11 KB 65ms
65ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/42606b90-b1fe-41ea-a320-c734cd69a01a/52959356-edb8-4d7b-98fb-2c177c5e39c9/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16f87a401d5a30987af1ccc363075ac85280f8a0dcca84c140fe33ecd031c1e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13320
content-md5: KfIKTro0dkRBInvsJ4Kv5A==
content-length: 10992
x-ms-lease-status: unlocked
last-modified: Fri, 17 Nov 2023 03:15:28 GMT
server: cloudflare
etag: 0x8DBE71B72F7CEFB
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f6f29586-f01e-0066-4548-6176a3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c6ced52c18-FRA
expires: Wed, 24 Apr 2024 02:11:31 GMT

GET
H2 200 1e7bfa91-d86e-4dea-a12e-4bf5d5eb952d Show response
serve.nrich.ai/tracker/ 27 B
756 B 54ms
54ms Script
text/javascript 51.178.78.162
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://serve.nrich.ai/tracker/1e7bfa91-d86e-4dea-a12e-4bf5d5eb952d?nauid=&cb=0.9300306412013839

Requested by

Host: serve.nrich.ai
URL: https://serve.nrich.ai/tracker/assets/tracker.js?nto=nt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.178.78.162 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3165917.ip-51-178-78.eu

Software

nginx /

Resource Hash

988f39b8ad134e74d80338874a9f62988a6c71a21d19cf3522ec26e83d6b4caf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains, max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains, max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-dns-prefetch-control: off
x-xss-protection: 1; mode=block
server: nginx
etag: W/"1b-9/oBkUk5eDF3MuI7RydTMTgPdzs"
x-download-options: noopen
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type,Content-Range,Range
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Content-Type,Content-Range,Range
expires: Tue, 23 Apr 2024 02:11:31 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
882 B 211ms
157ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 069cfd99-1b3e-4318-b733-ba748e29a130
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 069cfd99-1b3e-4318-b733-ba748e29a130
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xmfhh
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 878a52c73aba2671-TXL

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 111 B
343 B 187ms
187ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=93e22d8cdc8b4aa1fc5229438835b582&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.04.18

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6711) /

Resource Hash

ed668c3fdc2001b714475f4ba8146cc03d81c13e786501f52b0119126ce153a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
server: ECS (frb/6711)
etag: C781D20F
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 214

GET
H3 206 LSASS_Dump_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 28 KB
0 0ms
0ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/LSASS_Dump_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=32768-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:46 GMT
server: cloudflare
age: 49311
etag: "662162da-fd07bc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 32768-16582587/16582588
cache-control: public, max-age=31536000
cf-ray: 878a52c66b7a58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 16549820

GET
H3 206 Password_Bypass_Demo_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 19 KB
0 0ms
0ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Password_Bypass_Demo_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=32768-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:54 GMT
server: cloudflare
age: 49312
etag: "662162e2-2394b8"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 32768-2331831/2331832
cache-control: public, max-age=31536000
cf-ray: 878a52c68bb058f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 2299064

GET
H3 206 LSASS_Dump_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 2 KB
0 1ms
1ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/LSASS_Dump_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd8a28df55337e753ad1e92ee8d8f1dc5c9930bcec6cc9f22e371734f957d23

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=16580608-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:46 GMT
server: cloudflare
age: 49311
etag: "662162da-fd07bc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 16580608-16582587/16582588
cache-control: public, max-age=31536000
cf-ray: 878a52c66b7a58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 1980

GET
H3 206 Password_Bypass_Demo_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 5 KB
0 1ms
1ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Password_Bypass_Demo_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68173e8f47a782d311d2978364dfaf1fedddb6d53a06fdcce3a85345843f4ec8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=2326528-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:54 GMT
server: cloudflare
age: 49312
etag: "662162e2-2394b8"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 2326528-2331831/2331832
cache-control: public, max-age=31536000
cf-ray: 878a52c68bb058f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 5304

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 50ms
47ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-159899843-1&cid=1373463183.1713838291&jid=782584103&gjid=202922047&_gid=142491833.1713838291&npa=1&_u=YADAAEAAAAAAACAAI~&z=1523633136

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 23 Apr 2024 02:11:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.safebreach.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 Run_As_Malware_Final_Demo.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 178 KB
0 0ms
0ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Run_As_Malware_Final_Demo.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=65536-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 19:48:43 GMT
server: cloudflare
age: 49312
etag: "6621791b-284f09e"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 65536-42266781/42266782
cache-control: public, max-age=31536000
cf-ray: 878a52c67b8e58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 42201246

GET
H3 206 LSASS_Dump_Bypass_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 131 KB
0 0ms
0ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/LSASS_Dump_Bypass_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=32768-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:46 GMT
server: cloudflare
age: 49311
etag: "662162da-fd07bc"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 32768-16582587/16582588
cache-control: public, max-age=31536000
cf-ray: 878a52c66b7a58f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 16549820

GET
H3 206 Password_Bypass_Demo_Cortex.mp4
www.safebreach.com/wp-content/uploads/2024/04/ 115 KB
0 0ms
0ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2024/04/Password_Bypass_Demo_Cortex.mp4
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Range: bytes=32768-
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:30 GMT
cf-cache-status: HIT
last-modified: Thu, 18 Apr 2024 18:13:54 GMT
server: cloudflare
age: 49312
etag: "662162e2-2394b8"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 32768-2331831/2331832
cache-control: public, max-age=31536000
cf-ray: 878a52c68bb058f6-TXL
alt-svc: h3=":443"; ma=86400
Content-Length: 2299064

