download.cobaltstrike.com Open in urlscan Pro
2606:4700:4400::6812:25b5 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cobaltstrike.com/scripts
Effective URL:
https://download.cobaltstrike.com/scripts
Submission Tags: falconsandbox
Submission: On May 24 via api (May 24th 2022, 6:02:12 pm UTC) from US — Scanned from DE

Summary HTTP 54 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 12 domains to perform 54 HTTP transactions. The main IP is 2606:4700:4400::6812:25b5, located in United States and belongs to CLOUDFLARENET, US. The main domain is download.cobaltstrike.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 9th 2022. Valid for: a year.

This is the only time download.cobaltstrike.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:440... 2606:4700:4400::ac40:964b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:25b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	108.157.4.116 108.157.4.116	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
8	13.32.121.99 13.32.121.99	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
15	52.222.236.93 52.222.236.93	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.126 143.204.98.126	16509 (AMAZON-02) (AMAZON-02)
1	34.198.176.1 34.198.176.1	14618 (AMAZON-AES) (AMAZON-AES)
54	15

1 2606:4700:4400::ac40:964b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cobaltstrike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:25b5 (United States)

ASN13335 (CLOUDFLARENET, US)

download.cobaltstrike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 108.157.4.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-116.dus51.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.32.121.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-99.fra60.r.cloudfront.net

static.helpsystems.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 52.222.236.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-93.fra56.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-126.fra50.r.cloudfront.net

consent-st.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.198.176.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-176-1.compute-1.amazonaws.com

prefmgr-cookie.truste-svc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3247 consent-pref.trustarc.com — Cisco Umbrella Rank: 18087 consent-st.trustarc.com — Cisco Umbrella Rank: 33780	226 KB
8	helpsystems.com static.helpsystems.com	81 KB
7	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1636 ka-p.fontawesome.com — Cisco Umbrella Rank: 4277	124 KB
4	cobaltstrike.com 1 redirects www.cobaltstrike.com download.cobaltstrike.com	7 KB
3	gstatic.com fonts.gstatic.com	69 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	22 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2363	41 KB
1	truste-svc.net prefmgr-cookie.truste-svc.net — Cisco Umbrella Rank: 33343	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	42 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 432	8 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 660	30 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1001 B
54	12

	Domain	Requested by
15	consent-pref.trustarc.com	consent.trustarc.com consent-pref.trustarc.com prefmgr-cookie.truste-svc.net
8	static.helpsystems.com	download.cobaltstrike.com
6	ka-p.fontawesome.com	kit.fontawesome.com
6	consent.trustarc.com	download.cobaltstrike.com consent.trustarc.com
3	fonts.gstatic.com	fonts.googleapis.com
3	download.cobaltstrike.com	download.cobaltstrike.com
2	cdnjs.cloudflare.com	download.cobaltstrike.com
2	stackpath.bootstrapcdn.com	download.cobaltstrike.com
1	prefmgr-cookie.truste-svc.net	download.cobaltstrike.com
1	consent-st.trustarc.com	consent-pref.trustarc.com
1	www.googletagmanager.com	download.cobaltstrike.com
1	kit.fontawesome.com	download.cobaltstrike.com
1	cdn.jsdelivr.net	download.cobaltstrike.com
1	code.jquery.com	download.cobaltstrike.com
1	fonts.googleapis.com	download.cobaltstrike.com
1	www.cobaltstrike.com	1 redirects
54	16

This site contains links to these domains. Also see Links.

Domain
www.cobaltstrike.com
www.coresecurity.com

Subject Issuer	Validity	Valid
download.cobaltstrike.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-09` - `2023-03-09`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.helpsystems.com Amazon	`2021-05-24` - `2022-06-22`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.truste-svc.net Go Daddy Secure Certificate Authority - G2	`2020-04-25` - `2022-06-23`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://download.cobaltstrike.com/scripts
Frame ID: F7DDB34390E66FA2988ECBDD0B061865
Requests: 34 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=helpsystems.com
Frame ID: C2B50A5D88432E97FA11405219F040C4
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
Frame ID: 89B6EC7115E8FE7B5FCE43F8A48B31BD
Requests: 15 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html
Frame ID: 6BF690AB9A2B638D20ACC635F9FA76FA
Requests: 1 HTTP requests in this frame

Frame: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/
Frame ID: F156B7144425BB11DCFA9F64DBB49C58
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/cookie_inneriframe.html
Frame ID: 232379E156A636999F91C465530E4A45
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cobalt Strike Arsenal - Cobalt Strike

Page URL History Show full URLs

https://www.cobaltstrike.com/scripts HTTP 301
https://download.cobaltstrike.com/scripts Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

