urlscan.io logo urlscan.io
SecurityTrails logo

blogs.infoblox.com Open in urlscan Pro
2a04:4e42:8d::765  Public Scan

Go To Rescan Add Verdict Report
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous...
Submission: On May 30 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 5 countries across 25 domains to perform 209 HTTP transactions. The main IP is 2a04:4e42:8d::765, located in United States and belongs to FASTLY, US. The main domain is blogs.infoblox.com.
TLS certificate: Issued by R3 on May 20th 2023. Valid for: 3 months.
This is the only time blogs.infoblox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
55 2a04:4e42:8d:... 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
4 2a04:4e42::485 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
3 2620:12a:8001::2 54113 (FASTLY)
2 2404:6800:400... 15169 (GOOGLE)
6 2600:140b:a80... 20940 (AKAMAI-ASN1)
4 54.199.238.158 16509 (AMAZON-02)
4 2404:6800:400... 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
4 2404:6800:400... 15169 (GOOGLE)
8 23.195.88.195 20940 (AKAMAI-ASN1)
8 143.204.86.37 16509 (AMAZON-02)
67 18.65.216.49 16509 (AMAZON-02)
4 152.195.58.59 15133 (EDGECAST)
1 2404:6800:400... 15169 (GOOGLE)
1 2600:140b:a00... 20940 (AKAMAI-ASN1)
1 52.200.29.199 14618 (AMAZON-AES)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.249.167.19 16509 (AMAZON-02)
1 18.65.216.22 16509 (AMAZON-02)
1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 2600:9000:221... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
5 13.215.128.220 16509 (AMAZON-02)
1 2600:140b:500... 20940 (AKAMAI-ASN1)
6 3.94.218.138 14618 (AMAZON-AES)
209 30
55    2a04:4e42:8d::765 (United States)

ASN54113 (FASTLY, US)
blogs.infoblox.com
1    2404:6800:400a:80a::200a (Osaka, Japan)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2404:6800:4004:801::200a (Australia)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    2620:12a:8001::2 (United States)

ASN54113 (FASTLY, US)
live-infoblox-blog.pantheonsite.io
2    2404:6800:4004:825::2008 (Australia)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2600:140b:a800::17c0:2d61 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
p.typekit.net
4    54.199.238.158 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-199-238-158.ap-northeast-1.compute.amazonaws.com
epsilon.6sense.com
4    2404:6800:4004:80b::200e (Australia)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
4    2404:6800:4004:822::2013 (Australia)

ASN15169 (GOOGLE, US)
visitor.reactful.com
tracking.reactful.com
8    23.195.88.195 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-195-88-195.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
8    143.204.86.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-86-37.nrt12.r.cloudfront.net
consent.trustarc.com
67    18.65.216.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-216-49.nrt57.r.cloudfront.net
js.driftt.com
4    152.195.58.59 (United States)

ASN15133 (EDGECAST, US)
cdn.bizible.com
cdn.bizibly.com
1    2404:6800:4008:c13::9a (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2600:140b:a00:8::b81a:2b46 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    52.200.29.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-29-199.compute-1.amazonaws.com
lltrck.com
1    2606:4700::6812:c9f (United States)

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
1    13.249.167.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-167-19.nrt12.r.cloudfront.net
pagestates-tracking.crazyegg.com
1    18.65.216.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-216-22.nrt57.r.cloudfront.net
assets-tracking.crazyegg.com
1    2404:6800:4004:828::2004 (Australia)

ASN15169 (GOOGLE, US)
www.google.com
1    2404:6800:4004:822::2003 (Australia)