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 82ms
82ms Script
application/x-javascript 23.200.101.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.101.152 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-200-101-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Thu, 01 Aug 2024 02:11:31 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 13 KB
3 KB 52ms
52ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BHQvHegaR3S9THBo4PtGGQ==
age: 74165
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:55 GMT
server: cloudflare
etag: 0x8DBB9A272000203
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: b74760e0-601e-0039-3b33-61c29f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c74f062c18-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/ 62 KB
13 KB 53ms
52ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3yHA5F3oKJDlMPXEHc+wYA==
age: 67671
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12708
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:57 GMT
server: cloudflare
etag: 0x8DBB9A2735C2A8F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 1f1cdddf-501e-0032-2678-7939f4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c74f082c18-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 5 KB
2 KB 57ms
56ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jwQ1xRmxKbqe8m/m/Ww/Bg==
age: 13319
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:56 GMT
server: cloudflare
etag: 0x8DBB9A273136C69
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 2693a75b-801e-0053-64b9-211ab7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c74f0a2c18-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 21 KB
4 KB 51ms
51ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 55190
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: c697abbe-001e-0062-1323-61fba4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 878a52c74f0c2c18-FRA

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 129ms
50ms Image
image/gif 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-159899843-1&cid=1373463183.1713838291&jid=782584103&npa=1&_u=YADAAEAAAAAAACAAI~&z=282388876

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

POST
H/1.1 200
OK visitWebPage
535-ixz-934.mktoresp.com/webevents/ 2 B
318 B 883ms
120ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://535-ixz-934.mktoresp.com/webevents/visitWebPage?_mchNc=1713838291121&_mchCn=&_mchId=535-IXZ-934&_mchTk=_mch-safebreach.com-1713838291121-27134&_mchHo=www.safebreach.com&_mchPo=&_mchRu=%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 02:11:31 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 4451a8a5-f08b-42ef-93e3-edef7e6e20a7

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
618 B 54ms
53ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 38278
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2024 02:31:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 778511d6-c01e-00a6-3564-948e9d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 878a52c7aef765b5-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
516 B 51ms
51ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 73362
x-ms-lease-status: unlocked
last-modified: Thu, 18 Apr 2024 19:47:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: d59080bc-701e-0068-2753-925f13000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 878a52c7bf372c18-FRA

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 50ms
50ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 38278
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2024 02:31:48 GMT
server: cloudflare
etag: 0x8DC62745C60FC03
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 9c8439ff-501e-006f-6964-943370000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 878a52c7cf0465b5-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 52ms
52ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 6838
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2024 06:06:21 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2cddd7bb-e01e-0018-53e8-94e6e4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 878a52c7cf0665b5-FRA

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 150ms
54ms Script
application/javascript 2606:4700::6810:6ffe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/43692056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c76dd89a767afd512ce6c6370424f39a632ebb736c16ac37952fbfd97575448

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Origin: https://www.safebreach.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 583
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.491/bundles/project.js&cfRay=878a448a6fc84dc4-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"020909a609cf986b4a8a88cfb577a8db"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.491/bundles/project.js
date: Tue, 23 Apr 2024 02:11:31 GMT
x-amz-version-id: _rd02ux3UWoVQsATQDf.p_LxkLPJ6umh
via: 1.1 7c77abdf1c625c25627fe2a24e660a34.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 33e073e2-b75c-4e95-a94e-199908675a12
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 33e073e2-b75c-4e95-a94e-199908675a12
last-modified: Wed, 10 Apr 2024 18:06:23 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-bsp24
cf-ray: 878a52c89f7265b5-FRA
x-amz-cf-id: pekzz2iYB0MnQKKm1hicRanYWoWTVkb-xB6y97pNjFDkFWHSKXG9QA==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/43692056/ 71 KB
23 KB 439ms
349ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/43692056/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/43692056.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddb2124d14b7810f57814e4a761b927a5f92cf0d29aebce4c92b5cd2e53d0c59

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
x-amz-version-id: Vzr7vlpdsQ2rUpgBmH9Q2xFI2LitQuHr
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: N2FEM4ZH8SKM6MSV
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: f0c382ce-fec7-41d1-bce5-910bcf68bce1
x-envoy-upstream-service-time: 79
x-amz-id-2: mr0yUciMbRmbej9Khic9aX+EAW5K68+3vF1dzcwv4DVptPQRWjyNS8K1X+qvTlu42JFmvhAOwDdRdWl/IlgnCMqzW/g6zUmSCCNTOq3JLck=
x-evy-trace-listener: listener_https
x-request-id: f0c382ce-fec7-41d1-bce5-910bcf68bce1
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 20:30:26 GMT
server: cloudflare
etag: W/"a927e1995cda767650788b22cadf3dd6"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.safebreach.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-jg42k
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 878a52c89dad0497-FRA
expires: Tue, 23 Apr 2024 02:16:31 GMT

GET
H2 200 43692056.js Show response
js.hs-analytics.net/analytics/1713838200000/ 67 KB
21 KB 430ms
332ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1713838200000/43692056.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/43692056.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eba930d6851fd2de0dc732a1dc94cde542711423f9b13c5d38690cbe29d05539

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: JWKTQGSCYCEZB4GW
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b0b0045f-c1ce-44d5-bb44-882c5cfe42b5
x-envoy-upstream-service-time: 20
x-amz-id-2: o06KsEU3g+Olx8/pY87HTzokK2gD+H/hLT9GS7lhLKE/U+VDVXnsTOcVvb69t5qmM5qv4AgvOMI=
x-evy-trace-listener: listener_https
x-request-id: b0b0045f-c1ce-44d5-bb44-882c5cfe42b5
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 18 Apr 2024 20:58:02 GMT
server: cloudflare
etag: W/"52c38d801ee9fb4410a37b5c6655653e"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 878a52c89b8a914d-FRA
expires: Tue, 23 Apr 2024 02:16:31 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 86 KB
25 KB 147ms
53ms Script
application/javascript 2606:4700::6810:4c8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/43692056.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4c8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d73b2247e535bb71100a138530e650d9190b91ce95533e0231b7904c2f9ac8d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
x-amz-version-id: 7sOAuHCJle70K3AUi19totaiZrGwSsZa
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 529
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16087/bundles/project.js&cfRay=878a45dd2afd5d72-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: a8717492-3527-44cb-8bcf-089c73458142
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a8717492-3527-44cb-8bcf-089c73458142
last-modified: Thu, 18 Apr 2024 15:21:55 UTC
server: cloudflare
etag: W/"811fb83f61662716eb61863d869011d1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
cf-ray: 878a52c89e24364b-FRA
x-amz-cf-id: -3az7l-WToOHM4KmKcoMNRurXwA6fKXsD0CB0sADshHj9xehVLxSJA==
x-hs-target-asset: conversations-embed/static-1.16087/bundles/project.js

