blog.aquasec.com Open in urlscan Pro
2606:2c40::c73c:67e4  Public Scan

46 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

• https://api-na1.hubapi.com/video/v1/public/124377039151/poster?portalId=1665891 HTTP 307
• https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/TeamTNT-1-thumb.jpeg?length=1920

Request Chain 109

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1689342634562%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Fteamtnt-reemerged-with-new-aggressive-cloud-campaign%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true&e_ipv6=AQJZzanoLzFuuwAAAYlUqu2uBgEJp0EnaLoNEG81o8CIWh6D58PLw7N9U0Z8G4y2uVOcjuA

154 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request teamtnt-reemerged-with-new-aggressive-cloud-campaign Show response blog.aquasec.com/	147 KB 28 KB	255ms 104ms	Document text/html	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 47acaef61effe1a5d57b054c5751bbaf1d516901cf24f0a3fd13e506907830a8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials false age 464 alt-svc h3=":443"; ma=86400 cache-control s-maxage=7200,max-age=5 cache-tag CT-123745878136,CG-3657573699,P-1665891,L-18586815967,L-7511165832,L-7516015189,CW-106188107884,CW-6158268125,DB-5940642,E-108051130136,E-7511165868,E-7511165869,PGS-ALL,SW-4,GC-32602450653,GC-41471622868 cf-cache-status HIT cf-ray 7e6a3c413c7a1d96-FRA content-encoding br content-security-policy upgrade-insecure-requests content-type text/html;charset=utf-8 date Fri, 14 Jul 2023 13:50:33 GMT edge-cache-tag CT-123745878136,CG-3657573699,P-1665891,L-18586815967,L-7511165832,L-7516015189,CW-106188107884,CW-6158268125,DB-5940642,E-108051130136,E-7511165868,E-7511165869,PGS-ALL,SW-4,GC-32602450653,GC-41471622868 last-modified Fri, 14 Jul 2023 11:10:54 GMT link </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} referrer-policy no-referrer-when-downgrade report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bc0SjRAl6Ow5bIeAJAg5Ia2ISiFlb6ZGG8XgGuTuMuiqd9rkZDjlOMqjcySWeCSLMvjhA%2Fkd35yO5dCLqcmCPWL6ZT7rQBU0Aj%2FYg9V%2BOOkQFsfBEpQBuD9LtaZ9cXMPqaj4VnU2Kthmd0%2FPOtY%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000 vary origin, Accept-Encoding x-envoy-upstream-service-time 185 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/cms-40-49-td/envoy-proxy-7966c868f8-vwhbt x-evy-trace-virtual-host all x-hs-cache-config BrowserCache-5s-EdgeCache-7200s x-hs-content-id 123745878136 x-hs-https-only worker x-hs-hub-id 1665891 x-hubspot-correlation-id 0f981be7-5f67-43be-8b16-79f0b25f5188 x-request-id 0f981be7-5f67-43be-8b16-79f0b25f5188 x-trace 2BA273D0EE9F5E5DCE3476277A9C24198FE8D0AA8B000000000000000000
GET H2	200	index.js Show response blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/	11 KB 5 KB	74ms 73ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 7251917 x-amz-cf-pop TXL50-P4 x-amz-server-side-encryption AES256 x-amz-version-id inhS2tX2f2C4tITR3p2haS.uhsvA9eGz content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Fri, 21 Apr 2023 15:17:56 GMT server cloudflare etag W/"0bbd63c0750f141fd5cec04a9393647e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzgmVQ%2FsPcvzVjpgE9142DMqtA%2BtOCtNvc6xy2869QY1qaoxPYlOTvPDNNlISnoHNqkGP1ikqXim6lUqam9ReWrpesCZZ2pQivrn3RGQQME9FzQ5ApXVVrU0gBAD0ObhZQDIBcpVZMR%2BCsxLNxw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c41edac1d96-FRA x-amz-cf-id 8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	comment_listing_asset.js Show response blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/	8 KB 3 KB	78ms 77ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 82382b373bb37f94b23638d0711cc150.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 6371943 x-amz-cf-pop LHR50-P6 x-amz-server-side-encryption AES256 x-amz-version-id 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7 content-encoding br x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Dec 2021 15:26:09 GMT server cloudflare etag W/"2455723721db341ff86a4f64384a9c0d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1wuPynvnm9xNVHEU2yhamw9GgX8Nm3tXC7btzbR%2FefwUclY8gAifnUFPsmreZAqjLF2g0fvuaDk7Y7Vk6UnG87oX27eoOKp1Dqlr2I%2BWJWTZqFIWedDTO2vd0GWyrtEVZXHYSjn7t2%2B9QRbmvM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c41edaf1d96-FRA x-amz-cf-id PTrApxtJe6Egk9yygAlt_TSFkvFCbraA73wmFt3_bEqdfSLzrdktIA== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	project.js Show response blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/	1 KB 1 KB	90ms 90ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 1835963 x-amz-cf-pop FRA50-C1 x-amz-server-side-encryption AES256 x-amz-version-id P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Tue, 09 Nov 2021 16:12:42 GMT server cloudflare etag W/"61ca66de658cab9587e4636894680d5d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhFjH8wZGoTSsFiyVl6TMc61U5lc%2FnPV2SPDEtw1KLSCWxBhgZX8F%2FZgDI9evr%2Bp96Pa093Tc6h3bU9b911TroVE%2FnLbOWYTg6G5zZfP8VkePCO1SYRLny6ByOjtLUhrVqNfzuNCVcH1OcTfvgg%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c41edb01d96-FRA x-amz-cf-id tyTcy9dgKTSNID40zzq7pAE5RO6j0NXSyXm_SEcHdFKq3bYxrnlF3A== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	post_listing_asset.js Show response blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/	3 KB 2 KB	75ms 75ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 14712099 x-amz-cf-pop FRA6-C1 x-amz-server-side-encryption AES256 x-amz-version-id nC1hzr07YsutChb9rCwKsMoiyxip8lR7 content-encoding br x-cache Miss from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Dec 2021 15:26:10 GMT server cloudflare etag W/"d95d7dafd49a1edc76a47120c287b579" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LvL7xxyn29K8K5ocphfiBvVJ6vXKwapPG%2FiSBf0KyJbk72YYy%2FTVQkxIe6i8QaeZyKI8bLLRZEoYXSTKDmQxwDSZsouMpx8dzhhK0ZAAESVvqyFdKdUP%2B7QfkobctmMYoQRgH6BSA6EAfrQGNU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c41edb21d96-FRA x-amz-cf-id INLC28-S2KFR-6xPKGXGkAHBQ8FXNbXnTSNgxaKoT4vj0frVV8g2yg== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	v2.js Show response blog.aquasec.com/_hcms/forms/	527 KB 171 KB	79ms 79ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/_hcms/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash aad18b84e34e15f9dddf39cc08a040e557bce50512b8689f3f7faae963f1429f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests content-encoding br age 141 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3372/bundles/project-v2.js&cfRay=7e6a38cec7068fdc-FRA x-amz-replication-status COMPLETED x-hs-https-only worker x-evy-trace-listener listener_https etag W/"df557d754a89ef0210bd93ff6301921d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3372/bundles/project-v2.js date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id r0RDqVAx5nyXFjVas4brXORZ1.2QDi7x x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id c24772ad-f723-4b3a-822b-42e7d5d5fbec x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id c24772ad-f723-4b3a-822b-42e7d5d5fbec last-modified Tue, 27 Jun 2023 09:59:09 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXWAFyXrXqOHGD9Zgn340xUgIv%2FVWJIeju6m0KztW48nUPxp8iHuIzL22dQdv9NE7ccEgqGSTN0aOgnAW3foUw%2F%2B68FEkfkyyhd2b0LHahDeXB4B8JwPyxTms%2BbLSZ8gsm1WywQU9OTao4P%2FJWE%3D"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-5c7n7 cf-ray 7e6a3c41edb41d96-FRA x-amz-cf-id OD_08T9pWQ0d964QHy420eRWn1lCf5zrohVTPMNZbxE99lHVtgDWLA==
GET H2	200	jquery-1.7.1.js Show response blog.aquasec.com/hs/hsstatic/jquery-libs/static-1.1/jquery/	92 KB 34 KB	107ms 106ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 64585853437a64d04c376ce448746668.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 14710700 x-amz-cf-pop DFW55-C3 x-amz-version-id null content-encoding br x-cache Hit from cloudfront x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Tue, 25 Nov 2014 17:03:30 GMT server cloudflare etag W/"ddb84c1587287b2df08966081ef063bf" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFVTByc75Do2x9gadyF5HZbcnU2j5qsFRmzJ5mSfCDEpCLeNRMEAdB%2BdA78ReB2jbxutWe2%2F1yuV2UnZLWv1MEQFSwp9ZupBTyhXhrSsZMS%2FChHdbmIE22HXhvHFH55Fbui%2FDg0i9eH5mBufe6k%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c41edc01d96-FRA x-amz-cf-id ORGj_fS451Qgx4lMQ9IiibpdvFLtioQjBopMXBc7nU4U7YwRQwh2Eg== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	comments_listing_asset.css blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/	1 KB 1 KB	65ms 64ms	Stylesheet text/css	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 14711424 x-amz-cf-pop FRA6-C1 x-amz-server-side-encryption AES256 x-amz-version-id LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Dec 2021 15:26:10 GMT server cloudflare etag W/"6b1d31d121f4c84e5ee3b7d7446495d8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLmfJ05P%2FWSE31VGIe2uMz5l5wrvzSGx50xJBFcIIP0gDdgt93NEiocJZtPIraNalWnPHVvp9lU2wVyxf%2FvaUtKBrSzCoQM%2FrCplwOGSvb4QS%2BR0%2F7VCVBAr8Wfjr%2FTUaN8qhbpEhcrD7T5bgI0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000 cf-ray 7e6a3c41edc21d96-FRA x-amz-cf-id jvw1aIBpKxMe1gtCo3RtPwWQRh8SfQhP1TY1uXm4WfIYCFWKK0Z-Sg== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	rss_post_listing.css blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/	910 B 883 B	82ms 82ms	Stylesheet text/css	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 14712143 x-amz-cf-pop FRA6-C1 x-amz-server-side-encryption AES256 x-amz-version-id YluxiXaQWSQWC28IUPv3NXYXDi68ylxl content-encoding br x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED x-hs-https-only worker alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Dec 2021 15:26:10 GMT server cloudflare etag W/"e1b521ec14a912d6d385c21388ec7d79" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cu5TsZVIIrrvwsgTcdZn%2F%2BJ6lhDPKV2HB6IxbCczSbVFaSeVd3a%2BdNtJZF7pH%2BWva08KnoLK9G6DCSXDSaIScAKujGZ8m%2BzWA4iICa8rxXeoSY3LvdjCkVViFT1eSE0zsoAh%2FDgrNLGYEI%2Bd7gI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000 cf-ray 7e6a3c41edc51d96-FRA x-amz-cf-id wRPq4gRubIHzANgCAz0wyem-7EHBI0sWOKp6XwIsrLR6avpBMEzHMA== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H2	200	layout.min.css cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1689270480281/hubspot/hubspot_default/shared/responsive/	4 KB 2 KB	165ms 67ms	Stylesheet text/css	2606:4700::6812:cec9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1689270480281/hubspot/hubspot_default/shared/responsive/layout.min.css Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:cec9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-encoding br age 72104 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-amz-replication-status PENDING x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-evy-trace-listener listener_https etag W/"94daf62e7e6df83595c6251fb0c7c055" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1689270480980 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-evy-trace-virtual-host all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20 date Fri, 14 Jul 2023 13:50:33 GMT cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop IAD66-C1 x-hs-alternate-content-type text/plain x-hubspot-correlation-id f0d0a5e2-ca68-481f-a58f-b4c692747c7b x-amz-storage-class INTELLIGENT_TIERING x-envoy-upstream-service-time 95 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id f0d0a5e2-ca68-481f-a58f-b4c692747c7b last-modified Thu, 13 Jul 2023 17:48:01 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMvWyTgWgqnfqRGxtLNAsrQKvIl3Whm5AwV54m1PaVAAbOR4gfochqasyAnLlMPjKBdVQzzBHkq2ddQODCjSPMhv%2BAiivB%2Fib%2Bg0bfiJ3Fhfwu4AGhCYaW%2BlbMqYqtOsQUuTKJRRbrFTkS%2BT%2FGg%3D"}],"group":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r cf-ray 7e6a3c428db639be-FRA
GET H2	200	aqua_theme_2019_styles.css blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/	109 KB 24 KB	107ms 107ms	Stylesheet text/css	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b854ab0289192ff9253ba6293fe9e80a8ad87af73fc448ce781f7330462ffaba Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests content-encoding br age 1799 x-amz-request-id JNM7AXAEK250HJZ5 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator x-amz-replication-status PENDING x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-evy-trace-listener listener_https etag W/"b4264719550b2a631ef3ecb8cc44e4ac" vary origin, Accept-Encoding x-amz-meta-created-unix-time-millis 1686823327504 content-type text/css x-evy-trace-virtual-host all cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000 x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20 date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 98b2021a1a69853671ec2390cb8757f0.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id 3Qf2k3k3ffBMZ6ocIg31kF1ACli.qGoU x-amz-cf-pop IAD12-P2 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront x-amz-storage-class INTELLIGENT_TIERING x-envoy-upstream-service-time 129 alt-svc h3=":443"; ma=86400 x-amz-id-2 FFjsdy96aIcxzOJvkH3X6s/ZGTxZwZQ03KHNwKfcsB90OJu3DYbFlqt0W/kQUyrHE+8YbhKoF6Q= x-evy-trace-route-configuration listener_https/all x-request-id cef18c42-f4cb-4bce-bce4-06e8c4de729c last-modified Thu, 15 Jun 2023 10:02:08 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOppokymOm3jQNdd%2FAb482gMACSQTzqzDIIt%2FqXgVXoJxZau64F6tToXyUq%2BRfc0tZpzXBx4uT95yzEpsr6I5neG1e7lMt3j2cwZ4ZpByZvC9yQjRdQKamV91kCYsNaHJNNucJNdNb4h%2BYL%2BQ5c%3D"}],"group":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns access-control-allow-credentials false cf-ray 7e6a3c41edc71d96-FRA x-amz-cf-id IbAnrgbbO6y4JhcN58WQeTlrOYnhmEPoL6X4R0uMnooDKzj3WmXw_w==
GET H2	200	Blog-Image--TeamTNT-1.jpg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/	31 KB 31 KB	229ms 127ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Blog-Image--TeamTNT-1.jpg?width=870&name=Blog-Image--TeamTNT-1.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f2a1cd1d757aa889d5742173fac65c66cf0f559f8d5c423baa82b648320547e Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-124451736754,P-1665891,FLS-ALL content-length 31284 cf-resized internal=ok/m q=0 n=165+0 c=4+57 v=2023.7.2 l=31284 last-modified Thu, 13 Jul 2023 01:29:02 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfs4MlBxN5x5ZnA7IaRJD5UblV9Z0BzdmqJ_ULo1G_DQ:bb6674c2db89a1e4a7b99a415f524422" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c43fb9fbbc1-FRA
GET H2	200	Ofek-Itach_SQ.jpg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/	828 B 1 KB	266ms 165ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/Ofek-Itach_SQ.jpg?width=48&height=48&name=Ofek-Itach_SQ.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash af7f66a88467d69b1264d11bb4a988c6e7f7589d47e1b2b22b69fef30344aa70 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 9c6666844f92bfc6b8685747b641abc6.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-76134155906,FD-7522622900,P-1665891,FLS-ALL content-length 828 cf-resized internal=ok/m q=0 n=245+0 c=1+1 v=2023.6.4 l=828 last-modified Mon, 13 Jun 2022 10:57:27 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfFVIAKyixFy3IUjbUyHpoBbJ8KxSBlmMBbhedHTfFDQ:700866d580351087ed06187aa9f7d4bd" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c43fba0bbc1-FRA