ASN15169 (GOOGLE, US)
www.google.co.jp
2    34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com
ibc-flow.techtarget.com
1    2600:9000:221a:2600:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
5    13.215.128.220 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
tracking.crazyegg.com
1    2600:140b:5000::172b:f91a (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
6    3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com
bootstrap.api.drift.com
metrics.api.drift.com
event.api.drift.com
Apex Domain
Subdomains		 Transfer
67 driftt.com
js.driftt.com — Cisco Umbrella Rank: 5156
773 KB
55 infoblox.com
blogs.infoblox.com
2 MB
13 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 1744
pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 3863
assets-tracking.crazyegg.com — Cisco Umbrella Rank: 3827
tracking.crazyegg.com — Cisco Umbrella Rank: 3445
83 KB
9 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5474
c.6sc.co — Cisco Umbrella Rank: 8348
ipv6.6sc.co — Cisco Umbrella Rank: 5745
b.6sc.co — Cisco Umbrella Rank: 3818
14 KB
8 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 2753
97 KB
6 drift.com
bootstrap.api.drift.com — Cisco Umbrella Rank: 6062
metrics.api.drift.com — Cisco Umbrella Rank: 5922
event.api.drift.com — Cisco Umbrella Rank: 6560
7 KB
6 typekit.net
use.typekit.net — Cisco Umbrella Rank: 455
p.typekit.net — Cisco Umbrella Rank: 581
141 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 339
www.linkedin.com — Cisco Umbrella Rank: 603
px4.ads.linkedin.com — Cisco Umbrella Rank: 6328
4 KB
4 reactful.com
visitor.reactful.com — Cisco Umbrella Rank: 97916
tracking.reactful.com — Cisco Umbrella Rank: 128508
107 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30
21 KB
4 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 9870
1 KB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 344
29 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 14310
ibc-flow.techtarget.com — Cisco Umbrella Rank: 16318
2 KB
3 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 7400
26 KB
3 pantheonsite.io
live-infoblox-blog.pantheonsite.io
2 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
183 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
ajax.googleapis.com — Cisco Umbrella Rank: 320
31 KB
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 11808
204 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 825
376 B
1 google.co.jp
www.google.co.jp — Cisco Umbrella Rank: 23590
409 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
409 B
1 lltrck.com
lltrck.com — Cisco Umbrella Rank: 27508
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 725
5 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 76
355 B
0 cloudfront.net Failed
des8qu5llanad.cloudfront.net Failed
209 25
Domain Requested by
67 js.driftt.com blogs.infoblox.com
js.driftt.com
55 blogs.infoblox.com blogs.infoblox.com
8 consent.trustarc.com blogs.infoblox.com
consent.trustarc.com
6 b.6sc.co blogs.infoblox.com
6 script.crazyegg.com www.googletagmanager.com
script.crazyegg.com
5 tracking.crazyegg.com script.crazyegg.com
5 use.typekit.net blogs.infoblox.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
4 epsilon.6sense.com blogs.infoblox.com
cdn.bizible.com
4 cdn.jsdelivr.net blogs.infoblox.com
3 px.ads.linkedin.com 3 redirects
3 cdn.bizible.com www.googletagmanager.com
blogs.infoblox.com
cdn.bizible.com
3 visitor.reactful.com blogs.infoblox.com
cdn.bizible.com
3 live-infoblox-blog.pantheonsite.io blogs.infoblox.com
2 event.api.drift.com js.driftt.com
2 metrics.api.drift.com js.driftt.com
2 bootstrap.api.drift.com js.driftt.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 www.googletagmanager.com blogs.infoblox.com
www.googletagmanager.com
1 ipv6.6sc.co cdn.bizible.com
1 c.6sc.co cdn.bizible.com
1 tracking.reactful.com cdn.bizible.com
1 cdn.bizibly.com blogs.infoblox.com
1 p.typekit.net blogs.infoblox.com
1 px4.ads.linkedin.com blogs.infoblox.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 www.google.co.jp blogs.infoblox.com
1 www.google.com blogs.infoblox.com
1 assets-tracking.crazyegg.com script.crazyegg.com
1 pagestates-tracking.crazyegg.com script.crazyegg.com
1 trk.techtarget.com blogs.infoblox.com
1 lltrck.com blogs.infoblox.com
1 snap.licdn.com www.googletagmanager.com
1 stats.g.doubleclick.net www.google-analytics.com
1 j.6sc.co blogs.infoblox.com
1 ajax.googleapis.com blogs.infoblox.com
1 fonts.googleapis.com blogs.infoblox.com
0 des8qu5llanad.cloudfront.net Failed blogs.infoblox.com
209 39
Subject Issuer Validity Valid
blogs.infoblox.com
R3		 2023-05-20 -
2023-08-18		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
pantheonsite.io
Sectigo RSA Organization Validation Secure Server CA		 2022-07-14 -
2023-06-23		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
*.6sense.com
Amazon RSA 2048 M02		 2023-05-04 -
2024-06-02		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-09 -
2024-03-08		 a year crt.sh
*.reactful.com
Go Daddy Secure Certificate Authority - G2		 2023-05-09 -
2024-06-09		 a year crt.sh
6sc.co
R3		 2023-05-25 -
2023-08-23		 3 months crt.sh
*.trustarc.com
Amazon RSA 2048 M02		 2023-04-17 -
2024-05-14		 a year crt.sh
drift.com
Amazon RSA 2048 M02		 2023-03-01 -
2023-09-21		 7 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-30 -
2023-07-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
lltrck.com
Go Daddy Secure Certificate Authority - G2		 2022-07-25 -
2023-08-26		 a year crt.sh
crazyegg.com
Amazon RSA 2048 M02		 2023-05-28 -
2024-06-26		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
*.google.co.jp
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
ibc-flow.techtarget.com
GTS CA 1D4		 2023-04-03 -
2023-07-03		 3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-02-24 -
2023-08-06		 5 months crt.sh