GET
H/1.1 200
OK _t.gif
tribl.io/ 42 B
575 B 64ms
64ms Image
image/gif 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tribl.io/_t.gif?maCookie=_mch-safebreach.com-1713838291121-27134&i=JokA2nvzKpH390z24RLk&s=o2wZ&u=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&h=www.safebreach.com&bw=1600&bh=1200&t=11&rnd=1326999661170

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Tue, 23 Apr 2024 02:11:31 GMT
Strict-Transport-Security: max-age=31536000;
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Connection: keep-alive
Content-Length: 42

GET

li_sync
www.linkedin.com/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1777625&time=1713838291301&li_adsId=e4d8f07a-e66f-47ff-b49d-2079a72eb3d6&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1777625&time=1713838291301&li_adsId=e4d8f07a-e66f-47ff-b49d-2079a72eb3d6&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1777625%26time%3D1713838291301%26li_adsId%3De4d8f07a-e66f-47ff-b49d-2079a72eb3d6%...

0
0

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 253ms
158ms Preflight
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=43692056&conversations-embed=static-1.16087&mobile=false&messagesUtk=ba59e474035d4879b865abd830da74e3&traceId=ba59e474035d4879b865abd830da74e3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.safebreach.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.safebreach.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 878a52c99dd2373f-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 23 Apr 2024 02:11:31 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Up0Fke3lzYVP0tonb2y5luxWOUQnjfD676I%2Ft0EzT6hQahePpoqgzixm0c9wtWQmFer4HWjHdJbXO3Cp3CslAz62BfdywAY9DNFery5wHc8pfY30XUuNKT1CK3XU%2B8V0bpnDSP4rzSJie3Lq2w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-vw6x4
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 1ede1073-feba-4323-816b-09ba2c42c4e0
x-request-id: 1ede1073-feba-4323-816b-09ba2c42c4e0

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 4 KB
2 KB 238ms
238ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cf8653d066347873234aa3cfd20f917fd7d98244fb1987089bfc59cc072f9bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
X-HubSpot-Messages-Uri: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 36787eca-9b18-4d4a-b314-98e733596d81
x-envoy-upstream-service-time: 86
content-length: 1686
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 36787eca-9b18-4d4a-b314-98e733596d81
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.safebreach.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-8l89s
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUsB43OULlkqzGAfJkf28Srool0iV8yX2Oikw4GuTMAHiebyS%2B12rM2NpfjOwaoJGlxBhipzn%2F%2BaFGR1U9Yhw%2Fu%2FRM47KooWehMvTEtZVYR7oA3oYoA249DG4T%2FfTiZ%2Btm%2Bb8Tgpxd0iqr7V9w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 878a52ca9ea7373f-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
413 B 156ms
148ms XHR
application/json 2606:4700::6810:6ffe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=43692056&utk=

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5432c46cc58fe477fba2ddc49ee2621e5f2e8732244147d8611766b7105c29c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0dcdbe3e-c8e8-454a-b887-82ae122f4c23
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0dcdbe3e-c8e8-454a-b887-82ae122f4c23
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.safebreach.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-xzfkt
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 878a52c93fb865b5-FRA

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
537 B 155ms
155ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 034c150a-87c6-49ee-a623-912de2efb7d9
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 034c150a-87c6-49ee-a623-912de2efb7d9
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-l7wvp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 878a52ca1b6f6a75-TXL

GET
H2 200 ba59e474035d4879b865abd830da74e3
app.hubspot.com/conversations-visitor/43692056/threads/utk/ Frame EEF0 0
0 312ms
220ms Document
text/html 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/43692056/threads/utk/ba59e474035d4879b865abd830da74e3?uuid=800e749ec21940ef8734fdf1a554faee&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=safebreach.com&inApp53=false&messagesUtk=ba59e474035d4879b865abd830da74e3&url=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
age: 448
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 878a52ccbf0b18db-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.18553/html/index.html&cfRay=878a52ccbf0b18db&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F43692056%2Fthreads%2Futk%2Fba59e474035d4879b865abd830da74e3%3Fuuid%3D800e749ec21940ef8734fdf1a554faee%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dsafebreach.com%26inApp53%3Dfalse%26messagesUtk%3Dba59e474035d4879b865abd830da74e3%26url%3Dhttps%253A%252F%252Fwww.safebreach.com%252Fblog%252Fdark-side-of-edr-offensive-tool%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&cfenv=prod&pdt=2024-04-23&csp=ro
content-type: text/html; charset=utf-8
date: Tue, 23 Apr 2024 02:11:32 GMT
etag: W/"0dfd21d7d9e4210fdba180da6500eaaa"
last-modified: Thu, 18 Apr 2024 15:21:55 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=878a52ccbf0b18db&resource=conversations-visitor-ui/static-1.18553/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-amz-cf-id: Rky0rSBu1bVMVilwk4xjRKZkw_6OeIT4b9c1l4ASA-e2vNVrdInj7g==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: BfiMIhwLPxGfJ0hHPwM7vFNnV5ppe.E5
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 8
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-6q8hm
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.18553/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: 2b59e251-51ef-44ba-9c11-cec94be64ce2
x-request-id: 2b59e251-51ef-44ba-9c11-cec94be64ce2

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
329 B 220ms
220ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 006C1503223F4E08B26892049333AAA9 Ref B: FRAEDGE1820 Ref C: 2024-04-23T02:11:31Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.safebreach.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYWuhKYDoDAscvV2Qs3TA==

GET
H2 200 u
cdn.bizible.com/ 43 B
86 B 39ms
39ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/u?mapType=mkto&mapValue=id%3A535-IXZ-934%26token%3A_mch-safebreach.com-1713838291121-27134&_biz_u=93e22d8cdc8b4aa1fc5229438835b582&_biz_l=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&_biz_t=1713838291949&_biz_i=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&_biz_n=1&rnd=86020&cdn_o=a&_biz_z=1713838291949