GET H2	200	Assaf%20M%20300x300.jpg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/	828 B 1 KB	265ms 164ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/Assaf%20M%20300x300.jpg?width=48&height=48&name=Assaf%20M%20300x300.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e67f6aacc88c8b3acf98f74772db7dd2f29557146a3fc9aa74602ea7c94b8ec1 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 1d4079b9c92abe0dba6581682966e934.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-97329473928,FD-42703647798,P-1665891,FLS-ALL content-length 828 cf-resized internal=ok/m q=0 n=183+0 c=1+5 v=2023.5.0 l=828 last-modified Wed, 04 Jan 2023 12:38:02 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cf1zM0XKenPQu5gookC4EYBHUAKxSBlmMBbhedHTfFDQ:12b60e0644c5c87150805225f7db3e83" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c43fba2bbc1-FRA
GET H2	200	made_with_flourish.svg public.flourish.studio/resources/	7 KB 3 KB	144ms 43ms	Image image/svg+xml	143.204.98.107 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://public.flourish.studio/resources/made_with_flourish.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-107.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash ce277bd81ffb51103836b75131ef16c03690269e767420517cbf310b4fe9b24e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-amz-version-id j8.1FRYnJH7gSl_m_F2.cP0cQfK1cpxY content-encoding gzip via 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront) date Fri, 14 Jul 2023 02:38:09 GMT x-amz-cf-pop FRA50-C1 age 40396 x-cache Hit from cloudfront last-modified Wed, 11 Nov 2020 12:02:50 GMT server AmazonS3 etag W/"c19a2cc9f10c2ce7e30272550502097c" access-control-max-age 3000 access-control-allow-methods GET, HEAD, POST content-type image/svg+xml access-control-allow-origin * cache-control max-age=86400 vary Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method x-amz-cf-id _MUnB0R233WDAq1NZHnJ6cC-Nuk9IJ2lIYCV_eRqkN5Cu7cyXVSNqQ==
GET H2	200	TeamTNT-1-thumb.jpeg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/ Redirect Chain https://api-na1.hubapi.com/video/v1/public/124377039151/poster?portalId=1665891 https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/TeamTNT-1-thumb.jpeg?length=1920	34 KB 35 KB	56ms 55ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/TeamTNT-1-thumb.jpeg?length=1920 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ce6f862e8093670596e5b397640fecff406674cc67f372409b013d206ca6ccbf Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-124379746313,FD-9460320918,P-1665891,FLS-ALL content-length 35292 cf-resized internal=ok/h q=0 n=90+0 c=11+127 v=2023.7.2 l=35292 last-modified Wed, 12 Jul 2023 20:09:41 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfKNGDh-Il_1eJDw-UMTdyHlrswnSDvw7ZAbX8WcieDQ:bb26b097c5d56da0596a1a043dec610c" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c47d8f4bbc1-FRA Redirect headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 18da3575-0a91-4f5b-9cf2-9b82d5eca338 x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 18da3575-0a91-4f5b-9cf2-9b82d5eca338 server cloudflare x-trace 2B49BA9E7764F8CACE5689A011AF1FF20A37478CC1000000000000000000 vary origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wqgt4i32MRZWRllNHVNOxYuzTnFdrYN0qP5J%2Fq0lCBJtgL%2Bd0o4Bp6s6kiAEtCo2eSdQHy2gII8IwFPcaZe3uoEaIopP%2BVe98lfPpa8iUnunaH9tgeNz7sEgilM8N957Lkf7nyssyzjXTvnvc7bR3Q%3D%3D"}],"group":"cf-nel","max_age":604800} location https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/TeamTNT-1-thumb.jpeg?length=1920 x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-vk5c8 access-control-allow-credentials false cf-ray 7e6a3c43ebae3618-FRA
GET H2	200	Ofek-Itach_SQ.jpg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/	3 KB 3 KB	265ms 165ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/Ofek-Itach_SQ.jpg?width=120&height=120&name=Ofek-Itach_SQ.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 52e281fb46a631df87587fa6388f5df4e576b543d7c7c387bae676434381e462 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 5195de19cbc5ce842ac6538e9a6850ca.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-76134155906,FD-7522622900,P-1665891,FLS-ALL content-length 2844 cf-resized internal=ok/m q=0 n=209+0 c=1+4 v=2023.6.4 l=2844 last-modified Mon, 13 Jun 2022 10:57:27 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfFVIAKyixFy3IUjbUyHpoBbJ8CkG96azlf-Tapd0KDQ:700866d580351087ed06187aa9f7d4bd" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c43fba3bbc1-FRA
GET H2	200	Assaf%20M%20300x300.jpg 1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/	3 KB 3 KB	239ms 138ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/Assaf%20M%20300x300.jpg?width=120&height=120&name=Assaf%20M%20300x300.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c75856e66054adbda0310e749edbdec273f207923321b97a3f8bf012b4d28b80 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' cache-tag F-97329473928,FD-42703647798,P-1665891,FLS-ALL content-length 3080 cf-resized internal=ok/m q=0 n=233+0 c=1+7 v=2023.6.4 l=3080 last-modified Wed, 04 Jan 2023 12:38:02 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cf1zM0XKenPQu5gookC4EYBHUACkG96azlf-Tapd0KDQ:12b60e0644c5c87150805225f7db3e83" vary Accept, Accept-Encoding content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c43fba4bbc1-FRA
GET H2	200	embed.js Show response static.hsappstatic.net/content-cwv-embed/static-1.240/	11 KB 5 KB	148ms 53ms	Script application/javascript	2606:4700::6812:8b65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/content-cwv-embed/static-1.240/embed.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f7944796ddd5fcfea5a16d0a01e0179972a31c071aa2fda7ba986323a6790752 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT x-amz-version-id 2PIZat4k7iqlwfOTJtCspFj5G31rDKpK via 1.1 b77d54382cc35fc640003fb8b900beba.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop MXP63-P3 age 235295 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Mon, 15 May 2023 19:59:44 GMT server cloudflare etag W/"bf8f264c31eb93db41268dd04256be85" vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BeNECg9ym92gW7IpXTd%2FlGB9y1t9v1F6sB7%2BIeMYnsab6yLHwOh%2B%2BBwga104az0JcYCFQa5VPrUPbwF1gJ4NQmEa%2BwqIHgWHMcg96vvWJpGMe%2FFJMu4x%2BbsirijKJ%2BlcjFXhSThRHgsQa8eRcRAjkweL98%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 7e6a3c43ef959c0c-FRA x-amz-cf-id shAkIS6H3MGyzOClSuXQgsnbYj9-ZCWSrC-UYOkt-Q5nurMa3AEa8Q== expires Sat, 13 Jul 2024 13:50:33 GMT
GET H3	200	aqua_theme_2019_scripts.js Show response blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/	5 KB 2 KB	81ms 80ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_scripts.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4f9a3cacca516b6343c46d79e9c02a0eea2497cd7b0726359b8bb9120375559e Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 1b6db55df4d0459558669f7d008cda9c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests age 2151 x-amz-cf-pop IAD89-P1 x-amz-request-id H0F83E6W837J6E15 content-encoding br x-cache RefreshHit from cloudfront x-amz-version-id 9AKBnGYi3T4hDaPO1On7lahtX4teQ0Wk x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 alt-svc h3=":443"; ma=86400 x-amz-id-2 1ItJtCehQVYmLeMchhkoOk4UlIv7/xcYA1VvEWrD5nzrJRVrQcz62rOHXX5Ow29g5NDAtYOOxidpe3c8pYwbQg== last-modified Mon, 02 Dec 2019 01:40:31 GMT server cloudflare etag W/"de4d6e1461004a14ecb30b8ea579d084" vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vb7Oq7v0BTir7AaZ%2BRy0l7rDcEf9mB8QeP9oJhUTfBOAN%2BJMf1drprd4tYbOLId%2BTNThbFkwejSpRjPlEwVzSydR%2BoKZpZAuhELzr5gB%2FRF%2FQPkPf7tfAi8FgWWfe8JvzSkquIMxGJ7sY3EevDU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000 access-control-allow-credentials false cf-ray 7e6a3c430f94910c-FRA x-amz-cf-id jQlpzRX2aAL3gRVu74lrs_Mwi0ctymJHGX7RSgyLs-Pfw4l4Yw33Sg== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	loader.js Show response static.hsappstatic.net/video-embed/ex/	35 KB 13 KB	54ms 54ms	Script application/javascript	2606:4700::6812:8b65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/video-embed/ex/loader.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3bad8a093a13096aaa04a847ec1a058bfe892868051f39a1ab21d8be9430bf28 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT x-amz-version-id XgBFFj1pFc1nCU2jggx5GYu.sSKzqXfZ via 1.1 8f2341b304c32ec6530aa5361edb2fe4.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop ZRH55-P1 age 53 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Tue, 11 Jul 2023 17:16:02 GMT server cloudflare etag W/"009238802c8673fb7ee21ad8e238a0cb" vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDFewRORn%2FclMU45M5U7R3ja%2FmI%2FnfnOVUol51SGfjU995B8CeGB9sueacgHA9QnzuXuXUbbEZ6LlOBHmvEZMV%2BL6EUYKPJBcJew%2BxMtE%2FQGzKNfoG93c1hBuDZ9tU%2FaaBiCBtDFXPcojJWUePIC3Wd%2BPLo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=60 cf-ray 7e6a3c442fe89c0c-FRA x-amz-cf-id U5fnB3VNdWRmu9NJp72XPZFEAupIuryaqD2R88KpzSkh8UVWk5tO9g== expires Fri, 14 Jul 2023 13:51:33 GMT
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/	87 KB 28 KB	128ms 45ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1874830 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27938 last-modified Tue, 02 Mar 2021 18:58:36 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "603e8adc-15d9d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ux%2Ft3Ao7WfCZjXQBCWb6MW5kIpRjla5LApemcviD6x%2FIpBY2cLmRFkBCpRIEyEurR%2FeGp0vTE7MkIQZdSlNIdaJhPxnFtME1%2FJ4gjQjXbN%2F7MJo9malw6TGLcnTvN8o5wqjE2g40cbraEw2u4%2BghLqKa"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c43cdad30d6-FRA expires Wed, 03 Jul 2024 13:50:33 GMT
GET H2	200	jquery-migrate.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/	11 KB 4 KB	131ms 53ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 6682418 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 3718 last-modified Wed, 18 Nov 2020 00:51:42 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5fb4701e-2c03" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfmY8FIsyixo2cBvRF8uBcMtxXrxR9Xf5ycJ9wFZz48cIDOApyh9odDp7kYvMm5TyvCT%2BXMx9TDq9hNodfxxQJnHyaKHcOulrCk4QI%2Bfa%2BFH6izdC6wyOcfZFeOIH61FUuwTkGmLza4HhtfTxJX4EQHz"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c43ddaf30d6-FRA expires Wed, 03 Jul 2024 13:50:33 GMT
GET H3	200	1665891.js Show response blog.aquasec.com/hs/scriptloader/	2 KB 1 KB	440ms 440ms	Script application/javascript	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/hs/scriptloader/1665891.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c149ce43f4646b6e190f8d10f0a4e8bec6c4c2026b6be0f2a73369fff2418470 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1737e271-7886-4c51-9d01-1d3d76d43caf x-envoy-upstream-service-time 5 x-hs-https-only worker alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 1737e271-7886-4c51-9d01-1d3d76d43caf last-modified Fri, 14 Jul 2023 13:46:17 GMT server cloudflare x-trace 2B2C2375724B13100D4A85B16791B2511A5DE21FFE000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.aquasec.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-zqxft cache-control public, max-age=60 access-control-allow-credentials true x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7S1BVYDG3RAI%2BGqH6%2Bvv1hGXZFWkAOWhNsouucKKsr91chH1UIhD6zJCT5LVE50IOJs5noAWpHfL8S0nZrcOVNffqLqk%2FrwCmILBJ6%2FTS51Eu68CCjLM2z72mt54zC3ZJHTZn1Pfw2xOLFZksE0%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7e6a3c435ff4910c-FRA expires Fri, 14 Jul 2023 13:51:33 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	285 KB 92 KB	155ms 56ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash af0de7b0d15d8c36ebd4465864c7515ba0845a94eb14137d6176a8b136ac9832 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 93675 x-xss-protection 0 last-modified Fri, 14 Jul 2023 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 14 Jul 2023 13:50:33 GMT
GET H2	200	css2 fonts.googleapis.com/	7 KB 1 KB	137ms 49ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash af1a469d92bfcb0a43a47a53cafabdf04d540b95294d155def3ff6693c1fc538 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 14 Jul 2023 13:50:33 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 14 Jul 2023 13:20:59 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 14 Jul 2023 13:50:33 GMT
GET H2	200	animation.css 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/	27 KB 3 KB	228ms 125ms	Stylesheet text/css	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/animation.css Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee6eb03a528bb02a6a0aaac0adcdcfaeb3275b2596b08df6efd12ceca93df7e9 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-3686461719,P-1665891,FLS-ALL x-amz-version-id s0c7rvHNJDMTrAJplCdVbtTcnNRAmnNF age 947111 x-amz-cf-pop FRA56-P7 x-amz-request-id ZJYHWTF7JV1BNFXJ edge-cache-tag F-3686461719,P-1665891,FLS-ALL cache-tag F-3686461719,P-1665891,FLS-ALL x-cache RefreshHit from cloudfront x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 x-amz-id-2 WnCmiSctw42jMc1990sYy2OlA+pocI58kCzCU173CL/07n8E/tznz1FWcqyF2Ay8B0fMQbVjwlA= last-modified Sun, 08 Oct 2017 05:05:55 GMT server cloudflare etag W/"edfd447adba05bffefacddd7cf793b7d" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c43fb9ebbc1-FRA x-amz-cf-id TGord0M0trZzYpR4vA9bGjdPoZCdbIcMwGSEeE2t1jLuqtBL-PuMNg== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	embed Show response flo.uri.sh/visualisation/14395339/ Frame 2291	150 KB 49 KB	161ms 68ms	Document text/html	2606:4700:20::681a:7b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flo.uri.sh/visualisation/14395339/embed Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4c067a4f3828f4b9e6aa0ee521aafb4b300e2db659ebd5d7383c014007c47cc0 Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 91302 cache-control max-age=0 cf-cache-status HIT cf-ray 7e6a3c43ef3d912a-FRA content-encoding br content-type text/html; charset=utf-8 date Fri, 14 Jul 2023 13:50:33 GMT last-modified Wed, 12 Jul 2023 14:41:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMD%2BhYqbhjsHIjBgYA6BiojIOys5IL7aGUFgf9uY%2BGKMyV%2FzbP6Cbn%2BEI%2F7zZ%2Fu%2B%2B%2BdAJZpVN3el%2F7vgHZNh7XC8O6aoUd%2F9Y7GvEFQBegFEKJX2eJ2WAlHv066SkoRb5ROGc74l8cQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-amz-id-2 WDbieacIzIwHbDzPOy9feSAZOLNsRulYMNVq3uQNZ3dzpikKmqwfQdWs5W6sIE221Mf2v4twr3w= x-amz-request-id 3RQRXT60QNHZKXG8 x-amz-version-id Ra3xueeS5HWS_6TRTyL30KxKu.3i1pmu
GET H2	200	g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a Show response www.virustotal.com/graph/embed/ Frame BD2C	5 KB 2 KB	325ms 162ms	Document text/html	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 1fdf2d38ea776b3b355bf1a44eadc76e7c08c11ead4d49b423693af526f2e180 Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache content-encoding gzip content-length 1578 content-type text/html; charset=utf-8 date Fri, 14 Jul 2023 13:50:33 GMT server Google Frontend vary Accept-Encoding x-cloud-trace-context 80f9b3feaed19fc180d96ac27daaa771
GET H2	200	embed Show response flo.uri.sh/visualisation/14363779/ Frame 03DE	2 MB 503 KB	143ms 54ms	Document text/html	2606:4700:20::681a:7b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flo.uri.sh/visualisation/14363779/embed Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash af71e712b85014d7b3e62e32a13af4dc6c83f97948b44179cb0a01c84b1ca25e Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 89285 cache-control max-age=0 cf-cache-status HIT cf-ray 7e6a3c43ef3f912a-FRA content-encoding br content-type text/html; charset=utf-8 date Fri, 14 Jul 2023 13:50:33 GMT last-modified Thu, 13 Jul 2023 09:33:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xjFSvq9m9edH4%2FGe%2B1lcBYAYTWK9De43MRtZ7INzszR0o8Un5W0QYH7TQP3j7DmEWjJq11CHrXgVcCZ%2FBNMr%2Fs1zf7XScJ7FCrXpLe7pPLNTrWrdQU8a61uRx2FA5QTsg0fddfYoWbo%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-amz-id-2 1w+DDKZxG0OakW20NoW1OIgoG5vO24q/Q/9vsAz6ueyks2VROtlcDiv9dKkxr4gRTpNIXP42hGI= x-amz-request-id 2R88Y63FC60W05VX x-amz-version-id Kx.rYAA2WuS1UOTVoajspU2efDjFuLJc