54
Requests

96 %
HTTPS

67 %
IPv6

12
Domains

16
Subdomains

15
IPs

3
Countries

654 kB
Transfer

2088 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cobaltstrike.com/

Search URL Search Domain Scan URL

URL: https://www.coresecurity.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cobaltstrike.com/scripts HTTP 301
https://download.cobaltstrike.com/scripts Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

54 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request scripts Show response
download.cobaltstrike.com/
Redirect Chain

https://www.cobaltstrike.com/scripts
https://download.cobaltstrike.com/scripts

12 KB
4 KB

372ms
336ms

Document
text/html

2606:4700:4400::6812:25b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:25b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a54729c5f0c94fca66a7cccd409b26c84fb834880cec1465e2468bf6f3d11ad

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7107f0cba9dd6937-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 24 May 2022 18:02:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 7107f0c7ff6a6933-FRA
content-type: text/html
date: Tue, 24 May 2022 18:02:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://download.cobaltstrike.com/scripts
server: cloudflare

GET
H2 200 notice Show response
consent.trustarc.com/ 9 KB
4 KB 91ms
47ms Script
text/javascript 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&js=nj&text=true&gtm=1&noticeType=bb&pn=1-0&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

4e989c98c5c75f7432b71f7f8e9e1db48081038135ef122880dccb39308c9906

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
cloudfront-viewer-country: DE
vary: Accept-Encoding
content-length: 3679
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript;charset=UTF-8
via: 1.1 c9ca35e5541827c5873bfdb59f015b20.cloudfront.net (CloudFront)
access-control-expose-headers: *
cache-control: max-age=3600
timing-allow-origin: *
x-amz-cf-id: 7WpUeYGABQJbOCArQZ4dGMbfiXkjs8o2LtjqaRTnHxCGgIf7UOcPnw==
expires: Tue, 24 May 2022 19:02:09 GMT

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
25 KB 60ms
34ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 230852
cdn-cachedat: 08/03/2021 15:16:56
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 1d52f86593eb07583c4fdc8b9cf51c79
cf-ray: 7107f0ce2efc9bfe-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 mmenu.min.css
cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/8.5.21/ 46 KB
6 KB 35ms
16ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/8.5.21/mmenu.min.css

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6da922d109eacd88de031d9d8617967726cfd928dc21da535ed34a141c9e847b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1704613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5665
timing-allow-origin: *
last-modified: Mon, 18 Jan 2021 00:06:40 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6004d110-b9d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FJ7HlIk0NR29fk41U8gw8YOJKuZimkiirfVd38lunomkc4l6zsVNpsaqW9f1r8BNqYP6J0WblFIhH43cw%2FjcHtZNTEhrY7fBv3owZ6WN9OOtH1WrWjyWcbzvDGDxVJWEJp0SXAffuYfWUvhAhISgoEs"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7107f0ce1b4f9000-FRA
expires: Sun, 14 May 2023 18:02:08 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1001 B 42ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,300,300italic,400italic,700,700italic

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f4e10277e91d26c2c9037be02123ca73b93e29f9b91fef7483e6cd234541a35f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 24 May 2022 17:12:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 24 May 2022 18:02:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 24 May 2022 18:02:08 GMT

GET
H2 200 mburger.css
static.helpsystems.com/cobalt-strike/css/ 4 KB
5 KB 117ms
72ms Stylesheet
text/css 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.helpsystems.com/cobalt-strike/css/mburger.css
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 21359290c8d6f07cbb9994df1e280370c86d8320641a6450333639b487bd5214

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: VOCnaCxiNM_MmOajcG15HhqJJxWuSNaX
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "d4de45927370ec94a9e9317e87549638"
age: 1538
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 4532
x-amz-id-2: 0vlV9XDD8MIz/gB+DW9Lw7/f9adpcjr3A3tknDrn2YT8EnXmCU+P0aV4PCkIMpLnA8LEiRYJs9A=
last-modified: Thu, 18 Feb 2021 20:57:54 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:36:32 GMT
x-amz-request-id: DMG64D33XY3M934G
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: sanuRE_PwAom5Ev_qWJ4iwSfdrE-LuFRB0SxnrS6by9URI-2TYamTw==

GET
H2 200 mhead.css
static.helpsystems.com/cobalt-strike/css/ 616 B
1 KB 253ms
208ms Stylesheet
text/css 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.helpsystems.com/cobalt-strike/css/mhead.css
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9d94dd0b66034c414f3762d56b1aed1353f9d2bb31b235869c31b3efdb47f5c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 8n6BNmQsBHO8FG9HEworxcZdVhboyx22
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "ef0f07d66dd779d2be3ac860c17b8095"
age: 1538
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 616
x-amz-id-2: YJYMhPEsZVDKGZiSN9f+42iT+ZQhIthJS3pn21jCyUpNcxjxD/Yn9x5MkDwgFj8G01hToS7oaCg=
last-modified: Thu, 18 Feb 2021 20:57:55 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:36:32 GMT
x-amz-request-id: BW6ZHW6S9FXWJ8R1
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: sxRd_JMIRF7q1kXX_FK0UD6XbOeFZ0lZXxuPE3NZSi-3mWKz7tbSkw==