This page contains 5 frames:

Primary Page: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Frame ID: 5536E8B64B633A4993CD144192DAAB71
Requests: 129 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=infoblox.com
Frame ID: 3D4949D3B5A1F873A2DB6C52FBC903C4
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Frame ID: 3E8433ADA7D61821B270C1466AE3B2EF
Requests: 36 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Frame ID: A00EE70A44AED5AD8F75457E0599DAFC
Requests: 35 HTTP requests in this frame

Frame: https://tracking.crazyegg.com/v11?u=425835&st=237558&ss=2930c5e0-fea3-11ed-8f5e-41873b517df8&p=47c6a44f7ec3751aa2da0d5104bd5450&tk=94c1298a9befcde50aad42a699da8ca2
Frame ID: 23A750058F05A38E9640C82F221BD253
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Analyzing DNS Traffic for Anomalous Domains and Threat Detection | Infoblox

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

209
Requests

96 %
HTTPS

60 %
IPv6

25
Domains

39
Subdomains

30
IPs

5
Countries

3460 kB
Transfer

6879 kB
Size

33
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32346%26time%3D1685421223954%26url%3Dhttps%253A%252F%252Fblogs.infoblox.com%252Fcyber-threat-intelligence%252Fcyber-threat-advisory%252Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&cookiesTest=true&liSync=true&e_ipv6=AQK8tR7IV4P9FwAAAYhq7vPJbHCvUjTwbYkZjeHtu16SqeevGTlJ94vhaOs8aV4o8SlvJQ