GET H2	200	css fonts.googleapis.com/ Frame 03DE	5 KB 756 B	51ms 50ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700 Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash cbd72c9f40a8903d4eb22dd875d21dcb4e604b01c9b57c5847cd9c5ee1ee6af9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 14 Jul 2023 13:50:33 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 14 Jul 2023 13:18:55 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 14 Jul 2023 13:50:33 GMT
GET H2	200	bundle.css flo.uri.sh/template/16768/v7/static/ Frame 03DE	39 KB 6 KB	82ms 81ms	Stylesheet text/css	2606:4700:20::681a:7b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flo.uri.sh/template/16768/v7/static/bundle.css Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c878908161b3baf40d8e5fad66988248fa10be2d6b66a0d1f3f2fc0fdbd0a565 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/visualisation/14363779/embed User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT x-amz-version-id X6awin4ik8Q_DWUtnCpji6rQ7.XOQ1K8 content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id QG8QP6DKM4EDQJJJ age 688004 x-amz-id-2 6W/8358VdHXrTludxHRiRrgByk2sSlGGTv6EAcpOl9BPVcNjeEeYFBEM7AJswNDvVVVbK6nSAXA= last-modified Thu, 06 Jul 2023 14:16:28 GMT server cloudflare etag W/"faf952a27170190894d03a4fbdd80cc3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rH%2B4W3m%2BrpPfWL%2Fsr55xvD0%2B8wUHXQGqhktVV4re1KM3U8eScCKEpugykXFWaNrC0Iss5T%2FpQieEHw80alo%2BDR6SnoxZgaAVcwt4pdO7jpsg0PxfZTp5Bqu54TIcDOtC7dvtBlZXtDs%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000, immutable cf-ray 7e6a3c444fc6912a-FRA
GET H2	200	fa-solid-900.woff2 flo.uri.sh/template/16768/v7/static/webfonts/ Frame 03DE	73 KB 73 KB	82ms 82ms	Font font/woff2	2606:4700:20::681a:7b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flo.uri.sh/template/16768/v7/static/webfonts/fa-solid-900.woff2 Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/visualisation/14363779/embed User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT x-amz-version-id bWspCAvFmTPhgT9pBzXS28FOql9HWV_b cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id QG8NWGAY3XV7YYFE age 688004 content-length 74256 x-amz-id-2 GHISpTK96L0CCqv1aBG+M2CeVIxqK6xXDzlmMMM4TKkuOir3lk3Ll2c+hHitRWkMqi1EPmGWBDU= last-modified Thu, 06 Jul 2023 14:16:28 GMT server cloudflare etag "418dad87601f9c8abd0e5798c0dc1feb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nr1p8uuT3mv7Ff9Xv0MW7HdxYNVn6wIYwrvl5jkofYt1UY6AIQMTr5fDQnaHEMNwlfuvlvIdHGOA36MsWAxWwm4XqBIhLqMXou5Og8cgVeNaXkf2yZZzcBsRsQJWChXHcB%2Bz2ZuCA%2Fc%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=31536000, immutable accept-ranges bytes cf-ray 7e6a3c444fc8912a-FRA
GET H2	200	style.css flo.uri.sh/template/12954/v3/static/ Frame 2291	548 B 699 B	96ms 95ms	Stylesheet text/css	2606:4700:20::681a:7b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flo.uri.sh/template/12954/v3/static/style.css Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14395339/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d3384e8badd6606689c119ccea5a5141d73db77228d227950262d0930aa06460 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/visualisation/14395339/embed User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT x-amz-version-id r6nWiwi0JM7ORAJwlt2qQ.Sm4ZNmcMa1 content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id PATKYX74Z3W8SZ43 age 149581 x-amz-id-2 gYSIiLOjddGWs5utg1ZNQ8jzUj+Dx4Odq64gGOb+pkm4GBzqBGpTnK+uz114BxyUaqxMdheyBKE= last-modified Mon, 10 Jul 2023 16:33:54 GMT server cloudflare etag W/"4dc84163ea55146b696ee921d2536794" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxiLKIjBXxjXLuCdQlZtNiu6%2F9lC9B%2FYxQZFfFQ5sez4dIdrYn2YJdgi3Uc5dlmOBLVt6DovAryss%2FFXUz5PjwB6ROvO6QW8p0wAireb4MoKjUxTqyJjtaiOxss5n4uzwaSp%2FQaVQ7k%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=31536000, immutable cf-ray 7e6a3c44780b912a-FRA
GET H2	200	embedded.js Show response public.flourish.studio/resources/v3/ Frame 2291	11 KB 4 KB	41ms 40ms	Script application/javascript	143.204.98.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://public.flourish.studio/resources/v3/embedded.js Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14395339/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-107.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 3f80d5f9ce4e4273e3dbdc43f418d37328216b79195165c14e65cc1c6ec34127 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-amz-version-id 5JBkJ5yHwPU9uXJxuk.oM8vXR3yq7pLt content-encoding gzip via 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront) date Fri, 14 Jul 2023 13:50:27 GMT x-amz-cf-pop FRA50-C1 age 16 x-cache Hit from cloudfront last-modified Thu, 06 Jul 2023 09:04:12 GMT server AmazonS3 etag W/"dc19950f0ddddd9b7a5691ed2ee57cb9" access-control-max-age 3000 access-control-allow-methods GET, HEAD, POST content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=300 vary Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method x-amz-cf-id 1eUzTcrBWZl-ShCOalCGRgd2pjDo9I__YZ9mE9Tca8j-yzSLdh4qwg==
GET H2	200	logo_aqua_2020.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	2 KB 1 KB	59ms 58ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_2020.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b8eb8a7898d7f65f3407008af621d906d14d1f0d0ff3f03a70da78cc1e471ea0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-33469653384,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id Gbe7iAG8CWjdzqvIjTwC5N1NHh.QA.MM age 63236 x-amz-cf-pop FRA56-P7 x-amz-server-side-encryption AES256 x-amz-request-id CVAHKZVCPYZ2HZGN edge-cache-tag F-33469653384,FD-6262692448,P-1665891,FLS-ALL cache-tag F-33469653384,FD-6262692448,P-1665891,FLS-ALL x-amz-meta-index-tag all x-amz-storage-class INTELLIGENT_TIERING x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 +ZQ0gizBO1my1lufIVkBXTP0lQr4ZelZnfhbrOR5sbBfdOdSXiIA6N0rGJSJGMiLulMn4W+Anjo= last-modified Mon, 20 Jun 2022 10:03:45 GMT server cloudflare etag W/"1aec447da87d1627fad6c89bc560eecc" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * x-amz-meta-created-unix-time-millis 1597095993170 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c44cce0bbc1-FRA x-robots-tag all x-amz-cf-id JZt7JiUyBXnvNzDA1Yn_tb1cStUXxrdCHayuW4pVOCQkvCsOU2_wTQ== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H2	200	icon_search_2020b.png 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	212 B 1 KB	57ms 57ms	Image image/webp	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/icon_search_2020b.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0ae9b1771bf14db70ab8b7f15a98a88e78307a6b498182268a4de1ff393d88bb Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-amz-meta-cache-tag F-33469350916,FD-6262692448,P-1665891,FLS-ALL age 527612 x-amz-request-id 1A70NJV975548QPV x-amz-server-side-encryption AES256 edge-cache-tag F-33469350916,FD-6262692448,P-1665891,FLS-ALL x-amz-replication-status COMPLETED content-disposition inline; filename="icon_search_2020b.webp" x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 cf-bgj imgq:85,h2pri etag "c9a08b827cc52adbe146a1519a312a5d" vary Accept, Accept-Encoding access-control-allow-methods GET content-type image/webp access-control-allow-origin * x-amz-meta-created-unix-time-millis 1597096538277 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20 date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 9337fb1a30f1b289c50391a6e6421e68.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id iY4foo3ISi96BxM2rLVgv9iuf8FE_L6A x-amz-cf-pop MRS52-P2 cf-polished origFmt=png, origSize=346 x-cache RefreshHit from cloudfront cache-tag F-33469350916,FD-6262692448,P-1665891,FLS-ALL x-amz-meta-index-tag all content-length 212 x-amz-id-2 GTzBTnSG3frpZTAl89SmtzwLeFFAKsEV4p8Ax77N7bPt+UQ2+zXYHswrGdXs2oOntRORA3aZoq8= last-modified Mon, 10 Aug 2020 21:55:39 GMT server cloudflare accept-ranges bytes cf-ray 7e6a3c44cce2bbc1-FRA x-amz-cf-id UVd5XaS-Z0AR9ZEZthJWaYhaajgbiSx7VYXDHH6irMaaJYfBjgOPvA==
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v12/	37 KB 38 KB	132ms 42ms	Font font/woff2	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://blog.aquasec.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 12 Jul 2023 17:13:14 GMT x-content-type-options nosniff age 160639 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37924 x-xss-protection 0 last-modified Mon, 11 Jul 2022 20:54:46 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 11 Jul 2024 17:13:14 GMT
GET H3	200	newplot-(33)-2.jpg blog.aquasec.com/hs-fs/hubfs/	11 KB 12 KB	63ms 63ms	Image image/webp	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://blog.aquasec.com/hs-fs/hubfs/newplot-(33)-2.jpg?width=830&height=449&name=newplot-(33)-2.jpg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c0e26709a2e2bec79634b7a2231a9b5fef8c1650435c089007f5ec9d0c5e3452 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 via 1.1 8e8540d018f18b8833babc5ff23ec2c6.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests cache-tag F-124407471223,P-1665891,FLS-ALL x-hs-https-only worker alt-svc h3=":443"; ma=86400 content-length 11044 cf-resized internal=ok/m q=0 n=886+0 c=7+38 v=2023.7.2 l=11044 last-modified Wed, 12 Jul 2023 23:51:00 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfBa1YozaxTr7l4GcuKDx_D7U75nl-4lgH3OIjXaDKDQ:0e5d689596050795d3a3f94dd64379d2" vary Accept, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ss7i9skuAMTE%2FPA3TIMuGwfpti9qql2%2BTcvLLuGhVVmmhZI6D2XTretQdPlnfzA6sP6mCO35nahE72XOJtQuwmSxjzj%2FeLq09QASkjlgXvRiwqBwD3eNn5fBvUmsAZg6o4dePCIIhsuBHMrujWk%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7e6a3c44f9aa910c-FRA
GET H2	200	logo_aqua_dark_2020.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	2 KB 1 KB	56ms 55ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_dark_2020.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 32046089ccace81843cbfbf1e80ec224e591a3a6441753dd62e0bcf4cf33c6d6 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-32606658374,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id cGIgv._m7NnLCO.CteoU4AWXKa3.JYOI age 372280 x-amz-cf-pop FRA56-P7 x-amz-server-side-encryption AES256 x-amz-request-id ZWYYFCE05Q5G2WD4 edge-cache-tag F-32606658374,FD-6262692448,P-1665891,FLS-ALL cache-tag F-32606658374,FD-6262692448,P-1665891,FLS-ALL x-amz-meta-index-tag all x-amz-storage-class INTELLIGENT_TIERING x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 LidI0WfwPen6vWZn0ejxE/gUXNpo5M4Sc8Lgj5wmK6hBShKjqcGgYJ+fsTNoAE3bIWshASm6B9c= last-modified Mon, 20 Jun 2022 10:04:44 GMT server cloudflare etag W/"fb3dc48473ed7d00d95c696406bb2aa0" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * x-amz-meta-created-unix-time-millis 1595279826387 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c453d48bbc1-FRA x-robots-tag all x-amz-cf-id mjGEdq0joPRZR7qOIjOYtbWXEb3S1rFGggStleOPFYn2zZfYrnHlxA== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H2	200	facebook.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	779 B 874 B	60ms 59ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/facebook.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c777fc478672e659838faae4c55cf7a8e32c688431ee4d0cd268cf14f645b673 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-7582432823,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id SiJr2kD481BGRTq56gO1daBOEbOHUvM_ age 1084755 x-amz-cf-pop FRA56-P7 x-amz-request-id 36S0BFMTEX4GA1TK edge-cache-tag F-7582432823,FD-6262692448,P-1665891,FLS-ALL cache-tag F-7582432823,FD-6262692448,P-1665891,FLS-ALL x-cache RefreshHit from cloudfront x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 LTIWQwY27Qf9YPqSBwCqRSihhKZ6VwstNF9rS2QDoTfJfeMglnJSuxFO7oQQ5XA4WII8b51d5/Y= last-modified Wed, 13 Feb 2019 23:42:59 GMT server cloudflare etag W/"19749026ef152d226e9257455bec9ed7" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c453d4abbc1-FRA x-amz-cf-id dnwtvfNeVRBZYCi0IUoRhO__qyj45rCzDCipPv2EqthR3UukwNVjOA== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H2	200	twitter.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	1 KB 1 KB	58ms 57ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/twitter.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7138c5a544f4668dd59e8f9d96aaa87bcfd0066948ea309f2db6460bd3b81041 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 aa393156633f77c48a95484592ea7686.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-7582014199,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id mVTFNpptaHocM.LV.q7AdmUpV3QrCcWF age 516318 x-amz-cf-pop MXP53-P2 x-amz-request-id MNZM02BZ02KVXAXV edge-cache-tag F-7582014199,FD-6262692448,P-1665891,FLS-ALL cache-tag F-7582014199,FD-6262692448,P-1665891,FLS-ALL x-cache RefreshHit from cloudfront x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 lWh6onLTFLIQZXV87mF92YDgulLlpk6YvJh96b6t6U5q37rx8avBtqljVZ1XAtUlK4VHdJDcdg2a8lEYujUI0g== last-modified Wed, 13 Feb 2019 23:42:59 GMT server cloudflare etag W/"c4fcf938ebe664dd424c0a6a5e4b03fc" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c453d4cbbc1-FRA x-amz-cf-id 050JJyf8Lvg_95dkEI4r9C3tNyKdawebHWZgKAGWAGJO7YZLUqSJXQ== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H2	200	linkedin.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	602 B 1 KB	58ms 57ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/linkedin.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73b8cc55f2871f64c632b3fe73f36a7b8aaf40ee2a138695573bdc976e1942a9 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-7582436500,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id nffArO3nn88qKY3dclKx6aF8R_YTTHRu age 1040731 x-amz-cf-pop AMS1-C1 x-amz-request-id A4BB7J174260H44C edge-cache-tag F-7582436500,FD-6262692448,P-1665891,FLS-ALL cache-tag F-7582436500,FD-6262692448,P-1665891,FLS-ALL x-cache RefreshHit from cloudfront x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 B2FEpeSvYxgNqfw+jzeNfLgYFkQNRKVnJMB8C+TfslYvlSQXM/zPka56S7o/9mvtXGtXQgTGIu0= last-modified Wed, 13 Feb 2019 23:42:59 GMT server cloudflare etag W/"ea3d9adf55e5ce658c6a105df641d667" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c453d4dbbc1-FRA x-amz-cf-id HfL-v0UOxWPEWW-HjMGAvF5BeioOCiKsbg7a-QpIcHJLS3jczMaW3Q== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H2	200	youtube.svg 1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/	746 B 862 B	65ms 64ms	Image image/svg+xml	2606:4700::6812:e0f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/youtube.svg Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1a0cd9e51e9d88fdebfc2389a7fb0864a4cb6f1900262caa68f69c4c21c54eb7 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT via 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT x-amz-meta-cache-tag F-7580107715,FD-6262692448,P-1665891,FLS-ALL x-amz-version-id Q4TWafakBa5dIfTqtAoQ9ZM_q.TqNNL7 age 1097553 x-amz-cf-pop VIE50-P1 x-amz-request-id 5EY8GQV9QFCNJK25 edge-cache-tag F-7580107715,FD-6262692448,P-1665891,FLS-ALL cache-tag F-7580107715,FD-6262692448,P-1665891,FLS-ALL x-cache RefreshHit from cloudfront x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 x-amz-id-2 wH34GmBelRZubZyWBYAISg6d9LqOFnuMagUkBo2SwDsitU+l36hWvRpLq9lr+UJhCmo30OQ4pLU= last-modified Wed, 13 Feb 2019 23:42:59 GMT server cloudflare etag W/"bd569f0d9e19f95b6e7f98bdb5f7374b" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 cf-ray 7e6a3c453d4fbbc1-FRA x-amz-cf-id WA0UnRZ-Xu_sz0Cj0gaQSQYPCUR7_sk_DB7JVVHygMlQER4UPTPSTw== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20