GET
H2 200 styles.css
download.cobaltstrike.com/css/ 12 KB
2 KB 27ms
26ms Stylesheet
text/css 2606:4700:4400::6812:25b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://download.cobaltstrike.com/css/styles.css?d=210221
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:25b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c65cc64b2b5f1e5aaa1a07ff9fff81fcf74c77cbe526a2ea5be3f51c79e0fca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/scripts
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:08 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 4942
etag: W/"177c6860968"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
content-range: 0-12423/12424
cache-control: public, max-age=14400
cf-ray: 7107f0cdff346937-FRA
expires: Tue, 24 May 2022 22:02:08 GMT

GET
H2 200 local.css
download.cobaltstrike.com/css/ 2 KB
588 B 29ms
28ms Stylesheet
text/css 2606:4700:4400::6812:25b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://download.cobaltstrike.com/css/local.css
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:25b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f4d9de155c93379f1b334fa00fa17335b54b294183828629822fe9c5417246e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/scripts
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:08 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 4942
etag: W/"177c6629b18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
content-range: 0-1614/1615
cache-control: public, max-age=14400
cf-ray: 7107f0cdff366937-FRA
expires: Tue, 24 May 2022 22:02:08 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 94ms
14ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d84"
vary: Accept-Encoding
x-hw: 1653415329.dop156.fr8.t,1653415329.cds164.fr8.hn,1653415329.cds142.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ 21 KB
8 KB 46ms
23ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 575110
x-jsd-version: 1.16.0
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19147-FRA, cache-hhn4083-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vOlHVJ96WCDHDmgxEqTH4ShtFjFeCmZouimSmZ7p9rOyKkc2E98bwQiUrgJ%2BJsZPLY59%2B7DNwCgaelODO3BR0f5DR9ZU4KxX98w8Tw%2BFGJ7vk10jZAQdTNaun6Um2SKOk%2FQfpcFBM0s7C5nGslU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 7107f0ce1da89975-FRA

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ 59 KB
16 KB 61ms
37ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 230852
cdn-cachedat: 04/09/2022 11:36:07
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.02
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: W/"61f338f870fcd0ff46362ef109d28533"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: abbdcbca3fc55f6ae70af82a4858210a
cf-ray: 7107f0ce2efd9bfe-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 mmenu.js Show response
cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/8.5.21/ 69 KB
16 KB 36ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/8.5.21/mmenu.js

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0916b04a6bd6a9c5a9c9721e8749a0d952b39ba9303399faeacba8a65dd9a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 516689
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15629
timing-allow-origin: *
last-modified: Mon, 18 Jan 2021 00:06:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6004d0fd-1122b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imz8yWR%2FiQ0Gzr%2FNkLvAklj9ansboQhJAezpyrOlFE%2Fa57z1osJL%2B35iSJmDdIEq1UyIEt8VJ3PpCSfJutvuvMMnZE3ODRNXd5nPOxD54a6pae%2Bn7VcitePSNY2VbTFxAHxXYNKhuhaYIy3KQFNuQRVU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7107f0ce1b539000-FRA
expires: Sun, 14 May 2023 18:02:08 GMT

GET
H2 200 e80d7cd121.js Show response
kit.fontawesome.com/ 11 KB
4 KB 74ms
45ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/e80d7cd121.js

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff331dda269598eb948ba8eaf3c2fc663a6a939f04cfe1d82c9e74d447644590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 7107f0ce2efe9b9e-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FvDLLU8aDZfdUS1h0-DD

GET mburger.js
static.helpsystems.com/cobalt-strike/js/ 0
0

GET
H2 200 mhead.js Show response
static.helpsystems.com/cobalt-strike/js/ 2 KB
3 KB 151ms
108ms Script
application/javascript 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.helpsystems.com/cobalt-strike/js/mhead.js
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a48ceb4ae058162d65945e2408db936ce617a5b8b18f65d58c2ae7f9657b53a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: H3yTfLqYl4pdVwvA02dxA72Z6XD7Y1EU
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "d2cca6d027131de12ea6844d4ed23674"
age: 47
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2415
x-amz-id-2: c/dZ6ggbJ4unaD5lUTFOKI7oo9lpwjD/LPIgVYOU3U/NHwwlkat6sAInwcuN+addiECT4hp/Nvc=
last-modified: Thu, 18 Feb 2021 21:08:33 GMT
server: AmazonS3
date: Tue, 24 May 2022 18:01:23 GMT
x-amz-request-id: 1Q7QTBQ91DYSXKA1
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: RCaaDErP6H8WeU6Z0W1SroIZ1lYsjxlTXJ_vddVqIDm-Rr028_fZ8A==