Requested by

Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 02:11:31 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Fri, 19 Apr 2024 21:15:25 GMT
server: ECS (frb/6752)
age: 276966
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 insent Show response
safebreachinc.widget.insent.ai/ 80 KB
23 KB 171ms
45ms Script
binary/octet-stream 2600:9000:225e:2200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://safebreachinc.widget.insent.ai/insent
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:2200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
date: Tue, 23 Apr 2024 01:15:05 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 3388
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: 4INS-6g6gmuzU-7X7ZaxR88cofBZIaFh3pNtFMyPjH8DYUJ-hY1BHA==

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 110ms
58ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.safebreach.com
URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7914b5c306a51678e7d777317f64c95d31437c47344063ec422c6bb2b4d9d718

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:32 GMT
x-amz-version-id: dVMibCEMTCuxskBoUeMfPfbdoSsUE0a9
via: 1.1 63fbb6ca86d02da6071a8815a63418cc.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: TXL50-P5
age: 82218
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 17 Apr 2024 10:26:25 GMT
server: cloudflare
etag: W/"20a410e0e98a302abb9e907a2c7e0d10"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 878a52d09d424516-TXL
x-amz-cf-id: rkHgmcUr0Nz3r7aqDhZCs5ckPVxtKvLgDJF776MxneKzoSNok7ulsA==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
446 B 254ms
169ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=43692056&rcu=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&pu=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&t=EDR+as+an+Offensive+Tool+%7C+SafeBreach&cts=1713838292515&vi=10a45c980435b9c8ab17ea2069e49f81&nc=true&u=34238334.10a45c980435b9c8ab17ea2069e49f81.1713838292513.1713838292513.1713838292513.1&b=34238334.1.1713838292513&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 806ba16a-8cf4-49a4-9ce4-5d40687dde69
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 806ba16a-8cf4-49a4-9ce4-5d40687dde69
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZyfKurht%2BZOmzHxIlJxdF9M%2FqBZHQQBBqts4xL%2Fk%2F1iD3s0ulaTfWpJHdUz5Tsr5W44EpKD%2Basc0gjbxyEh7OhtejwZF7omSm9IefZ6BZZKERTw3C%2FWtlYZkKtNPQIGuTEiKgK%2FHEnr%2FHXXmoAb5"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-x8rqg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 878a52d0e8831963-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
932 B 246ms
165ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=1830aba9-31aa-4bb4-82cc-289210cdc9e9&fci=2f977bdf-9a0c-4af7-a94a-8e313086c752&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=43692056&rcu=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&pu=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&t=EDR+as+an+Offensive+Tool+%7C+SafeBreach&cts=1713838292515&vi=10a45c980435b9c8ab17ea2069e49f81&nc=true&u=34238334.10a45c980435b9c8ab17ea2069e49f81.1713838292513.1713838292513.1713838292513.1&b=34238334.1.1713838292513&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ec87f8f0-b7fa-472f-92c6-9cb997912475
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 3
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ec87f8f0-b7fa-472f-92c6-9cb997912475
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsyOYDV9tGAH1yfJan6NNtbKAee8ANBi%2F%2FZi9SxTEPSHaqhWdBij8rDB5fpC4rbZvZNCLHai0JloB404N%2BVmlaV4mn%2BBHpmSv7clFOUGvAFAxXe907XUqKM6qrazDh4uB7yt81Di4y6MEuwCOi6x"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-sc7d7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 878a52d0e8841963-FRA
x-robots-tag: none

GET
H3 200 favicon.png
www.safebreach.com/wp-content/uploads/2021/12/ 428 B
673 B 53ms
53ms Other
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.safebreach.com/wp-content/uploads/2021/12/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22eb164ba34aee7af2a3876c9011c6b149fc5c80233bfb42a9221bd0c591cebf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:32 GMT
cf-cache-status: HIT
age: 29945
cf-polished: origFmt=png, origSize=562
content-disposition: inline; filename="favicon.webp"
alt-svc: h3=":443"; ma=86400
content-length: 428
cf-bgj: imgq:100,h2pri
last-modified: Wed, 16 Feb 2022 17:04:26 GMT
server: cloudflare
etag: "620d2e9a-232"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 878a52d06ef258f6-TXL

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
519 B 478ms
478ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e257f4fcf37890f9b7dd2cb615b3f3a4923bd69a4a8c49c94ab841d6a0ef5067

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer a38e1779a61669916876
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
visited_url: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

Response headers

date: Tue, 23 Apr 2024 02:11:33 GMT
via: 1.1 63fbb6ca86d02da6071a8815a63418cc.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: TXL50-P5
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: WqDRaiE0PHcEMBQ=
server: cloudflare
etag: W/"92-irUu9dKBrvCQoDV3ZFKf9vfyEXI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 878a52d45cbfaca7-TXL
x-amz-cf-id: CKxTK-OTX3LzT6XlIZ8NYAFbyK0DVLdHTKWIdtRgYaiH15c95ZsvdQ==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 537ms
494ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.safebreach.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: WqDRVgT-vHcEMBA=
cf-cache-status: DYNAMIC
cf-ray: 878a52d1495baca7-TXL
date: Tue, 23 Apr 2024 02:11:33 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 63fbb6ca86d02da6071a8815a63418cc.cloudfront.net (CloudFront)
x-amz-cf-id: S1AgM7fzT9frhDyStP0qqZUDJe9Z_cRXjxgj_zSlY0sKesAd2mYsZw==
x-amz-cf-pop: TXL50-P5
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H/1.1 200
OK _t.gif
tribl.io/ 42 B
575 B 59ms
58ms Image
image/gif 46.137.132.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tribl.io/_t.gif?maCookie=10a45c980435b9c8ab17ea2069e49f81&i=JokA2nvzKpH390z24RLk&s=o2wZ&u=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&h=www.safebreach.com&bw=1600&bh=1200&t=13&rnd=2965582650517

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

46.137.132.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-46-137-132-32.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Tue, 23 Apr 2024 02:11:32 GMT
Strict-Transport-Security: max-age=31536000;
Server: nginx
P3P: CP="Triblio does not have a P3P policy."
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Connection: keep-alive
Content-Length: 42