GET H3	200	json Show response blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/	23 KB 5 KB	200ms 199ms	XHR application/json	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/json?hs_static_app=forms-embed&hs_static_app_version=1.3372&X-HubSpot-Static-App-Info=forms-embed-1.3372 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/_hcms/forms/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 9247de3125d140eb75c35b6914fefcb49cf1ae76ef2c13728138bcad1d7b281f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers Accept application/json, text/plain, */* Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id abd18af0-9ee9-41e5-98d8-6a5d79eaeaed x-envoy-upstream-service-time 13 x-hs-https-only worker alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id abd18af0-9ee9-41e5-98d8-6a5d79eaeaed server cloudflare x-trace 2B1A9C11B3196186694C43430A20F06649BB190318000000000000000000 vary origin, Accept-Encoding access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-max-age 180 x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-j4dtm access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fUK0bvR7pmjNMw3AzctByrVET6IZkCPSZcsl%2FA69UG%2BwNRJoEH%2BCs9J%2FPqQ91BRGFZWmd6a4NAb3GHI%2F9DqrW6mQR7IyIPX4ehrqzMZbXk6jbBA3UCskjLKEsYabj7nbExWc8C%2FI7JoMFlbtk84%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7e6a3c4549ec910c-FRA access-control-allow-headers * x-robots-tag none
GET H3	200	json Show response blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/	6 KB 2 KB	190ms 190ms	XHR application/json	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/json?hs_static_app=forms-embed&hs_static_app_version=1.3372&X-HubSpot-Static-App-Info=forms-embed-1.3372 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/_hcms/forms/v2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b4894c478ae181b4adcc76fdec13c5862577bdae940a4c010690230d34c0b491 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers Accept application/json, text/plain, */* Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-origin-hublet na1 date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 92934593-047f-46bc-8d3b-37cfdd2ae7fa x-envoy-upstream-service-time 8 x-hs-https-only worker alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 92934593-047f-46bc-8d3b-37cfdd2ae7fa server cloudflare x-trace 2BAA20AF30DCF59287202CB41D8A05FF1B878C93CC000000000000000000 vary origin, Accept-Encoding access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-max-age 180 x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1Vk8QOOh0YTk7DV7CvFe2Kge2rqgH4pT%2Fwrr7dRtCEgYicMMJq4NJDn0LQZyPVHKyVgVRgMctHNbOYB8OADTNSux7OrV6VkwxsjhYjNCJRO%2BtrZ6mFo2IOah1YYawimLh8%2F2wIVqPi0EFU90p4%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7e6a3c4549ee910c-FRA access-control-allow-headers * x-robots-tag none
GET H2	200	webcomponent-polyfill.js Show response www.virustotal.com/graph/assets/js/ Frame BD2C	107 KB 38 KB	53ms 52ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/js/webcomponent-polyfill.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 078441b8767fe10f5817e9d15f7d72a0b5960e8f243fb4b87713275e8f30a530 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 06:08:16 GMT content-encoding gzip server Google Frontend age 27737 etag "jWBcvg" content-type application/javascript x-cloud-trace-context 8da6ae35a9600d784c7d34c4d5a577d5 cache-control public, max-age=2592000 content-length 39000 expires Sun, 13 Aug 2023 06:08:16 GMT
GET H2	200	reset.css www.virustotal.com/graph/assets/ Frame BD2C	1 KB 892 B	51ms 51ms	Stylesheet text/css	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/reset.css Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 3f34c60739933355936b8697d7ffe230215934677bf088acf4ec1dda74cc7321 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:24:53 GMT content-encoding gzip server Google Frontend age 1540 etag "jWBcvg" content-type text/css x-cloud-trace-context c37f4ab611b1bd571119ff55e95f3a84 cache-control public, max-age=2592000 content-length 740 expires Sun, 13 Aug 2023 13:24:53 GMT
GET H2	404	logo.png www.virustotal.com/graph/assets//images/ Frame BD2C	306 B 306 B	189ms 189ms	Image text/html	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets//images/logo.png Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 130761f1957a81a406a02cc09c1d15ec539fa727d1eefad8141759974308f5a7 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-cloud-trace-context 87540e31fe2ab36cdb66e7ae37d43d93 date Fri, 14 Jul 2023 13:50:34 GMT server Google Frontend content-length 306 content-type text/html; charset=UTF-8
GET H2	200	11.main.bundle.4da6364c74094b0e015f.js Show response www.virustotal.com/graph/assets/ Frame BD2C	153 KB 48 KB	52ms 52ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/11.main.bundle.4da6364c74094b0e015f.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 02112900829af5918d45422a14f90ba9f6b15c52834250eab6d10cf4d6fcaddf Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:33:09 GMT content-encoding gzip server Google Frontend age 1045 etag "jWBcvg" content-type application/javascript x-cloud-trace-context 0d31d530ba15940e084f24362f578cb3 cache-control public, max-age=2592000 content-length 49160 expires Sun, 13 Aug 2023 13:33:09 GMT
GET H2	200	main.bundle.da2b5fdac9fb24ec8937.js Show response www.virustotal.com/graph/assets/ Frame BD2C	73 KB 18 KB	50ms 50ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 71074f844ef031c88b6ea9cc217d10e23a8e2e299989c513a52e0081cbfd0c66 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 09:18:17 GMT content-encoding gzip server Google Frontend age 16337 etag "jWBcvg" content-type application/javascript x-cloud-trace-context 2583a90de8f84607939cb0ac7941b9ae cache-control public, max-age=2592000 content-length 18228 expires Sun, 13 Aug 2023 09:18:17 GMT
GET H2	204	has-permission Show response app.hubspot.com/content-tools-menu/api/v1/tools-menu/	0 975 B	326ms 222ms	Script text/plain	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1665891&callback=jsonpHandler Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hs-worker-debug-mode false x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c9ed943f-afbe-45d1-8efc-fffc9de824e3 x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=7e6a3c466cf792a1&resource=unknown" x-evy-trace-listener listener_https x-request-id c9ed943f-afbe-45d1-8efc-fffc9de824e3 server cloudflare x-trace 2B98AC38A7B6CF8965A6B67DEE6C54A9C832EF0FD3000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-ksc82 x-evy-trace-virtual-host all cache-control max-age=0 access-control-allow-credentials true cf-ray 7e6a3c466cf792a1-FRA
GET H2	200	public Show response api-na1.hubapi.com/comments/v3/comments/thread/	75 B 562 B	422ms 422ms	Script application/javascript	2606:4700::6811:cccc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1665891&offset=0&limit=1000&contentId=123745878136&collectionId=3657573699&callback=jsonp_1689342633868_27082 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 88fadca35c114feb5370bf9f3c8d796e3e86e5359ffcab558b18f5c817c7e82b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 9a9e4d1b-cd8f-4d97-97fd-210510a68315 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9a9e4d1b-cd8f-4d97-97fd-210510a68315 server cloudflare x-trace 2B7AF9219E8E32224444B26DA036AEC2537B4DDFF2000000000000000000 vary origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNKtNoqrQFLJgytd4ZeSqA6O002iNLv%2FhAw%2Bgs0LS2YaR%2F3PMgDslJUkUVMFBxlUm%2BMX9H1tT9rYoUy6a8NKDOjjo6o0KtRd18fKgI2osx4On2Xg6vDbl9PFxiTTmrMr2vOdgCdQGNJVDVAVE1NmHg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-z8kzl access-control-allow-credentials false cf-ray 7e6a3c45ceae3618-FRA
GET H3	200	postlisting Show response blog.aquasec.com/_hcms/	2 KB 1 KB	76ms 76ms	XHR application/json	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/_hcms/postlisting?blogId=3657573699&maxLinks=5&listingType=popular_all_time&orderByViews=true&hs-expires=1720869054&hs-version=2&hs-signature=AJ2IBuECAI3wka9bvhPrZbeEyVxFt4hO9A&currentUrl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 9d9ba83164ada1fbe735c1276a1384ae7d75fa42ae2123925fa5d3fbb11341b5 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:33 GMT strict-transport-security max-age=31536000 content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1b3e81fe-47f6-42f9-9be2-238feb4ec327 x-envoy-upstream-service-time 26 x-hs-https-only worker alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 1b3e81fe-47f6-42f9-9be2-238feb4ec327 last-modified Fri, 14 Jul 2023 12:08:52 GMT server cloudflare x-trace 2B583062A7CC88589D69EC579EA9D3AD0D458720C3000000000000000000 vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUZluBaUnAGnUZp0prZ2D1XoII5kYAgmCylj3R5dJGy19mOsie52GjKyrXJMDvjUdeIYFRlYfX12nQWaaitsE3veHYZXH8G0qlcVhE83D7vwNWBvSFkQwoWTCr2sS0vkQoc0gRNQdw%2BOiYts1Uc%3D"}],"group":"cf-nel","max_age":604800} content-type application/json;charset=utf-8 x-evy-trace-served-by-pod iad02/cms-40-49-td/envoy-proxy-7966c868f8-px5dw x-evy-trace-virtual-host all access-control-allow-credentials false cf-ray 7e6a3c45da8e910c-FRA x-robots-tag none
GET DATA	200 OK	truncated / Frame 03DE	38 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/webp
GET DATA	200 OK	truncated / Frame 03DE	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET H2	200	js Show response www.googletagmanager.com/gtag/ Frame 2291	254 KB 86 KB	48ms 48ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-KW52XHYN9H Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14395339/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 5b1fb789063189b5bc9c39d7b390b29ec83f79346a59739d53719eea7e4028b2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 87776 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 14 Jul 2023 13:50:34 GMT
GET H3	200	css fonts.googleapis.com/ Frame 2291	5 KB 683 B	51ms 50ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700 Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14395339/embed Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash cbd72c9f40a8903d4eb22dd875d21dcb4e604b01c9b57c5847cd9c5ee1ee6af9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 14 Jul 2023 13:19:49 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 14 Jul 2023 13:50:34 GMT
GET H/1.1	200 OK	counters.gif forms.hsforms.com/embed/v3/	35 B 983 B	260ms 162ms	Image image/gif	2606:4700::6811:d6f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 14 Jul 2023 13:50:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 27687f8d-b68f-44dc-bad8-9219247f8a39 x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 27687f8d-b68f-44dc-bad8-9219247f8a39 Server cloudflare X-Trace 2B5692670F8A0684F0A7557C92FD4C47F34FB57980000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-j4dtm Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7e6a3c483b941d8e-FRA
GET H/1.1	200 OK	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 983 B	250ms 150ms	Image image/gif	2606:4700::6811:d4f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 14 Jul 2023 13:50:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 01b345d5-9e76-43cc-aa0d-a5ec1ca77479 x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 01b345d5-9e76-43cc-aa0d-a5ec1ca77479 Server cloudflare X-Trace 2B3B39CAE72C1DA5DE575910B8EF85A5C88A871759000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-nt996 Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7e6a3c487ccf91d8-FRA
GET BLOB	200 OK	9f7b3655-92f5-4047-b8bd-9e96ad37f319 https://flo.uri.sh/ Frame 03DE	379 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://flo.uri.sh/9f7b3655-92f5-4047-b8bd-9e96ad37f319 Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash b7cb08c169779ada855ef4a377e6811703f8efcbf5a2776bf01a926c7854eb40 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 388096 Content-Type text/javascript
GET BLOB	200 OK	9f7b3655-92f5-4047-b8bd-9e96ad37f319 https://flo.uri.sh/ Frame 03DE	379 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://flo.uri.sh/9f7b3655-92f5-4047-b8bd-9e96ad37f319 Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash b7cb08c169779ada855ef4a377e6811703f8efcbf5a2776bf01a926c7854eb40 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 388096 Content-Type text/javascript
GET H2	200	js Show response www.googletagmanager.com/gtag/ Frame 03DE	254 KB 86 KB	48ms 47ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-KW52XHYN9H Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 03d60b8c4c7dfd559bbc212d19a2599d9c1a27dfa0e5867ae49e684427d56cfc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 87897 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 14 Jul 2023 13:50:34 GMT
GET H2	200	embedded.js Show response public.flourish.studio/resources/v3/ Frame 03DE	11 KB 4 KB	40ms 40ms	Script application/javascript	143.204.98.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://public.flourish.studio/resources/v3/embedded.js Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-107.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 3f80d5f9ce4e4273e3dbdc43f418d37328216b79195165c14e65cc1c6ec34127 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-amz-version-id 5JBkJ5yHwPU9uXJxuk.oM8vXR3yq7pLt content-encoding gzip via 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront) date Fri, 14 Jul 2023 13:50:27 GMT x-amz-cf-pop FRA50-C1 age 17 x-cache Hit from cloudfront last-modified Thu, 06 Jul 2023 09:04:12 GMT server AmazonS3 etag W/"dc19950f0ddddd9b7a5691ed2ee57cb9" access-control-max-age 3000 access-control-allow-methods GET, HEAD, POST content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=300 vary Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method x-amz-cf-id pCx1xRvgxIzsUkp1-2Tvs6Yp5Ytjo-U67eFHzYP-hPqysjlZ0ZnmTA==
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/881756472/	3 KB 2 KB	230ms 117ms	Script text/javascript	2a00:1450:4001:80b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881756472/?random=1689342634283&cv=11&fst=1689342634283&bg=ffffff&guid=ON&async=1&gtm=45He37c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&hn=www.googleadservices.com&frm=0&tiba=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&auid=1765455877.1689342634&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a36abaeeac0f49aa3aa151b9cb6aeefd0f92079975e86e9150c3cbd6621127b6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1347 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	1 KB 703 B	187ms 58ms	Script application/x-javascript	2a02:26f0:3100::1735:28b2 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:28b2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a224dfc1e1af0259dd16f2fbc3033f2d43c30eb02ce760a3333d86c01dc1e942 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 13 Jul 2023 13:42:35 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=77350 accept-ranges bytes content-length 491
GET H2	200	9110.js Show response script.crazyegg.com/pages/scripts/0082/	6 KB 2 KB	561ms 455ms	Script text/javascript	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0082/9110.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ee12725456527413f4eb38618cb36834b3e0f843f48e73ca1b7d609054a3ac Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip cf-cache-status MISS last-modified Fri, 14 Jul 2023 13:50:34 GMT server cloudflare vary Accept-Encoding content-type text/javascript ce-version 11.5.104 access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c4919bd2bc6-FRA content-length 2203