209 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/ 		173 KB
48 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
af335ae1df719f317ca7709c3be725666a09460dc586a7178da5630d2052778e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.jsdelivr.net *.infoblox.com *.pantheonsite.io *.infoblox.local *.vimeo.com *.addthis.com *.typekit.net *.driftt.com *.drift.com *.google-analytics.com *.eloqua.com *.nr-data.net *.doubleclick.net *.linkedin.com *.vidyard.com *.google.com *.captivate.fm *.soundcloud.com *.youtube.com *.6sense.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.pathfactory.com *.mktoresp.com *.google.co.in *.adnxs.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ *.use.fontawesome *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com cdn.bizible.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.cookielaw.org *.driftt.com *.bidr.io *.cloudfront.net *.bing.com *.linkedin.com *.licdn.com *.typekit.net *.googletagmanager.com js.driftt.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.newrelic.com *.nr-data.net *.vidyard.com *.captivate.fm *.soundcloud.com https://cdnjs.cloudflare.com *.jobvite.com *.jsdelivr.net *.infoblox.com *.lltrck.com lltrck.com https://lltrck.com https://ajax.googleapis.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.adnxs.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.google.com *.googleapis.com *.typekit.net *.gstatic.com *.googleusercontent.com https://info.infoblox.com/js/forms2/css/ *.jsdelivr.net *.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.bootstrapcdn.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.trustarc.com; img-src 'self' https: data: *.jsdelivr.net *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io ; font-src 'self' https: data: filesystem: use.typekit.net *.use.fontawesome.com; media-src 'self' mediastream: blob: filesystem: *.driftqa.com *.kaltura.com *.js.driftt.com https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3; frame-ancestors 'self' https: data: http://*.jsdelivr.net *.infoblox.com https://*.jsdelivr.net *.infoblox.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ http://infoblox.litmos.com/ https://infoblox.mindtickle.com/ https://infobloxpartners.mindtickle.com/ https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; frame-src 'self' https://www.youtube-nocookie.com https://play.vidyard.com https://www.google.com *.youtube.com *.vimeo.com https://w.soundcloud.com/ https://player.captivate.fm/ jobs.jobvite.com info.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com https://js.driftt.com/ https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3 *.js.driftt.com cdn.bizible.com cdn.linkedin.oribi.io
Strict-Transport-Security max-age=300
X-Content-Type-Options
X-Frame-Options allow-from <URI>
X-Xss-Protection