GET
H2 200 scripts.js Show response
static.helpsystems.com/cobalt-strike/js/ 783 B
1 KB 106ms
63ms Script
application/javascript 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.helpsystems.com/cobalt-strike/js/scripts.js
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ce02fe239d1a5d16f9efbb8542929ea0d23c74cc732f8e9cf0729f7891b51e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: xFXImJyX.PvGJbgmAx9G4aCW6KhS5BV5
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "a54c87d286e8347a8d5ae004959c3f7d"
age: 47
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 783
x-amz-id-2: NfNK8Jynr/TmS5dnmoCO0QD/y0zoKHI0lBG6fypMbWxMfD1w8iwHQvlP7KdjtZOjVyBh+hhdfP8=
last-modified: Thu, 18 Feb 2021 21:08:34 GMT
server: AmazonS3
date: Tue, 24 May 2022 18:01:23 GMT
x-amz-request-id: PYFM63GVPAKWPNAC
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: aVp1K34O-jxBGqU5pOwwpt8B9FEVfciap2L3p_s_2sqeILESa24yXw==

GET
H2 200 cobaltstrike-logo-header.png
static.helpsystems.com/cobalt-strike/img/ 6 KB
7 KB 26ms
25ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.helpsystems.com/cobalt-strike/img/cobaltstrike-logo-header.png
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b6b7ce30cf22058a97e7de157a28b503501245c425b9e7b8aa9cd743358101c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: Oeqk7ibCP.UzrSLk1eKreytc..OmCXTY
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "34cba286ba3ca486fdedb782bc405228"
age: 1537
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6429
x-amz-id-2: ak1jgC4JrqvpXJNYuWeOoMwUPM34CWJQFTew9Xt20PT7n+LmUqHknyPHFKOxmbX21aj8W6YelTU=
last-modified: Thu, 18 Feb 2021 20:48:48 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:36:32 GMT
x-amz-request-id: DMG22WSR64ZW9TYP
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: uie0W3rlisVQXits-gvPVUmkB6Iofhz_XoF2QMlHUP_j7soDcIi3tw==

GET
H2 200 coresecurity.png
static.helpsystems.com/cobalt-strike/img/ 3 KB
4 KB 31ms
30ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.helpsystems.com/cobalt-strike/img/coresecurity.png
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 020b0eb6827b23f077b5fe97861cb8f35536d948352a475ce1e407cb00d83c95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: P9aVBg.Enx4GzMAbWCUxv1M1Y5bHoTlA
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "27c69a4214efaccaa4fcd4669b872a32"
age: 1538
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3531
x-amz-id-2: goViyD5VdyO0HDZC+ntJFSVF/elmQPpI9YmQq8SS48Jau3WIah6/fQuFExxwt3qdgx7qrbXxJss=
last-modified: Thu, 18 Feb 2021 20:48:51 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:36:32 GMT
x-amz-request-id: A6BERVV88K8JFKSY
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: bTGR1oJZTfeWOMpp8y76aa-neKBLT4-cBQHu0WBZOr3Rb7GvGsTTtA==

GET
H2 200 cobaltstrike.png
static.helpsystems.com/cobalt-strike/img/ 4 KB
4 KB 36ms
36ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.helpsystems.com/cobalt-strike/img/cobaltstrike.png
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 44e960ff99f096e17f544b2abfa3fa07cd5b877750ec230fd367bd875bc72d26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: tMaNF2MqjXEdWxuZtTE1YtP3IvDl1mEL
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "0101386a899421ad37fc4e1209f26adf"
age: 1538
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3630
x-amz-id-2: Pr85AdDIXe4Q0FBp5ZQxtD3HD3Ork5jGoJYiNH8cnOf3scSVfBUd0FXb5n7O8e6h09PnneI0imY=
last-modified: Thu, 18 Feb 2021 20:48:47 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:36:32 GMT
x-amz-request-id: DMG1S3Q4FSV9J8SC
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: -yk655GbiUUTXHybgWRDt_2jK02nMEs9dCoiSZ0FvnqMA9xGVl2XHg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
42 KB 86ms
60ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN4FLFJ

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee28345d60573a43e71233f01a14c418a1daae0934d5512e703c455656a746db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42242
x-xss-protection: 0
expires: Tue, 24 May 2022 18:02:09 GMT

GET
H2 200 v1.7-458 Show response
consent.trustarc.com/asset/notice.js/v/ 75 KB
24 KB 11ms
11ms Script
text/javascript 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-458

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&js=nj&text=true&gtm=1&noticeType=bb&pn=1-0&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