GET H2	200	bat.js Show response bat.bing.com/	40 KB 12 KB	156ms 62ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Fri, 14 Jul 2023 13:50:34 GMT last-modified Thu, 11 May 2023 18:08:27 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 07FCC4A6EB004F70B7B9947429C4123D Ref B: FRA31EDGE0111 Ref C: 2023-07-14T13:50:34Z etag "80df77953384d91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 12183
GET H2	200	1665891.js Show response js.hs-scripts.com/	2 KB 1 KB	526ms 433ms	Script application/javascript	2606:4700::6812:873b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/1665891.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:873b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 948d65b6be9094d3bf07ff99dcdd56fe78911834bcf5be052c7e487e90bd1580 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding br cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d6d6522d-0c81-4de7-9960-7735ff10043c x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d6d6522d-0c81-4de7-9960-7735ff10043c last-modified Fri, 14 Jul 2023 13:13:10 GMT server cloudflare x-trace 2B284581E9BA66AB3CAC5456BD2D22D6CA84E19B93000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.aquasec.com x-evy-trace-virtual-host all cache-control public, max-age=60 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-ntps2 cf-ray 7e6a3c490f7d2c5b-FRA expires Fri, 14 Jul 2023 13:51:34 GMT
GET H2	200	pixel.bundle.js Show response pixel.dealtale.io/	37 KB 12 KB	151ms 43ms	Script application/javascript	13.32.27.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pixel.dealtale.io/pixel.bundle.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-27.fra56.r.cloudfront.net Software / Resource Hash ec8619de75666bd9a353974ae36aad73b668b51ea6e84c5ddc374a58fb55f705 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:24:07 GMT content-encoding gzip via 1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront) last-modified Wed, 12 Jul 2023 10:39:48 GMT x-amz-cf-pop FRA56-C2 age 1591 etag W/"923c-18949af8920" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1800 accept-ranges bytes x-amz-cf-id 3Ewez0D6kC2vWR6D-tAycz4XpXtxslKNQcxJkY8hN2Kpn_9mvpXTvQ==
GET H2	200	6si.min.js Show response j.6sc.co/	35 KB 11 KB	183ms 39ms	Script application/javascript	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 17 May 2023 00:27:16 GMT server nginx/1.14.0 (Ubuntu) etag "64641f64-8a3f" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 11052 expires Fri, 14 Jul 2023 13:50:34 GMT
GET H2	200	data-layer-events.js Show response info.aquasec.com/hubfs/	11 KB 4 KB	735ms 629ms	Script application/javascript	2606:2c40::c73c:671c CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://info.aquasec.com/hubfs/data-layer-events.js?v=1689343234293 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 396f95fe76847ae1beacf9c523d2b852b3fc31ce9beedbde4df6b7f8ba6901ec Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests content-encoding br x-amz-meta-cache-tag F-77926488921,P-1665891,FLS-ALL x-amz-request-id GRKDAHQFKW53DST8 x-amz-server-side-encryption AES256 edge-cache-tag F-77926488921,P-1665891,FLS-ALL x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 20 etag W/"b492d523ec97a31b53add8896e2baeca" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * x-amz-meta-created-unix-time-millis 1656583869290 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 20 date Fri, 14 Jul 2023 13:50:35 GMT strict-transport-security max-age=31536000 via 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id XcRlKoDF..T4fG.0Cjjm9Tr4D9UFP3Rp x-amz-cf-pop FRA56-P7 x-hs-alternate-content-type text/plain x-cache Miss from cloudfront cache-tag F-77926488921,P-1665891,FLS-ALL x-amz-meta-index-tag all x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 x-amz-id-2 m4+aRSl3H+93NLbtLtEm4ztKx5M0l6hpnzszh1eJrg4PXhxYjLT0pXbjJULp0czNOXJw/u6uB3Q= last-modified Thu, 30 Jun 2022 10:11:10 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ck2MIA8pZBX6GfcqpExo9uVBnTFkC4%2BCIh4tUJQPHOHZkdNb9aGVO5%2B3BpCaBF5p3FFyeIaiTJhLPhnCgbmTiGPXWR65Na6Jgr97ULjAtg7Crn8o%2FdpA5m0DFfAnpv%2FEkPFBlgMiDVOOPyxrFxM%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7e6a3c4919339b82-FRA x-amz-cf-id Fdsc3BVsuwSDlXrMLh7sJOuOruW3Ru4uj5IrU6Y-GqjEnntbx8KKsA==
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	126ms 39ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 14 Jul 2023 13:04:37 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 2757 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Fri, 14 Jul 2023 15:04:37 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	238 KB 82 KB	54ms 54ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 89862b590ae0c60eb5f3ce2491fd6b9a0a51299375955a347a8b81a311c30c04 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 83780 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 14 Jul 2023 13:50:34 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2291	15 KB 15 KB	41ms 41ms	Font font/woff2	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://flo.uri.sh accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Mon, 10 Jul 2023 18:50:39 GMT x-content-type-options nosniff age 327595 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14892 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 09 Jul 2024 18:50:39 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2291	14 KB 14 KB	48ms 47ms	Font font/woff2	2a00:1450:4001:802::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://flo.uri.sh accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 10:36:55 GMT x-content-type-options nosniff age 98019 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14712 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:57 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 12 Jul 2024 10:36:55 GMT
GET H2	200	1665891.js Show response js.hs-analytics.net/analytics/1689342600000/	66 KB 21 KB	619ms 523ms	Script text/javascript	2606:4700::6810:8bce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1689342600000/1665891.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/scriptloader/1665891.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6266f7d27c37e9b77ae166f9337e430531c88df57281f7d03544b906ecbbcd1f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id GRK87471EGFJW4XN x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id b033e04b-07a2-47e8-b03b-e380bf128254 x-envoy-upstream-service-time 15 x-amz-id-2 V9VT0dGBayutrJ2+40dKsAb5QM1MdHL5uUQOJnKMRfBVcnDkIQG/DOArUpVI1k+vSqjO10gGNgo= x-evy-trace-listener listener_https x-request-id b033e04b-07a2-47e8-b03b-e380bf128254 x-evy-trace-route-configuration listener_https/all last-modified Thu, 15 Jun 2023 14:40:48 GMT server cloudflare etag W/"fd4f5bfdebe9c4a447ebb7b99c1aeeb7" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd cache-control max-age=300,public access-control-allow-credentials false cf-ray 7e6a3c49faee2bb5-FRA expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	62 KB 19 KB	256ms 164ms	Script application/javascript	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/scriptloader/1665891.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 51fe677461fb52fe2ea462f79f6ec89f1c180b0ef4c784708f916dfcae443cc4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Origin https://blog.aquasec.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.367/bundles/project.js&cfRay=7e6a3c49fd969079-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"1278d099c4dab6fb3a19f92d17339e7c" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.367/bundles/project.js date Fri, 14 Jul 2023 13:50:34 GMT x-amz-version-id pbxBKlJjorxV0DMAmVxry6dIZ2YynMIw via 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront) cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 0d1a7f27-1da6-4b10-bb9f-8a89542ade3b x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 0d1a7f27-1da6-4b10-bb9f-8a89542ade3b last-modified Thu, 29 Jun 2023 01:40:22 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlmeLHKbG1qG6Qq22nYif3bi1Qt9fle4877TSyf2t%2Fh2auEaojXErzHheahymJufkwhKqjhPQbAVnc0hB56Yc2vOSzSIfG0MLh6d%2BHl9bXVQHJjg%2BMfH9HS%2Fa0572yHGIP0%2BcfkHC5Y%2BcfMQ"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-cxzff cf-ray 7e6a3c49fd969079-FRA x-amz-cf-id sabJyDd6oED2ixOZmFHEQ3e8uJTTiLzwm81Dk5TP09Cg3j2tmvOEVw==
GET H2	200	conversations-embed.js Show response js.usemessages.com/	75 KB 22 KB	143ms 52ms	Script application/javascript	2606:4700::6811:65ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/scriptloader/1665891.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:65ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b8a3bf9331b6769ac6ddaa2ded1a399ced056e7a2ff193778531edc4d10d05a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT x-amz-version-id gDvG.URIEoJ7e2dBkzs54TdZPKs8aKAu via 1.1 5d1a51a1eb09caa5b28051dd961c7c40.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD55-P5 age 123 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13554/bundles/project.js&cfRay=7e6a39464cf9920b-FRA x-cache Hit from cloudfront x-hubspot-correlation-id d695e4c1-b911-4fff-8b79-bef876e41a62 cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d695e4c1-b911-4fff-8b79-bef876e41a62 last-modified Tue, 11 Jul 2023 06:19:42 UTC server cloudflare etag W/"24fdfb0865d86d3f1a3d6eec939331e8" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7e6a3c49ffe01cb9-FRA x-amz-cf-id 7NcvaK6tql3Cn48qFbOzPF_Beam-X7lg5tMwpwcrh0DVPFezL4kJtg== x-hs-target-asset conversations-embed/static-1.13554/bundles/project.js
GET H2	200	1665891.js Show response js.hs-banner.com/	70 KB 17 KB	147ms 49ms	Script text/javascript	2606:4700::6812:18c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/1665891.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/hs/scriptloader/1665891.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 551c3bab6074c132e311a10ce2c984ce0f5c6cd8b96c311601d22fa820c2e37f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT x-amz-version-id 3WxyryV_hrhWsTuzsUyuhG.3cPW93U.m content-encoding br cf-cache-status HIT x-amz-request-id P5DA5MEMJESDPK8Z x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 age 47 x-envoy-upstream-service-time 72 x-amz-id-2 qBreL8DU4u/FGv/+C7JFo07EU3aVfhx5DHkjfkyhNrhAgS61L8qTFivibv2j/QrlX4DZYaNFvgBXH5F2U6qMk4BN6GYuORZ7rCcZx7++Kec= x-evy-trace-listener listener_https x-request-id 59437fb5-7a46-479f-9108-29ebf2b6a85a x-evy-trace-route-configuration listener_https/all last-modified Mon, 17 Apr 2023 15:00:41 GMT server cloudflare etag W/"6cf7f2cf5165c221ff409e9ccf5132cf" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.aquasec.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6b586b4cf9-dksj5 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7e6a3c4a3daf3637-FRA expires Fri, 14 Jul 2023 13:54:47 GMT
POST H2	401	signin Show response www.virustotal.com/ui/ Frame BD2C	113 B 391 B	185ms 185ms	Fetch application/json	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/ui/signin Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash cd65bb5700e28845e01bf3997019c23f532ab8f0e239dd4674a1e44591e38285 Request headers X-Tool graph-ui accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 content-type application/json accept application/json Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light accept-Ianguage en-US,en;q=0.9,es;q=0.8 X-VT-Anti-Abuse-Header MTk1Mzc2MTE2MzYtWkc5dWRDQmlaU0JsZG1scy0xNjg5MzQyNjM0LjMzMg== Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip server Google Frontend vary Accept-Encoding content-type application/json x-cloud-trace-context 233507e768aca8227b37189ded5e47c7 cache-control private content-length 106
GET DATA	200 OK	truncated / Frame 03DE	296 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4c7f9f605ce1a8b6aca951aa3bee0ed0737e0e2fb0700c2a73d8028b7d330409 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated / Frame 03DE	198 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6a333122c9340d84cc6c57c1ee67b126e1f88aad44f9de88c54945f6811c8b08 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	custom-palette-v2.json Show response tiles.flourish.studio/styles/ Frame 03DE	8 KB 2 KB	165ms 48ms	XHR application/json	18.164.52.111 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tiles.flourish.studio/styles/custom-palette-v2.json Requested by Host: flo.uri.sh URL: https://flo.uri.sh/visualisation/14363779/embed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.164.52.111 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-164-52-111.cdg50.r.cloudfront.net Software AmazonS3 / Resource Hash 703878dc95ed84f46da22ed7a0c1e9ea0550ab6e706fd6d6dc0ac00460c71060 Request headers Accept application/json Referer https://flo.uri.sh/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip via 1.1 f71cd359ec11d5faeff796184794c946.cloudfront.net (CloudFront) date Fri, 14 Jul 2023 04:39:24 GMT x-amz-cf-pop CDG50-P4 age 33071 x-cache Hit from cloudfront last-modified Wed, 03 Feb 2021 01:45:54 GMT server AmazonS3 etag W/"bd093fabc063ea336ce208aec5906dd4" access-control-max-age 3000 access-control-allow-methods GET content-type application/json access-control-allow-origin * cache-control max-age=86400 vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method x-amz-cf-id fHSYFXUgh7tP7GnJbehsewPmlsyBi7VUcqeWw5UYPbn_e72xLCD1AA==
GET H2	200	97ce68dbffbdceb1da88.worker.js www.virustotal.com/graph/assets/ Frame BD2C	509 KB 143 KB	52ms 52ms	Other application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/97ce68dbffbdceb1da88.worker.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash af8728cce3bf3e6c3877493fec43e961b4508f5ed855039961381565a0323760 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 12:29:37 GMT content-encoding gzip server Google Frontend age 4857 etag "jWBcvg" content-type application/javascript x-cloud-trace-context 3896a5f8d4f98b6b70afd83e368c4943 cache-control public, max-age=2592000 content-length 146253 expires Sun, 13 Aug 2023 12:29:37 GMT