GET
H2 200 /
safebreachinc.widget.insent.ai/ Frame 13E3 0
0 118ms
39ms Document
text/html 2600:9000:225e:9600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://safebreachinc.widget.insent.ai/?project_key=rOnNvHCUUfn5umnTiJGk&blog_url=www.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&event_listener=aJlEXifeaccWT2A&marketo_cookies=[%22_mch-safebreach.com-1713838291121-27134%22]&hubspot_cookies=[%2210a45c980435b9c8ab17ea2069e49f81%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: safebreachinc.widget.insent.ai
URL: https://safebreachinc.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:9600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 12982073
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 24 Nov 2023 20:03:40 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
x-amz-cf-id: VrtkhYpV8FiAZpr1QMkwtOQO1TDwP6W0H7ZBtg-OKgHNPMWilkmEaw==
x-amz-cf-pop: FRA60-P4
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
H3 200 / Show response
ws.zoominfo.com/pixel/6215407fea39af00200a4960/ 3 KB
2 KB 280ms
280ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6215407fea39af00200a4960/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c49df475b38e906fc9bdcca173177c526a498f4b3e9fc2d50d2488826a970c39

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
Referer: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
_vtok: ODAuMjU1LjcuMTIy
_zitok: 8a0dcd52f8e854f971681713838293
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:11:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.safebreach.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 878a52d8de32aca4-TXL

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/6215407fea39af00200a4960/ Frame 0
0 231ms
190ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6215407fea39af00200a4960/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.safebreach.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.safebreach.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 878a52d79a724541-TXL
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 23 Apr 2024 02:11:33 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ETQN9J5R1N&cid=1373463183.1713838291&gtm=45je44h0v870363021z8859611012za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1950394702

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-159899843-1&cid=1373463183.1713838291&jid=782584103&npa=1&_u=YADAAEAAAAAAACAAI~&z=282388876

Domain: www.linkedin.com
URL: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1777625%26time%3D1713838291301%26li_adsId%3De4d8f07a-e66f-47ff-b49d-2079a72eb3d6%26url%3Dhttps%253A%252F%252Fwww.safebreach.com%252Fblog%252Fdark-side-of-edr-offensive-tool%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.safebreach.com/	1970-01-20 20:04:00	Name: __cf_bm Value: s3OkEdTEuSMvj9dtIK2hxfpmqEs7bID.KB5kOvqGN.4-1713838289-1.0.1.1-MVgJnHj9rCfsgmBmG5uIncJY3WSwBK3uSCLvXxi7EEOVhJnERro1swFFasE9_by4lTxFtvx_6AEj7BqPKiEPZA
.tribl.io/	1970-01-21 05:39:58	Name: ti_ Value: s%3ATx57ju8IpcF95BB4GcxNkQrf.DPBv%2Fw00mz%2BirAjaf19%2B3ioO2KUA3aJ2xOlQXQk5OAs
.hsforms.net/	1970-01-20 20:04:00	Name: __cf_bm Value: RAGlLG_c4vAJgbl_Sz.bAph3J2C65rBim6udlLpqtWM-1713838290-1.0.1.1-5avntoji9TClMezc1S.iFm_lQ4QJd5IYtFp3MfZMpJtSV6VNJdlKU4wim4rjE8zE2RfwHrob956gnMha7tzWeQ
.calendly.com/	1970-01-20 20:04:00	Name: __cf_bm Value: l_mECuod8FEhStlGsn2wwLFFCU8uspOJqnLJHnAas44-1713838290-1.0.1.1-KArPf95.TDtoADIRmcAm3VTmn.O9GsNJ6wo25RavgBav4J6q43_3kBTS_OzXx1o1ygiQJmlXj1UB1g26QxhL0Q
.safebreach.com/	1970-01-20 22:13:34	Name: _gcl_au Value: 1.1.421880726.1713838291
.safebreach.com/	1970-01-21 05:39:58	Name: _ga_ETQN9J5R1N Value: GS1.1.1713838290.1.0.1713838290.60.0.0
.safebreach.com/	1970-01-21 04:49:34	Name: _biz_uid Value: 93e22d8cdc8b4aa1fc5229438835b582
.safebreach.com/	1970-01-21 05:39:58	Name: _ga Value: GA1.2.1373463183.1713838291
.safebreach.com/	1970-01-20 20:05:24	Name: _gid Value: GA1.2.142491833.1713838291
.safebreach.com/	1970-01-20 20:03:58	Name: _gat_UA-159899843-1 Value: 1
.bizible.com/	1970-01-21 04:49:34	Name: _BUID Value: 93e22d8cdc8b4aa1fc5229438835b582
.bizibly.com/	1970-01-21 04:49:34	Name: _BUID Value: 30d784c00d901a9a3d2dc0a9407a48dc
.safebreach.com/	1970-01-21 05:39:58	Name: _mkto_trk Value: id:535-IXZ-934&token:_mch-safebreach.com-1713838291121-27134
.zoominfo.com/	1970-01-20 20:04:00	Name: __cf_bm Value: yXste0TIUObal..0yX70kyR1myaaIGCSvtZhyhF.QiE-1713838291-1.0.1.1-Da9N68RSb7tcrAAnE65rGbGrbMWJ.9v1NwmAIW4yxjP5HnrUZ271MhZTmKKCOG36BVtsRdWQImJb7kbTvAkyxw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Jf7wM7PVqI0q94UmNJG4gn3Fg8a1dd_LkrADOdndlX4-1713838291108-0.0.1.1-604800000
.safebreach.com/	1970-01-21 04:49:34	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Apr+23+2024+04%3A11%3A31+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202308.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&groups=C0001%3A1%2CC0002%3A0%2CC0004%3A0
.hsforms.com/	1970-01-20 20:04:00	Name: __cf_bm Value: 9_OU1TAf5NNgn6VEsjqEKLsoDHHu_pq8BJwnD4JCCyI-1713838291-1.0.1.1-bFGA6hivHfiDAdULREFCuKdyi5xFd2ABf2.nQYeGOUFfZeW6QeocQL3FQtXYOuzQBwis8oaisSdi6WpeeX2HjA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: tBAb1gd0vP3wVHfRfG_sbX1YrTr954oJlyVnxRQQBOg-1713838291189-0.0.1.1-604800000
.linkedin.com/	1970-01-20 22:13:34	Name: li_sugr Value: e5b51d87-6d23-4aa9-a78d-1cfc1877d3d0
.linkedin.com/	1970-01-21 04:49:34	Name: bcookie Value: "v=2&8fd0f2d8-f02c-4ede-8fdf-ca25ba371a11"
.linkedin.com/	1970-01-20 20:05:24	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3161:u=1:x=1:i=1713838291:t=1713924691:v=2:sig=AQFMZAmJ1QqbiKwUi1wBaXbMbl1CXh6_"
.linkedin.com/	1970-01-20 20:47:10	Name: UserMatchHistory Value: AQJ9eto_fclAmgAAAY8IuPsQNN9TlxuvVnRJC-AOCBq4AbtPbPM6e5OPJctvWPz6WbCT17ECwonZ1w
.linkedin.com/	1970-01-20 20:47:10	Name: AnalyticsSyncHistory Value: AQK8bAMFQuBR9wAAAY8IuPsQbP6E_b1lAufRRdh_lBjf7_A0a5mRyGnj5o4KwA4OzcBBbND3MJhIYsJ6q-47Nw
.safebreach.com/	1970-01-21 04:49:34	Name: _biz_nA Value: 2
.safebreach.com/	1970-01-21 04:49:34	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%2C%22Mkto%22%3A%221%22%7D
.safebreach.com/	1970-01-21 04:49:34	Name: _biz_pendingA Value: %5B%5D
.linkedin.com/	1970-01-21 00:23:10	Name: li_gc Value: MTswOzE3MTM4MzgyOTE7MjswMjFW9yUwsGMLe7c360CjRKvF0njjPrqk7l50lJSJJE/m6g==
.safebreach.com/	1970-01-21 00:23:10	Name: __hstc Value: 34238334.10a45c980435b9c8ab17ea2069e49f81.1713838292513.1713838292513.1713838292513.1
.safebreach.com/	1970-01-21 00:23:10	Name: hubspotutk Value: 10a45c980435b9c8ab17ea2069e49f81
.safebreach.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.safebreach.com/	1970-01-20 20:04:00	Name: __hssc Value: 34238334.1.1713838292513
.hubspot.com/	1970-01-20 20:04:00	Name: __cf_bm Value: 5Ga4quxs.wm0Q7Z_GWJfA8dzpqSBdhFeBOXO4WqVlHY-1713838292-1.0.1.1-nrUgyp14ntZQMvSSatFbjqtqcAtTs8zJMXSCV6evACd8CQUnqRhJqpMNTv.EoKyTQbfEGh_YGkyJQjhk0FE27g
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: R7HWN1.NqYEUzk0br6rO2QqfsksjRMe8d33fD.5DXpY-1713838292660-0.0.1.1-604800000
.www.safebreach.com/	1970-01-21 04:49:34	Name: _zitok Value: 8a0dcd52f8e854f971681713838293
.safebreach.com/	1970-01-21 05:39:58	Name: insent-user-id Value: Oy7yGHSWt8ibEN43Q1713838293596