0e04f8170ba222625c05aef2e88adfae07ace87e4cf95c4370d0cbcab8046baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://download.cobaltstrike.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 17:55:36 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 393
x-cache: Hit from cloudfront
pragma: public
access-control-allow-origin: *
last-modified: Wed, 27 Apr 2022 01:43:38 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
via: 1.1 c9ca35e5541827c5873bfdb59f015b20.cloudfront.net (CloudFront)
access-control-expose-headers: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
x-amz-cf-id: Lq4C1l80OifUtQoDIHDzBRcF7M4dRNwq63GrhY65-ZUrMe83tMKUZQ==
expires: Thu, 23 Jun 2022 17:55:36 GMT

GET
H2 200 log
consent.trustarc.com/ 43 B
440 B 61ms
41ms Image
image/gif 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=helpsystems.com&country=de&state=&behavior=expressed&c=32b1

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 May 2022 18:02:09 GMT
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 43
x-amz-cf-id: NfY2LVLfYe1cArGyD0v9k2sE_fefQ0gkGpYyo-u54bkF_4EgF-eQ8Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 315 KB
53 KB 35ms
23ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-d3b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdba19b9e-FRA
content-length: 54194

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 43ms
32ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-1062"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdba89b9e-FRA
content-length: 4194

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 27 KB
3 KB 37ms
27ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-a2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdba59b9e-FRA
content-length: 2603

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 315 KB
53 KB 25ms
24ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-d3b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdbae9b9e-FRA
content-length: 54194

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 30ms
29ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-1062"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdbb39b9e-FRA
content-length: 4194

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 27 KB
3 KB 33ms
32ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=e80d7cd121
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e80d7cd121.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 1931728
etag: "610ae215-a2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7107f0cfdbb49b9e-FRA
content-length: 2603

GET
H2 200 footer.png
static.helpsystems.com/cobalt-strike/img/ 56 KB
56 KB 31ms
30ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.helpsystems.com/cobalt-strike/img/footer.png
Requested by: Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/css/styles.css?d=210221
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 55d9a441e501caed3edae915c8e322e1a5e04f7ec89861c4bda11657f2dd92b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: DItkxiM9Z2qDhEK3TbKAne9kp58fu2NX
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
etag: "fe38e7300ce0f10acce934ff315ee01d"
age: 1066
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 56911
x-amz-id-2: CdH+cOc3t0ytaZqMiySKBfZatx6Z8zYAXu+AIFNfEj8H9x8W8kCqyJfT5WrPd+aaonVMHKZAnc8=
last-modified: Thu, 18 Feb 2021 20:48:54 GMT
server: AmazonS3
date: Tue, 24 May 2022 17:44:23 GMT
x-amz-request-id: 46B3GM1QXR71QHZN
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: -l92glCR9OEoXg8fucJpJ_2QcioK7ehPPO32KxoRRTrSyr6Jui3nHg==

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 43ms
17ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,300italic,400italic,700,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 17:07:37 GMT
x-content-type-options: nosniff
age: 3272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23236
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:04:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 May 2023 17:07:37 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
24 KB 32ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,300italic,400italic,700,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 3295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 May 2023 17:07:14 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 38ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,300italic,400italic,700,700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://download.cobaltstrike.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 3295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 May 2023 17:07:14 GMT

GET
H2 200 get Show response
consent.trustarc.com/ Frame C2B5 7 KB
2 KB 10ms
10ms Document
text/html 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=crossdomain.html&domain=helpsystems.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://download.cobaltstrike.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3316
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 24 May 2022 17:06:53 GMT
expires: Thu, 23 Jun 2022 17:06:53 GMT
pragma: public
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding Origin
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
x-amz-cf-id: gS3DvZ7oxX-Rrq78pbbvecdiJqJ76cLcy3-YTB5shGwR2UxqTXh6Ew==
x-amz-cf-pop: DUS51-P2
x-cache: Hit from cloudfront

GET
H2 200 / Show response
consent-pref.trustarc.com/ Frame 89B6 5 KB
3 KB 44ms
9ms Document
text/html 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-458

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://download.cobaltstrike.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80837
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 23 May 2022 19:34:52 GMT
etag: W/"5147-1649735544000"
expect-ct: max-age=86400; enforce;
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-id: aAv7fKK0qgqcwKsg18BsWduKsnkW1v_069BPHpMy9BCXnV0_s10QSw==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
513 B 43ms
43ms Image
image/gif 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=helpsystems.com&behavior=expressed&country=de&language=de&rand=0.0637327118044011

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://download.cobaltstrike.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
cloudfront-viewer-country: DE
vary: Origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: max-age=3600
timing-allow-origin: *
x-amz-cf-id: Zi2BKf7cEhNRPRgwTznI7f2JOuCAKxTpVx8GOhTRPfIKNTZ4H-wdxQ==
expires: Tue, 24 May 2022 19:02:09 GMT