POST H2	204	collect region1.google-analytics.com/g/ Frame 2291	0 250 B	135ms 46ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-KW52XHYN9H&gtm=45je37c0&_p=686115444&gcs=G100&cid=2082323255.1689342634&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=1&sid=1689342634&sct=1&seg=0&dl=https%3A%2F%2Fflo.uri.sh%2Fvisualisation%2F14395339%2Fembed&dr=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&dt=Attack%20v2&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-KW52XHYN9H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT server Golfe2 content-type text/plain access-control-allow-origin https://flo.uri.sh cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/ Frame 03DE	0 54 B	107ms 47ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-KW52XHYN9H&gtm=45je37c0&_p=1709346229&gcs=G100&cid=893448084.1689342634&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=1&sid=1689342634&sct=1&seg=0&dl=https%3A%2F%2Fflo.uri.sh%2Fvisualisation%2F14363779%2Fembed&dr=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&dt=vic&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-KW52XHYN9H Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT server Golfe2 content-type text/plain access-control-allow-origin https://flo.uri.sh cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	Alerts_New_Risks.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	1 KB 1 KB	295ms 202ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/Alerts_New_Risks.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cb5edc50b260151d7a8090dc172e51335e9124aed7b363675a4dbcd27d2c633e Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id 42f1159dc5407e658554416d63f3c949e57bb463 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 1312 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id B116:9DE9:25FAA64:276A0C6:64B152A8 x-timer S1689342635.548285,VS0,VE164 etag W/"d342f72ab04e16d6afc4e40a10b1db94293af07b87cf8ff34f35ac3b84197864" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	Hacker.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	2 KB 2 KB	312ms 219ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/Hacker.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 56bba59c1e7adb2be9d22c11c998e9791336db734994db8dc74347f968c8d5b6 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id 3bd878c94f796e16805239e61f3bf5ddadb72036 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 2044 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id 7A36:816D:20EC9AA:222B352:64B152AA x-timer S1689342635.548263,VS0,VE181 etag W/"1bdd843d7c234c3f4f9d0cf2fb65af60ed7728d90ae464852ed5e59d56f34534" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	Network_Connection_WWW.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	2 KB 3 KB	316ms 223ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/Network_Connection_WWW.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash bcc1bbc2c76729f92a4e6cebcf1eca567d92de585d9d9c8e0d4bcc382d8132a2 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id baeea2ced8f14fcbf293d4f309e4c21aa878cf5c content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 2425 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id 99B4:E712:AD5891:B3F6AC:64B152AA x-timer S1689342635.548576,VS0,VE185 etag W/"02c3b1292c87c3a102174b2b8a90c58905ddc62075dc976bf0b34e72a49acbb5" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	Tird_Party.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	2 KB 3 KB	292ms 200ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/Tird_Party.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 92f48fb49724e1e8813392c985acde7d2b1a8fe400b4a48490c21623e3bde7b6 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id e611e5b41a3eb44feb1ca8a7edb3041fb825f284 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 2161 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id 959A:61B3:284A3BB:29D542D:64B152A9 x-timer S1689342635.548593,VS0,VE160 etag W/"2a552bceec0660317b788051528422c8ea0855dd42ae73efe2e82e678f1b0754" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	File.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	931 B 1 KB	357ms 265ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/File.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d4ad1830e598853d4b573e1885df276b07a054f5a3ef8de320760c28c6bda74 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id 97e2ef6c8f6124a7fbf730cd93ac99127839e431 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 931 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id F918:1056A:3D8D2B:3F7AE8:64B152A9 x-timer S1689342635.548625,VS0,VE205 etag W/"1854d3453a17b1f934b3cc2eafa1eba013801305bda141179eb27ff7d90d8780" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
GET H2	200	Goal.png raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/ Frame 2291	1 KB 2 KB	302ms 210ms	Image image/png	2606:50c0:8002::154 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://raw.githubusercontent.com/aquasecurity/cloudsec-icons/main/png/Goal.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8002::154 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8db16a8cac0a468d6cdffabee185e2bedd661d3553f46c2600a79adaef086dc1 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://flo.uri.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-fastly-request-id d7cbffeca90d3fbc80233d2b33aebc22eb321270 content-security-policy default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security max-age=31536000 x-content-type-options nosniff date Fri, 14 Jul 2023 13:50:34 GMT via 1.1 varnish x-cache-hits 0 x-cache MISS cross-origin-resource-policy cross-origin content-length 1439 x-xss-protection 1; mode=block x-served-by cache-ams21069-AMS x-github-request-id E49A:E712:AD5891:B3F6AD:64B152AA x-timer S1689342635.548568,VS0,VE172 etag W/"61332f03830cad40696f4661c82030cb708782232aa8bf0b6d86deb63b511bd1" source-age 0 x-frame-options deny vary Authorization,Accept-Encoding,Origin content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes expires Fri, 14 Jul 2023 13:55:34 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 72 B	47ms 46ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-D2G99SQ9HG&gtm=45je37c0&_p=882949934&_gaz=1&cid=1428251024.1689342634&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1689342634&sct=1&seg=0&dl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&dt=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Blog Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.aquasec.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 254 B	134ms 48ms	Ping text/plain	2a00:1450:400c:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-D2G99SQ9HG&cid=1428251024.1689342634&gtm=45je37c0&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.aquasec.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	151ms 63ms	Image image/gif	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-D2G99SQ9HG&cid=1428251024.1689342634&gtm=45je37c0&aip=1&z=236923103 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	200 OK	et app.dealtale.com/	0 145 B	208ms 71ms	Ping text/plain	3.33.224.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.dealtale.com/et?lid=ac9db2aa-2620-47b7-9848-ee2dff55cb56&sid=3065cb1d-9c0d-4671-8c91-74d8e7122079&orgId=5fb0eb0ba8b8c0001139d936 Requested by Host: pixel.dealtale.io URL: https://pixel.dealtale.io/pixel.bundle.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.33.224.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ad3b208e15c6d832e.awsglobalaccelerator.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Access-Control-Allow-Origin * Date Fri, 14 Jul 2023 13:50:34 GMT Connection keep-alive Transfer-Encoding chunked
GET H2	204	25111106.js Show response bat.bing.com/p/action/	0 119 B	161ms 160ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/25111106.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Fri, 14 Jul 2023 13:50:34 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 4C81D909F62443BFAC89EBC2BF429EE9 Ref B: FRA31EDGE0111 Ref C: 2023-07-14T13:50:34Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 287 B	64ms 63ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=25111106&tm=gtm002&Ver=2&mid=127aeea0-4a01-46b2-814a-0284731e949d&sid=67d384e0224d11ee88d8ebc368361424&vid=67d3b0f0224d11ee909cbfa718cff09e&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&p=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&r=&lt=892&evt=pageLoad&sv=1&rn=717350 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 14 Jul 2023 13:50:34 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: DCCAF5F00D674DD2ACBA95FA2E0F0D68 Ref B: FRA31EDGE0111 Ref C: 2023-07-14T13:50:34Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	64ms 63ms	Script application/x-javascript	2a02:26f0:3100::1735:28b2 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:28b2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 11 Jul 2023 13:00:15 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=43582 accept-ranges bytes content-length 4807
GET H2	200	/ Show response c.6sc.co/	7 B 193 B	76ms 52ms	XHR text/html	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://blog.aquasec.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	19 B 303 B	186ms 44ms	XHR text/html	2a02:26f0:480:23::1726:629c AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:23::1726:629c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 40b3b2394802a2951bbb2f37a41326ef6056e5fd68cbda83c657e79c10ffa9e7 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT vary Origin content-type text/html access-control-allow-origin https://blog.aquasec.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:1338:92::8 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469261_388391900_1306206324_47_1674_38_0_-";dur=1 content-length 19 expires Fri, 14 Jul 2023 13:50:34 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	242ms 230ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A34%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2014%20Jul%202023%2013%3A50%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b5b19d05dd2f4d2bdb579c1a77a6b1bd%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2014%20Jul%202023%2013%3A50%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2014%20Jul%202023%2013%3A50%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/881756472/	42 B 455 B	196ms 87ms	Image image/gif	2a00:1450:4001:809::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/881756472/?random=1689342634283&cv=11&fst=1689339600000&bg=ffffff&guid=ON&async=1&gtm=45He37c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&frm=0&tiba=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&fmt=3&is_vtc=1&random=1147034957&rmt_tld=0&ipr=y Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/881756472/	42 B 455 B	52ms 52ms	Image image/gif	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/881756472/?random=1689342634283&cv=11&fst=1689339600000&bg=ffffff&guid=ON&async=1&gtm=45He37c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&frm=0&tiba=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&fmt=3&is_vtc=1&random=1147034957&rmt_tld=1&ipr=y Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	12.main.bundle.c5849fa7c96d0795f3bf.js Show response www.virustotal.com/graph/assets/ Frame BD2C	494 KB 166 KB	50ms 49ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/12.main.bundle.c5849fa7c96d0795f3bf.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 1e10faa2203a704216efd190152a915d45249d8d6cbf9aa63d1d69e463336ee3 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 19:21:29 GMT content-encoding gzip server Google Frontend age 66545 etag "jWBcvg" content-type application/javascript x-cloud-trace-context 895b01dcf928b2f54718ed0d88b0e2dd cache-control public, max-age=2592000 content-length 169898 expires Sat, 12 Aug 2023 19:21:29 GMT
GET H2	200	8.main.bundle.25b58339010e41af5187.js Show response www.virustotal.com/graph/assets/ Frame BD2C	279 KB 69 KB	65ms 65ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/8.main.bundle.25b58339010e41af5187.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash a11a39c2ada7ee203a6fbef734440dc2add5988a1e4f049c65e45c5f929e0c01 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Mon, 10 Jul 2023 20:24:01 GMT content-encoding gzip server Google Frontend age 321993 etag "jWBcvg" content-type application/javascript x-cloud-trace-context a4b786ed8088e132a19b1a6fbcce529f cache-control public, max-age=2592000 content-length 69975 expires Wed, 09 Aug 2023 20:24:01 GMT
GET BLOB	200 OK	9f7b3655-92f5-4047-b8bd-9e96ad37f319 https://flo.uri.sh/ Frame 03DE	379 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://flo.uri.sh/9f7b3655-92f5-4047-b8bd-9e96ad37f319 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash b7cb08c169779ada855ef4a377e6811703f8efcbf5a2776bf01a926c7854eb40 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 388096 Content-Type text/javascript
GET BLOB	200 OK	9f7b3655-92f5-4047-b8bd-9e96ad37f319 https://flo.uri.sh/ Frame 03DE	379 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://flo.uri.sh/9f7b3655-92f5-4047-b8bd-9e96ad37f319 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash b7cb08c169779ada855ef4a377e6811703f8efcbf5a2776bf01a926c7854eb40 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 388096 Content-Type text/javascript
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/45226/domain/blog.aquasec.com/	36 B 377 B	169ms 45ms	XHR application/json	2600:9000:2304:ae00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/45226/domain/blog.aquasec.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2304:ae00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 12:52:06 GMT content-encoding gzip via 1.1 7f49a9d7acd3e2b85c2c573f92e92d4c.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-P1 age 3508 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id zJPJJFYuLdPpj390PchfFm-X5EApgJWxNCndqGbc8kQNNsElXgUPZQ==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1689342634562%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Ftea... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true&e...	0 265 B	319ms 215ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true&e_ipv6=AQJZzanoLzFuuwAAAYlUqu2uBgEJp0EnaLoNEG81o8CIWh6D58PLw7N9U0Z8G4y2uVOcjuA Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: FA2788C2265349F0A6523D510583D77A Ref B: DUS30EDGE0910 Ref C: 2023-07-14T13:50:35Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYAcru1M4vxFC1QBrlNJQ== Redirect headers date Fri, 14 Jul 2023 13:50:35 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 787C6D1F3198479E8517D878928CAE2E Ref B: FRAEDGE1122 Ref C: 2023-07-14T13:50:35Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1689342634562&url=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cookiesTest=true&liSync=true&e_ipv6=AQJZzanoLzFuuwAAAYlUqu2uBgEJp0EnaLoNEG81o8CIWh6D58PLw7N9U0Z8G4y2uVOcjuA x-li-proto http/2 content-length 0 x-li-uuid AAYAcruwVDu2gCRoFcLFKw==
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 209 B	47ms 46ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=882949934&t=pageview&_s=1&dl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&ul=en-us&de=UTF-8&dt=TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1869692151&gjid=1801063288&cid=1428251024.1689342634&tid=UA-63272154-1&_gid=816525714.1689342635&_r=1&_slc=1&gtm=45He37c0n715N9T3H&cg1=Blog&z=905689424 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.aquasec.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	widget Show response blog.aquasec.com/_hcms/livechat/	311 B 1 KB	195ms 194ms	XHR application/json	2606:2c40::c73c:67e4 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://blog.aquasec.com/_hcms/livechat/widget?portalId=1665891&conversations-embed=static-1.13554&mobile=false&messagesUtk=02429b6b769747b89ae0171d0075fb76&traceId=02429b6b769747b89ae0171d0075fb76 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2f4ff6bb189a4fa428c410a26be91d9260ddbb5d4f39a9568aceed57c33254b6 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT strict-transport-security max-age=31536000 cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} content-security-policy upgrade-insecure-requests x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id ef1d3aae-b45a-46b5-a165-4330568cbeef x-envoy-upstream-service-time 19 x-hs-https-only worker alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ef1d3aae-b45a-46b5-a165-4330568cbeef server cloudflare x-trace 2B6AB5FD446EE5CDC8605F522F8624D3527C8AEFD5000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-5grng x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy4r3%2F7yF8xsK2ZdERNTtyH%2By8%2BB8gHIy8LwaywPnxEXWo%2By%2Fv6j6Z3jzAPtj7dtAocXQ43MjXg%2FZV4FJkeVfdmLnBE8AC8b8zt6qI1YkVs87fe0pc7nyb3e%2BW5fdU9744tpcz5BT8Cp65ih5Y0%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7e6a3c4a7fc2910c-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 151 B	147ms 48ms	XHR text/plain	2a00:1450:400c:c07::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-63272154-1&cid=1428251024.1689342634&jid=1869692151&gjid=1801063288&_gid=816525714.1689342635&_u=YCDACEAABAAAACAAI~&z=1913016299 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.aquasec.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	analytics.js Show response www.google-analytics.com/ Frame BD2C	52 KB 21 KB	39ms 39ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 14 Jul 2023 13:04:37 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 2757 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Fri, 14 Jul 2023 15:04:37 GMT