57 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/(Line 1211) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-ETQN9J5R1N&l=dataLayer&cx=c(Line 201) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-ETQN9J5R1N&gtm=45je44h0v870363021z8859611012za200&_p=1713838290248&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1373463183.1713838291&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1713838290&sct=1&seg=0&dl=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&dt=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1827' because it violates the following Content Security Policy directive: "connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app https://api.hubspot.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com".
security	error	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ETQN9J5R1N&cid=1373463183.1713838291&gtm=45je44h0v870363021z8859611012za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1950394702' because it violates the following Content Security Policy directive: "img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://.bluekai.com https://.agkn.com https://.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com".
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-159899843-1&cid=1373463183.1713838291&jid=782584103&npa=1&_u=YADAAEAAAAAAACAAI~&z=282388876' because it violates the following Content Security Policy directive: "img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://.bluekai.com https://.agkn.com https://.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com".
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Refused to load the image 'https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1777625%26time%3D1713838291301%26li_adsId%3De4d8f07a-e66f-47ff-b49d-2079a72eb3d6%26url%3Dhttps%253A%252F%252Fwww.safebreach.com%252Fblog%252Fdark-side-of-edr-offensive-tool%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue' because it violates the following Content Security Policy directive: "img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://.bluekai.com https://.agkn.com https://.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com".
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-ETQN9J5R1N&l=dataLayer&cx=c(Line 201) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-ETQN9J5R1N&gtm=45je44h0v870363021za200&_p=1713838290248&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1373463183.1713838291&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=2&sid=1713838290&sct=1&seg=0&dl=https%3A%2F%2Fwww.safebreach.com%2Fblog%2Fdark-side-of-edr-offensive-tool%2F&dt=EDR%20as%20an%20Offensive%20Tool%20%7C%20SafeBreach&en=user_engagement&_et=5136&tfd=6970' because it violates the following Content Security Policy directive: "connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app https://api.hubspot.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' data: munchkin.marketo.net cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-eval' munchkin.marketo.net cookie-cdn.cookiepro.com go.safebreach.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com serve.nrich.ai googleads.g.doubleclick.net static.doubleclick.net tag.nrich.ai audience.nrich.ai connect.facebook.net www.comeet.co js.driftt.com ws.zoominfo.com https://www.googleadservices.com https://cdn.bizible.com https://snap.licdn.com https://px.ads.linkedin.com https://tags.clickagy.com https://www.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://js.zi-scripts.com/zi-tag.js https://safebreachinc.widget.insent.ai/insent https://ws-assets.zoominfo.com/formcomplete.js tribl.io https://tribl.io https://www.gstatic.com https://assets.calendly.com https://cdn.cookielaw.org https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://demostack.app https://js.usemessages.com 'nonce-uCInVl43nbqmhUA8c01Zsq/N5V4=' nonce-LLBHkd/nGV9aU3wl9Nq9+Tq1XuI= platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: https://go.safebreach.com https://www.comeet.co https://www.comeet.com https://cdn.bizible.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://.bluekai.com https://.agkn.com https://.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app https://api.hubspot.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://fonts.gstatic.com cookie-cdn.cookiepro.com https://cdn.bizible.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://cdn.bizible.com; media-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://cdn.bizible.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com; frame-src 'self' https://go.safebreach.com https://www.youtube-nocookie.com https://www.comeet.co https://www.comeet.com https://www.facebook.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com/ https://js.driftt.com https://cdn.bizible.com https://w.soundcloud.com https://bid.g.doubleclick.net https://optimize.google.com https://safebreachinc.widget.insent.ai https://www.google.com https://calendly.com https://td.doubleclick.net https://forms.hsforms.com https://demostack.app https://app.hubspot.com www.instagram.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://www.safebreach.com?gdsih-xxp-report;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