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
age
332
cache-control
public, max-age=600
content-encoding
gzip
content-length
45267
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.jsdelivr.net *.infoblox.com *.pantheonsite.io *.infoblox.local *.vimeo.com *.addthis.com *.typekit.net *.driftt.com *.drift.com *.google-analytics.com *.eloqua.com *.nr-data.net *.doubleclick.net *.linkedin.com *.vidyard.com *.google.com *.captivate.fm *.soundcloud.com *.youtube.com *.6sense.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.pathfactory.com *.mktoresp.com *.google.co.in *.adnxs.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ *.use.fontawesome *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com cdn.bizible.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.cookielaw.org *.driftt.com *.bidr.io *.cloudfront.net *.bing.com *.linkedin.com *.licdn.com *.typekit.net *.googletagmanager.com js.driftt.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.newrelic.com *.nr-data.net *.vidyard.com *.captivate.fm *.soundcloud.com https://cdnjs.cloudflare.com *.jobvite.com *.jsdelivr.net *.infoblox.com *.lltrck.com lltrck.com https://lltrck.com https://ajax.googleapis.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.adnxs.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.google.com *.googleapis.com *.typekit.net *.gstatic.com *.googleusercontent.com https://info.infoblox.com/js/forms2/css/ *.jsdelivr.net *.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.bootstrapcdn.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.trustarc.com; img-src 'self' https: data: *.jsdelivr.net *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io ; font-src 'self' https: data: filesystem: use.typekit.net *.use.fontawesome.com; media-src 'self' mediastream: blob: filesystem: *.driftqa.com *.kaltura.com *.js.driftt.com https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3; frame-ancestors 'self' https: data: http://*.jsdelivr.net *.infoblox.com https://*.jsdelivr.net *.infoblox.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ http://infoblox.litmos.com/ https://infoblox.mindtickle.com/ https://infobloxpartners.mindtickle.com/ https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; frame-src 'self' https://www.youtube-nocookie.com https://play.vidyard.com https://www.google.com *.youtube.com *.vimeo.com https://w.soundcloud.com/ https://player.captivate.fm/ jobs.jobvite.com info.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com https://js.driftt.com/ https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3 *.js.driftt.com cdn.bizible.com cdn.linkedin.oribi.io
content-type
text/html; charset=UTF-8
date
Tue, 30 May 2023 04:33:42 GMT
link
<https://blogs.infoblox.com/wp-json/>; rel="https://api.w.org/" <https://blogs.infoblox.com/wp-json/wp/v2/posts/8606>; rel="alternate"; type="application/json" <https://blogs.infoblox.com/?p=8606>; rel=shortlink
referrer-policy
no-referrer
server
nginx
strict-transport-security
max-age=300
vary
Accept-Encoding, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, MISS, MISS
x-cache-hits
1, 0, 0
x-content-type-options
x-frame-options
allow-from <URI>
x-pantheon-styx-hostname
styx-fe1-a-76d97c5bc4-zsbcp
x-served-by
cache-chi-kigq8000141-CHI, cache-fra-eddf8230126-FRA, cache-fra-eddf8230027-FRA
x-styx-req-id
61763a7d-fea2-11ed-9537-12d3d926705c
x-timer
S1685421223.642034,VS0,VE110
x-xss-protection
wp-emoji-release.min.js
blogs.infoblox.com/wp-includes/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 485, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1785702
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-qj6p2
content-length
5806
x-served-by
cache-chi-klot8100072-CHI, cache-fra-eddf8230124-FRA, cache-fra-eddf8230027-FRA
last-modified
Sat, 06 May 2023 03:31:39 GMT
server
nginx
x-timer
S1685421223.036845,VS0,VE2
etag
W/"6455ca1b-48b9"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
7f34b5a6-ee65-11ed-80f0-5a77a581fd0f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 09 May 2024 12:32:01 GMT
style.css
blogs.infoblox.com/wp-content/themes/infoblox-blog/ 		30 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/style.css?ver=2.10.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
526d676a40f3d7b45aa46213e63602a7ea7e2906505a99df3bd593c94e94e1cc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 503, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1873288
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-jkcjn
content-length
8497
x-served-by
cache-chi-kigq8000050-CHI, cache-fra-etou8220052-FRA, cache-fra-eddf8230027-FRA
last-modified
Sun, 07 May 2023 16:59:52 GMT
server
nginx
x-timer
S1685421223.036953,VS0,VE2
etag
W/"6457d908-7723"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
917bd4cb-ed99-11ed-99de-aaa9ae6197f0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 08 May 2024 12:12:14 GMT
style.min.css
blogs.infoblox.com/wp-includes/css/dist/block-library/ 		87 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 86, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967259
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-x86ft
content-length
15139
x-served-by
cache-chi-klot8100171-CHI, cache-fra-eddf8230123-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:29 GMT
server
nginx
x-timer
S1685421223.036953,VS0,VE2
etag
W/"644830a9-15b64"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
77fe51ba-e3a6-11ed-853b-eadbd2420a05
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:23 GMT
public.css
blogs.infoblox.com/wp-content/plugins/custom-related-posts/dist/ 		716 B
450 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/custom-related-posts/dist/public.css?ver=1.6.6