GET H2	200	1.main.bundle.ea987a0b29925f8ad586.js Show response www.virustotal.com/graph/assets/ Frame BD2C	191 KB 66 KB	52ms 52ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/1.main.bundle.ea987a0b29925f8ad586.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash bbb07795d11cb52f256ee14163fcf478f37de14ce3a5f0bdffe45af7c8156adc Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:34:44 GMT content-encoding gzip server Google Frontend age 950 etag "jWBcvg" content-type application/javascript x-cloud-trace-context c851f198f610d1948bfd6c1cddbffc6d cache-control public, max-age=2592000 content-length 67044 expires Sun, 13 Aug 2023 13:34:44 GMT
GET H2	200	2.main.bundle.8499b3d1d7cbc135514c.js Show response www.virustotal.com/graph/assets/ Frame BD2C	48 KB 15 KB	51ms 51ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/2.main.bundle.8499b3d1d7cbc135514c.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 32ef3f6f990d64af28afd4d2093cfacde2857f9e1896af501e4e6834576d2877 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 11:38:08 GMT content-encoding gzip server Google Frontend age 7946 etag "jWBcvg" content-type application/javascript x-cloud-trace-context f63b021f01d457ca262d6a2955a52929 cache-control public, max-age=2592000 content-length 15584 expires Sun, 13 Aug 2023 11:38:08 GMT
GET H2	200	17.main.bundle.934bc1cce72de27b3b35.js Show response www.virustotal.com/graph/assets/ Frame BD2C	14 KB 5 KB	53ms 53ms	Script application/javascript	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.virustotal.com/graph/assets/17.main.bundle.934bc1cce72de27b3b35.js Requested by Host: www.virustotal.com URL: https://www.virustotal.com/graph/assets/main.bundle.da2b5fdac9fb24ec8937.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 27ab660e5a17c7845b585745e03d0df579447e0b04617b266a46dacc1c241e71 Request headers accept-language de-DE,de;q=0.9 Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 03:31:32 GMT content-encoding gzip server Google Frontend age 37142 etag "jWBcvg" content-type application/javascript x-cloud-trace-context a14eda3001b17b3cdbd0bd6b56a741e9 cache-control public, max-age=2592000 content-length 5077 expires Sun, 13 Aug 2023 03:31:32 GMT
POST H2	204	view Show response js.hs-banner.com/cookie-banner-public/v1/activity/	0 150 B	157ms 156ms	XHR text/plain	2606:4700::6812:18c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Requested by Host: js.hs-banner.com URL: https://js.hs-banner.com/1665891.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type application/json Response headers date Fri, 14 Jul 2023 13:50:35 GMT cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 31b45dd5-9134-4666-8705-875e194aa048 x-envoy-upstream-service-time 19 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 31b45dd5-9134-4666-8705-875e194aa048 server cloudflare access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://blog.aquasec.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing vary origin access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7 timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7e6a3c4decbe1973-FRA
OPTIONS H2	200	view js.hs-banner.com/cookie-banner-public/v1/activity/ Frame	0 0	492ms 409ms	Preflight application/octet-stream	2606:4700::6812:18c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://blog.aquasec.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://blog.aquasec.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing access-control-max-age 604800 cf-cache-status DYNAMIC cf-ray 7e6a3c4b59321973-FRA content-length 0 content-type application/octet-stream date Fri, 14 Jul 2023 13:50:35 GMT server cloudflare timing-allow-origin * vary origin x-envoy-upstream-service-time 0 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd x-evy-trace-virtual-host all x-hubspot-correlation-id e3b117a7-29b5-4ae5-b957-4b716db5b859 x-request-id e3b117a7-29b5-4ae5-b957-4b716db5b859
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 486 B	240ms 239ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	101 B 976 B	182ms 165ms	Fetch application/json	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1665891&currentUrl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&contentId=123745878136 Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b921e3c739d1f8385be95d4ea71ad99d47b994a5e7107d6050fedabfd2f7342f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:34 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 413ff7d9-62a0-4bff-8cc1-caeefc981a1b x-envoy-upstream-service-time 10 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 413ff7d9-62a0-4bff-8cc1-caeefc981a1b server cloudflare access-control-max-age 180 vary origin access-control-allow-methods OPTIONS, GET access-control-allow-origin https://blog.aquasec.com x-evy-trace-virtual-host all content-type application/json;charset=utf-8 cache-control max-age=0, no-cache, no-store access-control-allow-credentials true x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-zlsgj report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ECJljshAhjhEhLsMh6w1KTQbTyVePoTpArog04E%2FB%2FRoS214dxnAapKxCdbaIxut4wkBEQOwwkbbES7hH8o9EjUHj4XhEmZmOZP2yXQDVUZTyiVNBwLypbAuSHTqibQnXQ%2F%2Bj24qyL%2FuDAurjIyav%2BVQTU%2BgZ9m28tU%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 7e6a3c4b3ee19079-FRA
GET H2	200	light-detected-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 4 KB	52ms 51ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/light-detected-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 234ff025143a33e758f7927985ebb39aa955307146c9245d3423a5c1f70bc827 Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 04:17:43 GMT server Google Frontend age 120771 etag "jWBcvg" content-type image/png x-cloud-trace-context 95793e5b18885ebc899e09ab88039073 cache-control public, max-age=2592000 content-length 3756 expires Sat, 12 Aug 2023 04:17:43 GMT
GET H2	200	dark-detected-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 4 KB	53ms 51ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/dark-detected-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 86dd65588c71fac83afd2f8e3156a2867c1a287cf5e45d2b1ae559bb317d725b Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 06:20:39 GMT server Google Frontend age 26995 etag "jWBcvg" content-type image/png x-cloud-trace-context 98ec33f71343d072c1b51edcffc6f8bf cache-control public, max-age=2592000 content-length 4319 expires Sun, 13 Aug 2023 06:20:39 GMT
GET H2	200	light-selected-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 4 KB	52ms 51ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/light-selected-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 520d58c30761f7582c48f71c9e6747a8eff684ba8aab5f7e27487ef22003ea50 Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 05:26:13 GMT server Google Frontend age 30261 etag "jWBcvg" content-type image/png x-cloud-trace-context 92e6237be352bd08ddc6fd87a98922f0 cache-control public, max-age=2592000 content-length 3721 expires Sun, 13 Aug 2023 05:26:13 GMT
GET H2	200	dark-selected-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 4 KB	54ms 53ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/dark-selected-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 94fa276891d9fbae5704afbdfbaef3aaf94c1737bff40eb255ac322d8394499f Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 05:03:38 GMT server Google Frontend age 118016 etag "jWBcvg" content-type image/png x-cloud-trace-context 5ba735985e4bbde29a2cd00bffa90af7 cache-control public, max-age=2592000 content-length 4422 expires Sat, 12 Aug 2023 05:03:38 GMT
GET H2	200	light-default-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 4 KB	53ms 52ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/light-default-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash 4a3ddcf83f007e6229c988d14b2324bebdec6797564712f4c42ea40896871834 Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 17:46:34 GMT server Google Frontend age 72240 etag "jWBcvg" content-type image/png x-cloud-trace-context 723da3f421528d24d090ca53e97eaafa cache-control public, max-age=2592000 content-length 3758 expires Sat, 12 Aug 2023 17:46:34 GMT
GET H2	200	dark-default-domain.png www.virustotal.com/graph/assets/images/entities/ Frame BD2C	4 KB 5 KB	53ms 52ms	Image image/png	74.125.34.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.virustotal.com/graph/assets/images/entities/dark-default-domain.png Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 74.125.34.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS ghs-vip-any-c46.ghs-ssl.googlehosted.com Software Google Frontend / Resource Hash b501de10b1ca63e1db6380a64321aa35ba52ad3befaddb3d71b6e6020109c8bb Request headers Referer https://www.virustotal.com/graph/embed/g249a2d9eae78403ab3cfb9fedc000bc8700cbf8546fb4d4082cfb505f0f0893a?theme=light Origin https://www.virustotal.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 12:29:38 GMT server Google Frontend age 4856 etag "jWBcvg" content-type image/png x-cloud-trace-context 3262ddb1107a7bcf4fe54eac8712385d cache-control public, max-age=2592000 content-length 4553 expires Sun, 13 Aug 2023 12:29:38 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	90ms 88ms	Image image/gif	2a00:1450:4001:809::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-63272154-1&cid=1428251024.1689342634&jid=1869692151&_u=YCDACEAABAAAACAAI~&z=1860071150 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	66ms 65ms	Image image/gif	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-63272154-1&cid=1428251024.1689342634&jid=1869692151&_u=YCDACEAABAAAACAAI~&z=1860071150 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:34 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	blog.aquasec.com.json Show response script.crazyegg.com/pages/data-scripts/0082/9110/site/	21 KB 7 KB	254ms 172ms	XHR application/json	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0082/9110/site/blog.aquasec.com.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0082/9110.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 10f31e666c0336736b3b776c0745da45684df83e44ecb9d15eef1af60bc86ef3 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT content-encoding gzip cf-cache-status MISS last-modified Fri, 14 Jul 2023 13:50:35 GMT server cloudflare vary Accept-Encoding content-type application/json ce-version 11.5.104 access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c4c7c05997a-FRA content-length 7215
GET H/1.1	200 OK	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 1 KB	249ms 149ms	Image image/gif	2606:4700::6811:d2f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 14 Jul 2023 13:50:35 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 5b5c549c-3cda-47df-9cef-2e9b9530b8fa x-envoy-upstream-service-time 2 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5b5c549c-3cda-47df-9cef-2e9b9530b8fa Last-Modified Fri, 14 Jul 2023 13:50:35 GMT Server cloudflare X-Trace 2B5CA59B6AED9E3DA61AC4CC601350668307B7BBBE000000000000000000 Vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-nt996 Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false Accept-Ranges bytes X-Robots-Tag none CF-RAY 7e6a3c4cdf1e39eb-FRA
GET H2	200	a9d28e31db3146cc210973bb67fcf615.js Show response script.crazyegg.com/pages/versioned/commontransformations-scripts/	117 KB 40 KB	48ms 48ms	Script text/javascript	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/commontransformations-scripts/a9d28e31db3146cc210973bb67fcf615.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0082/9110.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05e4812b68ceabce665dae0f0d70b3343dac163c1e8a130e613d47f3f5ae33e5 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 06 Jul 2023 16:31:55 GMT server cloudflare age 32853 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c4d88562bc6-FRA content-length 40966
GET H2	200	blog.aquasec.com.json Show response script.crazyegg.com/pages/data-scripts/0082/9110/sampling/	158 B 213 B	169ms 169ms	XHR application/json	2606:4700::6813:9308 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0082/9110/sampling/blog.aquasec.com.json?t=469261 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/a9d28e31db3146cc210973bb67fcf615.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a74664419af65bb983699709d78de7c62722e0e6966dc92f5aa074009c53f15 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT content-encoding gzip cf-cache-status MISS last-modified Fri, 14 Jul 2023 13:50:35 GMT server cloudflare vary Accept-Encoding content-type application/json ce-version 11.5.104 access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7e6a3c4e0df5997a-FRA content-length 149
GET H2	200	healthcheck Show response pagestates-tracking.crazyegg.com/	19 B 461 B	160ms 39ms	XHR application/json	18.66.97.4 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pagestates-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/a9d28e31db3146cc210973bb67fcf615.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.4 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-4.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Apr 2023 11:18:30 GMT via 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 age 8562726 x-cache Hit from cloudfront content-length 19 last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 etag "d06f04fccf68d0b228a5923187ce1afd" access-control-max-age 31536000 access-control-allow-methods GET, HEAD content-type application/json access-control-allow-origin * access-control-expose-headers Access-Control-Allow-Origin accept-ranges bytes x-amz-cf-id dxvq4hze1RLkWRCqaoqBlGnjyskKxL-rczk1ReuAC9Bjl0y6M9pmfg==
GET H2	200	healthcheck Show response assets-tracking.crazyegg.com/	19 B 387 B	137ms 39ms	XHR application/json	18.66.122.72 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets-tracking.crazyegg.com/healthcheck Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/a9d28e31db3146cc210973bb67fcf615.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.72 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-72.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 05 Nov 2022 03:10:02 GMT via 1.1 90bb130ecccb71953b38a1c0e3b5721a.cloudfront.net (CloudFront) last-modified Fri, 08 Jul 2022 22:25:51 GMT server AmazonS3 x-amz-cf-pop FRA60-P2 age 21724834 etag "d06f04fccf68d0b228a5923187ce1afd" x-cache Hit from cloudfront content-type application/json access-control-allow-origin * access-control-expose-headers * accept-ranges bytes content-length 19 x-amz-cf-id gpe8preXcJ22HuX13Hnr-66XVljCW5b0TyQk1s78m6YjHBIYn7JJpQ==