535-ixz-934.mktoresp.com
api.hubspot.com
app.hubspot.com
assets.calendly.com
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
geolocation.onetrust.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hsforms.net
js.usemessages.com
js.zi-scripts.com
munchkin.marketo.net
px.ads.linkedin.com
safebreachinc.widget.insent.ai
serve.nrich.ai
snap.licdn.com
stats.g.doubleclick.net
track.hubspot.com
tribl.io
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.safebreach.com
www.google.de
www.linkedin.com
104.16.117.43
104.18.142.119
104.18.37.212
104.18.80.204
141.193.213.21
142.250.185.196
152.195.15.58
192.28.144.124
23.200.101.152
2600:9000:225e:2200:f:7ae2:7780:93a1
2600:9000:225e:9600:f:7ae2:7780:93a1
2606:4700:4400::6812:22e5
2606:4700:4400::6812:29af
2606:4700:4400::ac40:9b77
2606:4700::6810:4c8e
2606:4700::6810:6ffe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8ad1
2606:4700::6811:afc9
2606:4700::6813:b234
2620:1ec:21::14
2a00:1450:4001:800::2003
2a00:1450:4001:811::200a
2a00:1450:4001:81d::2008
2a00:1450:4001:827::200e
2a00:1450:400c:c07::9d
2a02:26f0:3500:16::215:1490
46.137.132.32
51.178.78.162
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
01eab240d56f3dc7c0529ec0bcb3ae2d4e038f3f89afe917bffe869c8f5c5072
085b96736f1f0271493cf3db411255d6f835d863dc159f599184ef7d86456734
092840f652dddfd0ca3640148c6940a612ca13319e1bae8ff9f90472510e6e57
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
0947a06bb8606cc4037610e77d85170b2e18d4d5877e41a828b56c394d5fd9e9
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
0d0f2b5df2e4baa14da9cee4dc3f50d68ec0e392759f900dbe467226ea2df21e
1154be083e51e78352a289a540a53b24895712135fa572c7ada9d55c1f1766df
140c0a3622f2612d50648567d4254e118328ab09f2bef5e7c4eebcb6e98f7ef5
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
16f87a401d5a30987af1ccc363075ac85280f8a0dcca84c140fe33ecd031c1e3
17ae9e8b094566b5035ab4bdeaad98409f5e8986ae0db8a191879e4aceb484d2
1c933341c706585ad984edc08fec339db210f452afa751d376d0d4903e9686c3
1dcc4870ad7c6d483e8f1b3baf6171d62d16465237ac2c2c158f69cd08d08c77
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
211fdb26a74dac46f2bd297c0f02953de9e69355035cad239d87acf21c5a6a0e
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
22eb164ba34aee7af2a3876c9011c6b149fc5c80233bfb42a9221bd0c591cebf
2377ad8530691d6de23435c520b3ed312a92711ed617cca840d259721f0de205
23d6114b8d4c4586649f37f20ffc41ea009c720f6f9afbb5c33a8ea17f62f78c
24a6b196f2d7f4ad17b251295d25bf9a73eb5ab8329f1f3510b019006800b35d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27449869b6a9b5cbd671b495459a5755f739acd5458e068eda3ada69e71617e5
28aa4b159b32b6a6829cb9c4faacf50809cdc7be6a363570fe13b185f14b05a1
2cf8653d066347873234aa3cfd20f917fd7d98244fb1987089bfc59cc072f9bc
3006ec825fb5f937ebd7168b97f475a19a685638174a3ebb700bb88f848c34c2
30e0c355dca9b065dd06bf034ede814dca5dc1e4c3d143106b5b92e71aa2e1be
31220886e818cd4a1ae18508f68dcebfcce6a4fc1916b5ce6c01b2294cfb1de6
31e3c28638863caa9051ba1775bebcb7d0856a32344d05aa5fa0014787182632
3aca576254844106e72473a0db35c3feaa106a5e4a6570a48fdce8ffd2fabb8f
3bf5d87704595e94001da5f922b17627a271dea1c944055c06de9bd404f1a8ee
3d6893c57974392484d8116c198b7eb3da710475318222a21da4ce0f65225fd9
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
495b162e5c074fefa7c26847421f1d1ac6898ac18a306db5ce39be395ef20ee0
4c903880e86c99ed05c1387b955f7de1f6b97ccdd3ae9db3bf1c82cad6ac8a5a
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5078f4997f7a127570547feef5aea2986cd6dad51a756ebb999f5c280f192e2f
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5432c46cc58fe477fba2ddc49ee2621e5f2e8732244147d8611766b7105c29c3
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
588d0c70e38e61128de744dfb8ee3dcea06520d1d1f6927bd510ff17f5b39858
5ac0b4dc5e9a051c3a12feb1406fb45030caa091adbef913e4533dabae487634
5c76dd89a767afd512ce6c6370424f39a632ebb736c16ac37952fbfd97575448
5ca3fd76c50585b0cb3b866a45e67662cbd7fbf3f3fc35b67996802c0f1d5cf3
5d43b17a949f3545f472334a5a417f3e99bece784c545fd3e24f5bbe4a1e2a26
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
66ed266b3e66708f6fefa23d04edf2efe13ccb3bf447bf19c1980285a19db353
6730ad874a48f77990a0b68666b2d2584685650207511ed16dad2bef2cfa625a
68173e8f47a782d311d2978364dfaf1fedddb6d53a06fdcce3a85345843f4ec8
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86cb9efeaf6a259531285ecad4bb3c4a74afc89d79c22f32712d4c2a4935c5
6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