GET
H2 200 defaultpreferencemanager.nocache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 89B6 5 KB
3 KB 41ms
37ms Script
application/javascript 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7b7c7b8c8a0e5cc06e2fac340ca7478fdb2278a73c8412c1e4654318c3a82300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:42 GMT
server: nginx
etag: W/"4867-1649735562000"
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: GCsmjnU1_WtBHC1RiGWSBKgPo1g_2P_uQMuq9Ko5OnDXm1Sz_w7ywQ==
expires: Tue, 24 May 2022 18:02:08 GMT

GET
H2 200 get Show response
consent-st.trustarc.com/ Frame 89B6 20 KB
5 KB 47ms
8ms Script
text/javascript 143.204.98.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.126 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-126.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: public
date: Fri, 20 May 2022 01:22:36 GMT
content-encoding: gzip
server: nginx
age: 405573
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
strict-transport-security: max-age=31536000; includeSubDomains
timing-allow-origin: *
x-amz-cf-id: 14cBBwYhJu0KfAxP2cYS6keT998_0mubRJX2hzA2cok8QBN2YSQDYA==
expires: Sun, 19 Jun 2022 01:22:36 GMT

GET
H2 200 loading.gif
consent-pref.trustarc.com/images/ Frame 89B6 3 KB
3 KB 11ms
10ms Image
image/gif 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 01:27:10 GMT
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 59699
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2608
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
server: nginx
etag: W/"2608-1649735544000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/gif
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-amz-cf-id: v31-GiPfGNpQz2wE3taDV8WhXRFgSwjjCWPMmI54O5ZigxIIdc7odQ==

GET
H2 200 06883E9FC15D07407A218826B8D86A5B.cache.html Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 6BF6 139 KB
46 KB 9ms
8ms Document
text/html 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

94fa73fa4e7013e0328a5db6af226312344947163e81222b67eb8f2ce00f0850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2392693
cache-control: max-age=315360000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 27 Apr 2022 01:23:56 GMT
etag: W/"142492-1649735562000"
expect-ct: max-age=86400; enforce;
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 12 Apr 2022 03:52:42 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-id: ND0v6478sgGJvXzh_96mJ4PRtTlF9HCHAX7664L1osmtnXMalzi0Fw==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 89B6 969 B
1 KB 33ms
32ms XHR
application/json 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

edb378ec33f8cd7235d0d1451912782c10e64b73851b8005987dfbb2b24b0a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 06883E9FC15D07407A218826B8D86A5B
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 462
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: 9Apx88Zu5S2QlAWvWHhjm-9FGJci0Y9jDUIvwOfS6pD1YwOSDWR_tg==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 89B6 48 B
623 B 31ms
30ms XHR
application/json 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

87c309ad5532a217650d028c4d25c4ad65b96f504100c7366c8f4660d59dc31e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 06883E9FC15D07407A218826B8D86A5B
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 48
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: HIJGlmXW1tjuLOLQZdM9k5QuXQu_C56q0MMA5MOgqY5P26N0CjuluQ==

GET
H2 200 EuPreferenceManager.css
consent-pref.trustarc.com/ Frame 89B6 28 KB
7 KB 85ms
85ms Stylesheet
text/css 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/EuPreferenceManager.css

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

75b9505ae007f8cc3bc1c5858b2010548ad36d39f1720b71be444a6238b4b8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: RefreshHit from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
server: nginx
etag: W/"28907-1649735544000"
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: jNhHWQXOQA2DGBiiFuPJDB7LxUToacFZTacBdsQbIWwKdGwLeFvIPA==
expires: Tue, 24 May 2022 18:02:08 GMT

GET
H2 200 10.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/ Frame 89B6 253 KB
87 KB 9ms
8ms XHR
application/javascript 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/10.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

f8bed0b716d96bff511f072717e6d3c3afc4576a4f7b89d9986c4ce3bcc964b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 01:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2392693
x-cache: Hit from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:42 GMT
server: nginx
etag: W/"258671-1649735562000"
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: dBDYQUqiZpntZSRzcZ2rsOMbWPScGlcHwusCTfVfncPW1psnZJbg_Q==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/ Frame 89B6 19 KB
8 KB 8ms
8ms XHR
application/javascript 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/1.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a593c2c62ad61742a4487de65fb5c37efc32fc8ed64544c2e9e416a8a5099bd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 01:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2392693
x-cache: Hit from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:42 GMT
server: nginx
etag: W/"19685-1649735562000"
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: nmKyc7y9TwGXHHeqG03nqcsYFFzstTjp9Y_KALQVmyuFvopzkT8BRw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie_iframe.html Show response
prefmgr-cookie.truste-svc.net/cookie_js/ Frame F156 5 KB
2 KB 373ms
98ms Document
text/html 34.198.176.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/