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
913eba8f73d4feff3ad28bb0eaab998afe9a90ad4df397b38da8f905a062a133
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 84, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2375060
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
208
x-served-by
cache-chi-klot8100066-CHI, cache-fra-eddf8230082-FRA, cache-fra-eddf8230027-FRA
last-modified
Sun, 30 Apr 2023 19:26:17 GMT
server
nginx
x-timer
S1685421223.037517,VS0,VE2
etag
W/"644ec0d9-2cc"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
4a3df913-e909-11ed-93d7-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 May 2024 16:49:22 GMT
csbwfs.css
blogs.infoblox.com/wp-content/plugins/custom-share-buttons-with-floating-sidebar/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/custom-share-buttons-with-floating-sidebar/css/csbwfs.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
34988554893009eb1f64d49b96d6dd472699ad46e71557eab757bcfcecee4342
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 82, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967260
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
1727
x-served-by
cache-chi-kigq8000136-CHI, cache-fra-eddf8230035-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:32 GMT
server
nginx
x-timer
S1685421223.037696,VS0,VE2
etag
W/"644830ac-19c3"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
77f7ce6c-e3a6-11ed-83d4-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:23 GMT
jquery.ui.css
blogs.infoblox.com/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/css/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/css/jquery.ui.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d198aa686d1152dea61220e984befd325376330286ffbeb9bba9d43347c2f065
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 88, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1803898
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-mqh8k
content-length
4865
x-served-by
cache-chi-kigq8000088-CHI, cache-fra-eddf8230077-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 09 May 2023 02:40:06 GMT
server
nginx
x-timer
S1685421223.038206,VS0,VE2
etag
W/"6459b286-5940"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
2120496e-ee3b-11ed-b796-d23a22b5f0e5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 09 May 2024 07:28:44 GMT
widget-options.css
blogs.infoblox.com/wp-content/plugins/widget-options/assets/css/ 		1 KB
556 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/widget-options/assets/css/widget-options.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d4f24797ac4621646a35e5e688a697b8595cdcb186317372d3bc70c490bd6c73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 87, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967259
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-qz7wk
content-length
292
x-served-by
cache-chi-kigq8000113-CHI, cache-fra-etou8220072-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:29 GMT
server
nginx
x-timer
S1685421223.038932,VS0,VE2
etag
W/"644830a9-416"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
7805a151-e3a6-11ed-b4a6-e28695fea06b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:23 GMT
wp-ulike.min.css
blogs.infoblox.com/wp-content/plugins/wp-ulike/assets/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/wp-ulike/assets/css/wp-ulike.min.css?ver=4.6.4
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7d2f997d3abc6d5c182b7826ea43636c26196a2a42273c875096cb1ad62f6c7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 84, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2394394
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
4849
x-served-by
cache-chi-klot8100148-CHI, cache-fra-eddf8230066-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 01 May 2023 19:55:32 GMT
server
nginx
x-timer
S1685421223.038937,VS0,VE2
etag
W/"64501934-6840"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
46433014-e8dc-11ed-83d4-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 May 2024 11:27:08 GMT
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A400%2C400i%2C600%2C700&ver=2.10.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:80a::200a Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c30722f96f97f72577d3e23418aa6ca80a5031d2ab8caabb8609d059dc557126
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 30 May 2023 04:33:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 30 May 2023 04:33:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 30 May 2023 04:33:42 GMT
dashicons.min.css
blogs.infoblox.com/wp-includes/css/ 		58 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/css/dashicons.min.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 499, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1785701
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-r7mhr
content-length
36701
x-served-by
cache-chi-klot8100111-CHI, cache-fra-etou8220047-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 08 May 2023 21:16:54 GMT
server
nginx
x-timer
S1685421223.040187,VS0,VE2
etag
W/"645966c6-e688"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
7f30bffd-ee65-11ed-9ac9-261cfcf512cb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 09 May 2024 12:32:01 GMT
front-end.css
blogs.infoblox.com/wp-content/themes/infoblox-blog/lib/gutenberg/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/lib/gutenberg/front-end.css?ver=2.10.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
47bb48dbb60985f6c3925bcf32c14d6c586edcad7b629b9c97fe3705d1660279
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 85, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2442301
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-zxlrq
content-length
2205
x-served-by