GET BLOB	200 OK	761358ab-50e2-4108-ad22-3db26377e9a2 https://blog.aquasec.com/	45 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://blog.aquasec.com/761358ab-50e2-4108-ad22-3db26377e9a2 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 45 Content-Type text/javascript
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 486 B	249ms 249ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:35 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	clock Show response tracking.crazyegg.com/	28 B 135 B	208ms 74ms	XHR text/plain	54.77.174.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.crazyegg.com/clock?t=1689342635525&tk=7275d2dfbee8b83b8cd904fd3328187b&s=328806&p=%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&u=829110&v=6dd46053d9d2e8b3c3ce9335591d77bf3829dafb&f=blog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&ul=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/a9d28e31db3146cc210973bb67fcf615.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.77.174.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-77-174-140.eu-west-1.compute.amazonaws.com Software awselb/2.0 / Resource Hash bbe4595653bd09e281257d0d3be8b0d4267a09a085844151c6fb350289abf08f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers access-control-allow-origin * date Fri, 14 Jul 2023 13:50:35 GMT cache-control no-store server awselb/2.0 content-length 28 content-type text/plain
GET BLOB	200 OK	b97f3bd0-453f-4e5a-b9b3-048988ffc902 https://blog.aquasec.com/	256 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://blog.aquasec.com/b97f3bd0-453f-4e5a-b9b3-048988ffc902 Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 938ad9d4eb5d61d4f10ab3974d2bb56aa6fc12f5d73b375f9c603f6d4d98d378 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Length 256 Content-Type text/javascript
GET H2	200	__ptq.gif track.hubspot.com/	45 B 467 B	178ms 160ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123745878136&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cpi=123745878136&cgi=3657573699&lpi=123745878136&lvi=123745878136&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&t=TeamTNT+Reemerged+with+New+Aggressive+Cloud+Campaign&cts=1689342635869&vi=30d10a6123234d4b66832e1ef593b24d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8f9f2140-fd74-453b-885b-5fdac9c5feb0 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8f9f2140-fd74-453b-885b-5fdac9c5feb0 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZXjI6LEj3%2Fzg47G5bHmnjWINA%2FH3ugC%2Fd5CmwYNk%2FjzQgrhDdYtdLcfe8nmT9QvSTqz%2BsHxh6bdoqcXxxAxkbnjpQGAUUrlfgewYB1LRWKT%2BcCw%2Fwi84Um5mF1kLS%2B2TIKLhwDgIa40tiydF3wo"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7e6a3c526fa392a1-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 440 B	170ms 156ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=ad7d2662-ef55-436a-81a5-7427f0222c5e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123745878136&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cpi=123745878136&cgi=3657573699&lpi=123745878136&lvi=123745878136&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&t=TeamTNT+Reemerged+with+New+Aggressive+Cloud+Campaign&cts=1689342635871&vi=30d10a6123234d4b66832e1ef593b24d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 60a193b7-4cb8-410b-85e0-a81200be45dd p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 60a193b7-4cb8-410b-85e0-a81200be45dd server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grnWklF9e9RQFzwIq0Z7lN181ISGEUB%2FvuSV%2BC7uv%2BTZfD225H0hx%2F4CllYYFVDItn84NhLveHF7ghE5Om2aYYMCT4SuwJUcO0s2KerzeArvi9Utbp72tlwQN2O%2FIOLQM3cBwUMNz2wuAqRjBDJL"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7e6a3c526f9f92a1-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 604 B	166ms 153ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=ad7d2662-ef55-436a-81a5-7427f0222c5e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123745878136&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cpi=123745878136&cgi=3657573699&lpi=123745878136&lvi=123745878136&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&t=TeamTNT+Reemerged+with+New+Aggressive+Cloud+Campaign&cts=1689342635871&vi=30d10a6123234d4b66832e1ef593b24d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id f6e60c9b-3f65-4178-a6e5-c3789421d8f9 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f6e60c9b-3f65-4178-a6e5-c3789421d8f9 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2id3MTyYtT7IAkq2yQe15epgiYQCDjQpd6FOYedS1lXx6JjeZTRgERCr4%2FwotRu0oY2sXQRbE4Fx9z6NSL4F7g0ZKuQ7zFVl%2Flig%2BXAflTHqMF9fYiA%2BWADpOI1oxmIgnaVM6QAtj0oA7Rm9l4hG"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7e6a3c526f9d92a1-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 548 B	183ms 173ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c&fci=509337e5-7d45-423e-8b9b-70d17e2fd26a&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123745878136&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cpi=123745878136&cgi=3657573699&lpi=123745878136&lvi=123745878136&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&t=TeamTNT+Reemerged+with+New+Aggressive+Cloud+Campaign&cts=1689342635872&vi=30d10a6123234d4b66832e1ef593b24d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 41c15045-d0b6-43f6-826c-951708627d90 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 41c15045-d0b6-43f6-826c-951708627d90 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PL23RU%2FLRnHpl4aEU4GLLRhUwDo3uekut25Zd5gJ3c0DEyfpHdLjKClNh643aH2uQwnNxv93Y0gh5HwRV3G7BM2V5bsR%2BA0EOz8c0SgERL%2BWWKPVfG3D9Ea44LIXir33aZVqKHx3sl%2F4b2MXQBa2"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7e6a3c526fa292a1-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 437 B	169ms 160ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c&fci=509337e5-7d45-423e-8b9b-70d17e2fd26a&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123745878136&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&cpi=123745878136&cgi=3657573699&lpi=123745878136&lvi=123745878136&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&t=TeamTNT+Reemerged+with+New+Aggressive+Cloud+Campaign&cts=1689342635873&vi=30d10a6123234d4b66832e1ef593b24d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 0b6f8d50-0a92-4f22-95d0-bf03b15ef6a9 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 0b6f8d50-0a92-4f22-95d0-bf03b15ef6a9 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDfswLYDdV8xiV8b1ZX7GFWxwF287WmhaT4Z0XQNEBlwMOS2fbWiYVb4vibYhi8k47FjLXkdY62T5SkVg%2Bndrj51ekymgsPFJiEIMKy8XRrA1kTL5XekgcOMYCmxx4tlXwVXzHAQezcUb8L0Txqk"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7e6a3c526fa192a1-FRA x-robots-tag none
GET H2	200	trends.min.js Show response assets.trendemon.com/tag/	253 KB 49 KB	279ms 58ms	Script application/javascript	2600:9000:219c:7c00:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/tag/trends.min.js Requested by Host: blog.aquasec.com URL: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:219c:7c00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bc17b7bdf4156cd6dbbc5af329e52b5089ef38649d96fd23f6e6bb565400318d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 22:56:07 GMT content-encoding gzip via 1.1 3222648a6d70343df21c8c5701c2e520.cloudfront.net (CloudFront) last-modified Mon, 10 Jul 2023 13:37:55 GMT server AmazonS3 x-amz-cf-pop CDG3-C2 age 53670 etag "16056665b882a5fd80a47272c57b0664" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 49947 x-amz-cf-id 6Vz-5QQu8hKsiEZyQYgT9fgfKUeyKrH1jNWBUkaZlODAEvWed_CN3w==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	238ms 238ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A35%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:36 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	1810 Show response trackingapi.trendemon.com/api/settings/	744 B 883 B	394ms 118ms	Script application/x-javascript	44.209.35.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/settings/1810?callback=jsonp713224&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.209.35.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-209-35-252.compute-1.amazonaws.com Software Kestrel / Resource Hash eadef26ba77bb8034ac0414f5dcb2a95658284e3b68444d6c232843e3e265823 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:36 GMT cache-control no-store,no-cache server Kestrel content-length 744 content-type application/x-javascript; charset=UTF-8
GET H2	200	identity.min.js Show response assets.trendemon.com/global/	18 KB 6 KB	53ms 52ms	Script application/javascript	2600:9000:219c:7c00:2:7dc7:8f00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.trendemon.com/global/identity.min.js Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:219c:7c00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 13 Jul 2023 13:57:37 GMT content-encoding br via 1.1 3222648a6d70343df21c8c5701c2e520.cloudfront.net (CloudFront) last-modified Mon, 10 Jul 2023 13:37:59 GMT server AmazonS3 x-amz-cf-pop CDG3-C2 age 85981 x-amz-server-side-encryption AES256 etag W/"3f44b799c727cbac65d90f0779b8eb4e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id z2kte4avId3IEfNQYU8zPoVhQaFRwfAbXQUfxomP7YwXEE0LNpYorg==
GET H2	200	me Show response trackingapi.trendemon.com/api/Identity/	94 B 507 B	126ms 126ms	Script application/x-javascript	44.209.35.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/Identity/me?accountId=1810&DomainCookie=16893426370168496&fingerPrint=b1dff9881504dfb64524f993e0281838&callback=jsonp860199&vid= Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.209.35.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-209-35-252.compute-1.amazonaws.com Software Kestrel / Resource Hash 7c5bf2a9a06e3077817eddc0c94fa5852ec80d7f5166b55602f1d735cdb20968 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:37 GMT cache-control no-store,no-cache server Kestrel content-length 94 content-type application/x-javascript; charset=UTF-8
GET H2	200	pageview trackingapi.trendemon.com/api/events/	43 B 234 B	142ms 141ms	Image image/gif	44.209.35.252 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://trackingapi.trendemon.com/api/events/pageview?accountId=1810&url=aHR0cHM6Ly9ibG9nLmFxdWFzZWMuY29tL3RlYW10bnQtcmVlbWVyZ2VkLXdpdGgtbmV3LWFnZ3Jlc3NpdmUtY2xvdWQtY2FtcGFpZ24%3D&cookie=16893426370168496&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=1810:16887380415543019&r=1689342637261 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.209.35.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-209-35-252.compute-1.amazonaws.com Software Kestrel / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers pragma no-cache date Fri, 14 Jul 2023 13:50:37 GMT server Kestrel age 1691358 content-type image/gif cache-control no-cache, no-store, must-revalidate content-length 43 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 486 B	236ms 235ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A36%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:37 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	personal Show response trackingapi.trendemon.com/api/experience/	3 KB 4 KB	129ms 128ms	Script application/x-javascript	44.209.35.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&MarketingAutomationCookie=&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp878490&vid=1810:16887380415543019 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.209.35.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-209-35-252.compute-1.amazonaws.com Software Kestrel / Resource Hash 53cc64bd00ddcd80bfb889e53c4367d1ffe819bf554a71f6e362c56a294ba451 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:37 GMT server Kestrel content-length 3501 content-type application/x-javascript; charset=UTF-8
GET H/1.1	200 OK	closex.png pic.trendemon.com/images/	386 B 848 B	174ms 39ms	Image image/png	65.9.66.31 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pic.trendemon.com/images/closex.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.66.31 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-66-31.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Fri, 14 Jul 2023 03:21:13 GMT Via 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront) Last-Modified Tue, 16 Apr 2019 23:23:30 GMT Server AmazonS3 X-Amz-Cf-Pop FRA56-C1 Age 37765 ETag "7da2ae17c3b671047838f7b78687a56f" X-Cache Hit from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 386 X-Amz-Cf-Id C7P7x3lZLIpHKea7HqMA4zeYU3yLIRHV89r6jj2DVos_VTiuaEOIWg==
GET H/1.1	200 OK	300x300.png pic.trendemon.com/units-graphics/	75 KB 76 KB	182ms 47ms	Image image/png	65.9.66.31 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pic.trendemon.com/units-graphics/300x300.png Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.66.31 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-66-31.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 0058bf8f19f46d2afec3c7baec803c4582f7e8a43c192ffe575b901f3d6c31b2 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 13 Jul 2023 23:05:07 GMT Via 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront) Last-Modified Tue, 06 Oct 2020 12:06:07 GMT Server AmazonS3 X-Amz-Cf-Pop FRA56-C1 Age 53132 ETag "855430e5357d2c1eef6fbe9853480bca" X-Cache Hit from cloudfront Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 76979 X-Amz-Cf-Id qMdRgMTBvZxLA5VjhS8opFJk9hfjHi5r7WWllYafMC4AolobfMil8g==
GET H2	200	personal-embedded Show response trackingapi.trendemon.com/api/experience/	3 KB 3 KB	156ms 156ms	Script application/x-javascript	44.209.35.252 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&MarketingAutomationCookie=&Ids=%5B%5D&Groups=%5B%22recommend%22%5D&StreamId=&callback=jsonp676225&vid=1810:16887380415543019 Requested by Host: assets.trendemon.com URL: https://assets.trendemon.com/tag/trends.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.209.35.252 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-209-35-252.compute-1.amazonaws.com Software Kestrel / Resource Hash e896e621f96ab889bc854c14269924b951528a137284f073faf8ccbfd8c419bd Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:37 GMT server Kestrel content-length 3423 content-type application/x-javascript; charset=UTF-8
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	246ms 246ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:38 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 485 B	238ms 237ms	Image image/gif	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=377171f4-a7ba-441f-8240-cca03ba3b478&session=943c3d91-7a01-4a59-81f7-6dea0c4cb0f5&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2014%20Jul%202023%2013%3A50%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20botnet%20run%20by%20TeamTNT%20has%20set%20its%20sights%20on%20Docker%20and%20Kubernetes%20environments%2C%20Redis%20servers%2C%20Postgres%20databases%2C%20Hadoop%20clusters%2C%20Tomcat%20and%20others.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TeamTNT%20Reemerged%20with%20New%20Aggressive%20Cloud%20Campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fteamtnt-reemerged-with-new-aggressive-cloud-campaign&pageViewId=51e6e531-e576-41b6-863b-ef0e60453dd8 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Fri, 14 Jul 2023 13:50:39 GMT x-content-type-options nosniff content-length 43 pragma no-cache last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" access-control-max-age 86400 access-control-allow-methods GET,POST content-type image/gif access-control-allow-origin cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true accept-ranges bytes access-control-allow-headers * expires Wed, 19 Apr 2000 11:43:00 GMT