Requested by

Host: download.cobaltstrike.com
URL: https://download.cobaltstrike.com/scripts

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.198.176.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-198-176-1.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://consent-pref.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 24 May 2022 18:02:10 GMT
etag: W/"5014-1653297250000"
expect-ct: max-age=31536000
last-modified: Mon, 23 May 2022 09:14:10 GMT
permissions-policy: geolocation=(), microphone=(), payment=()
referrer-policy: origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 89B6 718 B
891 B 914ms
913ms XHR
application/json 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

94899d8c0b4377abe765a34012c015437200f684f96360ea798ed6a8b48e9c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 06883E9FC15D07407A218826B8D86A5B
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Tue, 24 May 2022 18:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 300
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: UA4X5ogfqOW6Ou-LLg2PLvBz0qQ1Stf1kvrfh1ppTWHkK81j423U1g==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 89B6 24 KB
7 KB 37ms
36ms XHR
application/json 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

81ddd86005934f8391dbe682a44f228b7a5df552d61719e5c5cfca1a27c4b3f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 06883E9FC15D07407A218826B8D86A5B
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Tue, 24 May 2022 18:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 6478
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: T7jKlvQXuRiz63Yp3PLUY0mPJJaOi2iKD6MdEVwMFaFDqbQfh-yiAg==

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 89B6 4 KB
5 KB 8ms
8ms Image
image/png 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 23 May 2022 18:38:51 GMT
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 84198
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
server: nginx
etag: W/"4197-1649735544000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-amz-cf-id: uvn2K07jEejeh4_7j2g6XjekNXDH7lWQrbr_ZfNdZ2d2zX8DJzuOTA==

GET
H2 200 6.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/ Frame 89B6 7 KB
4 KB 8ms
8ms XHR
application/javascript 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/06883E9FC15D07407A218826B8D86A5B/6.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c4de9175d5380ff78bd9d531e54e6b1e9973e2dedd16a7f5a7328e58476334bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2392693
x-cache: Hit from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:42 GMT
server: nginx
etag: W/"7220-1649735562000"
expect-ct: max-age=86400; enforce;
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: U0Lyhrk5IfZZNc1xt5itZ8LhGoQ-rVi9xyg9B6yPxws7YfCoAS6ONw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 89B6 9 KB
9 KB 19ms
19ms Image
image/svg+xml 108.157.4.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/get?name=hslogo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-116.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

81837bb647b79c1e159b440fd593ab3f081fda2e018ca5b7b3a537b28fc3bd3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: public
date: Tue, 24 May 2022 17:46:34 GMT
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
server: nginx
age: 936
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
cache-control: max-age=2592000
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 9071
x-amz-cf-id: lS71zLhyyH8L634cnQ68uVWwuPmqW1Vyjrk86re3aDNYZVPTpgMWTA==
expires: Thu, 23 Jun 2022 17:46:34 GMT

GET
H2 200 cookie_inneriframe.html Show response
consent-pref.trustarc.com/ Frame 2323 2 KB
1 KB 7ms
7ms Document
text/html 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/cookie_inneriframe.html

Requested by

Host: prefmgr-cookie.truste-svc.net
URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.helpsystems.com/privacy-policy&cookieLink=https://www.helpsystems.com/cookie-policy&irm=undefined&from=https://consent.trustarc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://prefmgr-cookie.truste-svc.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16755
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 24 May 2022 13:22:55 GMT
etag: W/"2008-1649735544000"
expect-ct: max-age=86400; enforce;
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-id: dRA_mvD5eMRBVpoEvwdgCoVSnF8QXbB8ASBmblsWbn0vhMIW4mgHNg==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 89B6 4 KB
5 KB 9ms
8ms Image
image/png 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/06883E9FC15D07407A218826B8D86A5B.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=helpsystemstest&site=helpsystems.com&action=notice&country=de&locale=de&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.helpsystems.com%2Fprivacy-policy&cookieLink=https%3A%2F%2Fwww.helpsystems.com%2Fcookie-policy&irm=undefined&from=https://consent.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 23 May 2022 18:38:51 GMT
via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 84200
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Apr 2022 03:52:24 GMT
server: nginx
etag: W/"4197-1649735544000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-amz-cf-id: gKApuL7ejzKIXlvAOgX3_ymX--6ivPuoiA05e6pzdIAIODu2WV2i4w==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.helpsystems.com
URL: https://static.helpsystems.com/cobalt-strike/js/mburger.js

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
download.cobaltstrike.com/	1970-01-20 12:02:31	Name: session Value: ea950c36-b9c4-4a1d-bc72-d962588e5298
.download.cobaltstrike.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed,eu
prefmgr-cookie.truste-svc.net/	1970-01-20 03:16:55	Name: cookie_3rdparty Value: enabled
consent-pref.trustarc.com/	1970-01-20 03:16:55	Name: token_test Value: Tue May 24 2022 18:02:09 GMT+0000 (GMT)