6e3bdf5154e65b94131b4e5a968ecf598d6c5bd39b2c94e29163ed9d6eb735d2
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
7086a4025effd5da7d23993106fd7a2a24b90987a06b991fbc2e5d4e07ab926d
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
75c4c2a69d4ea85f946db4177ee732659405d7f4e74f2da34ef7e2e869f662f2
7914b5c306a51678e7d777317f64c95d31437c47344063ec422c6bb2b4d9d718
7a9c7eea3de39fd83461f6ab4bd676bf7a63e4bab6a6d18df1dc38c9fdbae317
7af50cf95aee25377e0d294dfd490228f7bfa3829a47298137dd3495811cb4c3
7b230997f5ead5e833b2642fd1cc9cfbbe8f3601caead9f293b9095912a47b4e
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7f77bcb423717d0d40733cfc15eff6d7660ca150eb79391b2609f94d04751b7f
8396e354653781b37e6a1c869d145ae9d8b450854e4a6dcff667e1b78afe037e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
88e837b16a510d57917487740558a4e2cd531680b4822617f86cf3aa32f23686
8968f16fe2db90e1f44bd7e9f679355521af5857ac3333fcdd135d8041fc5747
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
8ec39f0e4290dce2c228d3f68d732d698aec3339628ecc7920281ec257c71fd8
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
914f0db0588d92991cbfd454c64a63bc214c4b635f9087cabc664ac82f3c0763
953a6c9a250520c4b25381e689110e155feb5e77e0cbf3ba0ab326ccdaf49739
97d48350002ed616195cc5ed8da7754c3c42858ee01845d0383efa238d66e566
982c6830e8e36d88b6148978539ac7e435d5d97d80b07fb9ec666db2ddcce0db
988f39b8ad134e74d80338874a9f62988a6c71a21d19cf3522ec26e83d6b4caf
9da1092c825ba5f26912e9f63042a09bfd1d37afa07ec46eb28b81006cb2b7db
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a875e1d5f8cfe252cc8f5e04d750dd8c771fb8aceabd435d548425a445ab61d3
a97c568af531f4a39044be90c62110246b96ddb3385a9965dfad62c9454be163
ac4a8540b46883a3e8b89867ff00dd73c7f7328b8a63b4f6369e7a4f4f30cfad
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af138e158fd40e44f13388c5236a48996babaf260812e97c061ee7649cc15bfd
af831239d83e566a816ad3867bc7e063f215d24dd87fbc3a10ff4093f30e07a7
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bea592b6b260886d7debb14f7a068a877e5e1622eefee75a6722a4e6e5eee175
bf15dc1f2860288136db694d8d172124719f1f0a76c8f5121121151bb0f06273
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c49df475b38e906fc9bdcca173177c526a498f4b3e9fc2d50d2488826a970c39
c50641e35657c2e4c9133124509ecd978d9dd671e259e3ce79cf4ecb66202d07
c7919670aa5c2efe71fd29a16ce17977fcd53cae652913885f9bb513352ef94b
c84f8f50449ecf1bfd10c18f82c550712096a0a60645653aa7d174a4e4621e6c
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ce64d8fa001b8f9dbcc1f7b17866203fcbdbb6594eb3cb8e9ea4c91df9eadf82
d21f0e5caafc7ca7219e609cd762b90a87cdf485b0583df0da809e1fce1ff5e7
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
d73b2247e535bb71100a138530e650d9190b91ce95533e0231b7904c2f9ac8d1
daf182d03ad744219a653776d1b22881f9ce29edd8a6b522078907cbe3525039
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcd8a28df55337e753ad1e92ee8d8f1dc5c9930bcec6cc9f22e371734f957d23
ddb2124d14b7810f57814e4a761b927a5f92cf0d29aebce4c92b5cd2e53d0c59
dded58f9b04eb467fc1ad27a05420000e95be5998387f43810be7e19b25ea4ab
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
debe3eb4148cc6d948519523cf7dbf94183e0d9ab092a7afc70dbe4f7c6489dd
e1bc9505462671f841ed0d09efcfdaf40560ecd855101557320c4171fa6976db
e1f6ed656c33aeeff51fe30eedc1877f5b0006553c29693251a2621e0d49b3ca
e239d85b0b206199f1c623846ccfddba8df1692e55c211ca1043a90131b72290
e257f4fcf37890f9b7dd2cb615b3f3a4923bd69a4a8c49c94ab841d6a0ef5067
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
eba930d6851fd2de0dc732a1dc94cde542711423f9b13c5d38690cbe29d05539
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ed668c3fdc2001b714475f4ba8146cc03d81c13e786501f52b0119126ce153a4
edf976a43356e227196d3d2679ec91c8da99c839e7e4fc7a90db14d0cd089a00
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f2554df887b9bc503956cd0ac7e9ee10ed46740eed67e3737972ce2a03710b2d
f31b57cf5dc33839628dd3b16bfab3f0ec31114bf8cdb4174612341a82c82fb8
f4a754e6ac062bf3b1a2a4b2194e6ba8f55710630cda839c52017b1c05e37cab

www.safebreach.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

152 Requests

97 %HTTPS

63 %IPv6

30 Domains

35 Subdomains

31 IPs

6 Countries

2415 kBTransfer

8514 kBSize

35 Cookies

20 Outgoing links

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.safebreach.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

97 %
HTTPS

63 %
IPv6

30
Domains

35
Subdomains

31
IPs

6
Countries

2415 kB
Transfer

8514 kB
Size

35
Cookies

152 HTTP transactions
7 data transactions