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://download.cobaltstrike.com/scripts Message: Access to script at 'https://static.helpsystems.com/cobalt-strike/js/mburger.js' from origin 'https://download.cobaltstrike.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.helpsystems.com/cobalt-strike/js/mburger.js Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
download.cobaltstrike.com
fonts.googleapis.com
fonts.gstatic.com
ka-p.fontawesome.com
kit.fontawesome.com
prefmgr-cookie.truste-svc.net
stackpath.bootstrapcdn.com
static.helpsystems.com
www.cobaltstrike.com
www.googletagmanager.com
static.helpsystems.com
108.157.4.116
13.32.121.99
143.204.98.126
2001:4de0:ac18::1:a:2a
2606:4700:4400::6812:25b5
2606:4700:4400::ac40:964b
2606:4700::6810:5814
2606:4700::6811:180e
2606:4700::6812:1734
2606:4700::6812:bcf
2a00:1450:4001:827::2003
2a00:1450:4001:830::2008
2a00:1450:4001:831::200a
34.198.176.1
52.222.236.93
020b0eb6827b23f077b5fe97861cb8f35536d948352a475ce1e407cb00d83c95
0e04f8170ba222625c05aef2e88adfae07ace87e4cf95c4370d0cbcab8046baf
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
21359290c8d6f07cbb9994df1e280370c86d8320641a6450333639b487bd5214
2a54729c5f0c94fca66a7cccd409b26c84fb834880cec1465e2468bf6f3d11ad
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
44e960ff99f096e17f544b2abfa3fa07cd5b877750ec230fd367bd875bc72d26
4e989c98c5c75f7432b71f7f8e9e1db48081038135ef122880dccb39308c9906
55d9a441e501caed3edae915c8e322e1a5e04f7ec89861c4bda11657f2dd92b7
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe
6c65cc64b2b5f1e5aaa1a07ff9fff81fcf74c77cbe526a2ea5be3f51c79e0fca
6da922d109eacd88de031d9d8617967726cfd928dc21da535ed34a141c9e847b
75b9505ae007f8cc3bc1c5858b2010548ad36d39f1720b71be444a6238b4b8ba
7b7c7b8c8a0e5cc06e2fac340ca7478fdb2278a73c8412c1e4654318c3a82300
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
81837bb647b79c1e159b440fd593ab3f081fda2e018ca5b7b3a537b28fc3bd3e
81ddd86005934f8391dbe682a44f228b7a5df552d61719e5c5cfca1a27c4b3f2
87c309ad5532a217650d028c4d25c4ad65b96f504100c7366c8f4660d59dc31e
8f4d9de155c93379f1b334fa00fa17335b54b294183828629822fe9c5417246e
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
94899d8c0b4377abe765a34012c015437200f684f96360ea798ed6a8b48e9c8d
94fa73fa4e7013e0328a5db6af226312344947163e81222b67eb8f2ce00f0850
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ce02fe239d1a5d16f9efbb8542929ea0d23c74cc732f8e9cf0729f7891b51e5
9d94dd0b66034c414f3762d56b1aed1353f9d2bb31b235869c31b3efdb47f5c9
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
a48ceb4ae058162d65945e2408db936ce617a5b8b18f65d58c2ae7f9657b53a1
a593c2c62ad61742a4487de65fb5c37efc32fc8ed64544c2e9e416a8a5099bd5
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
b6b7ce30cf22058a97e7de157a28b503501245c425b9e7b8aa9cd743358101c3
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4de9175d5380ff78bd9d531e54e6b1e9973e2dedd16a7f5a7328e58476334bd
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
edb378ec33f8cd7235d0d1451912782c10e64b73851b8005987dfbb2b24b0a1e
ee28345d60573a43e71233f01a14c418a1daae0934d5512e703c455656a746db
f0916b04a6bd6a9c5a9c9721e8749a0d952b39ba9303399faeacba8a65dd9a92
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
f4e10277e91d26c2c9037be02123ca73b93e29f9b91fef7483e6cd234541a35f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8bed0b716d96bff511f072717e6d3c3afc4576a4f7b89d9986c4ce3bcc964b7
ff331dda269598eb948ba8eaf3c2fc663a6a939f04cfe1d82c9e74d447644590

download.cobaltstrike.com Open in urlscan Pro 2606:4700:4400::6812:25b5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

54 Requests

96 %HTTPS

67 %IPv6

12 Domains

16 Subdomains

15 IPs

3 Countries

654 kBTransfer

2088 kBSize

4 Cookies

2 Outgoing links

Page URL History

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

download.cobaltstrike.com Open in urlscan Pro
2606:4700:4400::6812:25b5 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

96 %
HTTPS

67 %
IPv6

12
Domains

16
Subdomains

15
IPs

3
Countries

654 kB
Transfer

2088 kB
Size

4
Cookies

54 HTTP transactions
-1 data transactions