cache-chi-kigq8000150-CHI, cache-fra-eddf8230032-FRA, cache-fra-eddf8230027-FRA
last-modified
Sun, 30 Apr 2023 19:26:18 GMT
server
nginx
x-timer
S1685421223.040179,VS0,VE2
etag
W/"644ec0da-23d0"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
bbe68bd5-e86c-11ed-bb02-729a82ea65a5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 01 May 2024 22:08:42 GMT
jquery.sidr.dark.min.css
cdn.jsdelivr.net/jquery.sidr/2.2.1/stylesheets/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.sidr/2.2.1/stylesheets/jquery.sidr.dark.min.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
780929714861ca223c2893799ec20e113d5cd9d3dcae15be3aca5db440ea1db2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 30 May 2023 04:33:42 GMT
age
1745675
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1401
x-served-by
cache-fra-eddf8230122-FRA, cache-tyo11975-TYO
etag
W/"ddb-6HgE8UA45Z+BAXCB3SXpxOmIsUw"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
infoblox-custom.css
blogs.infoblox.com/wp-content/themes/infoblox-blog/ 		59 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8b691b68ce2b648677ff1bb637d09e0a0005ecbc2ef054f1c3b118e96a3debf5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 85, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967259
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-d8g28
content-length
15037
x-served-by
cache-chi-kigq8000130-CHI, cache-fra-eddf8230030-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:35 GMT
server
nginx
x-timer
S1685421223.040171,VS0,VE2
etag
W/"644830af-eaa7"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
7823a879-e3a6-11ed-b630-b68f991f583f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:23 GMT
slider-hp.css
blogs.infoblox.com/wp-content/themes/infoblox-blog/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/slider-hp.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d0ff37ec6455fc98cf29d6e3d6a6117c260e2623f9f8238519a6570b7081daaf
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 85, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967259
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-l8ghl
content-length
881
x-served-by
cache-chi-klot8100114-CHI, cache-fra-etou8220027-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:29 GMT
server
nginx
x-timer
S1685421223.041893,VS0,VE2
etag
W/"644830a9-975"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
7827402d-e3a6-11ed-9287-0a54def16c6d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:23 GMT
lity.min.css
blogs.infoblox.com/wp-content/themes/infoblox-blog/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/lity.min.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
708ac71ed8728392391eb1d7c3fdb816dedb96bfcd4a1ab9238647623b9528c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
0, 492, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1732272
x-cache
MISS, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-h8rhh
content-length
1197
x-served-by
cache-chi-klot8100047-CHI, cache-fra-eddf8230108-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 08 May 2023 21:16:54 GMT
server
nginx
x-timer
S1685421223.041884,VS0,VE10
etag
W/"645966c6-f11"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e55dae68-eee1-11ed-b00f-5af8c1373ff9
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 10 May 2024 03:22:30 GMT
jquery.min.js
blogs.infoblox.com/wp-includes/js/jquery/ 		87 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 558, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2740148
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-x86ft
content-length
36052
x-served-by
cache-chi-klot8100116-CHI, cache-fra-etou8220033-FRA, cache-fra-eddf8230027-FRA
last-modified
Fri, 28 Apr 2023 09:43:29 GMT
server
nginx
x-timer
S1685421223.041998,VS0,VE2
etag
W/"644b9541-15db1"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
40d70706-e5b7-11ed-853b-eadbd2420a05
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 28 Apr 2024 11:24:34 GMT
jquery-migrate.min.js
blogs.infoblox.com/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 490, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1111285
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-7d4fd84698-m7wz6
content-length
4565
x-served-by
cache-chi-klot8100129-CHI, cache-fra-eddf8230127-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 16 May 2023 15:40:19 GMT
server
nginx
x-timer
S1685421223.043531,VS0,VE2
etag
W/"6463a3e3-2bd8"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
bf4fce92-f487-11ed-b163-fa537e6ffcf5
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 17 May 2024 07:52:18 GMT
settings.js
blogs.infoblox.com/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/js/settings.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3db1168843385fea0dc0842a968671b7dae44b9eae418313ca2764f86bfa73fc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 496, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2394393
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-24qnt
content-length
1405
x-served-by
cache-chi-klot8100034-CHI, cache-fra-etou8220086-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 01 May 2023 19:55:32 GMT
server
nginx
x-timer
S1685421223.043547,VS0,VE2
etag
W/"64501934-19a2"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
466fd49d-e8dc-11ed-9d64-7286072d42f0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 May 2024 11:27:09 GMT
jquery.bxslider.css
cdn.jsdelivr.net/bxslider/4.2.12/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/bxslider/4.2.12/jquery.bxslider.css
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
55ddd1f80cec627f624b79cea24ccd18fb38180c3bff6757ffe56be7c1a6445d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 30 May 2023 04:33:42 GMT
age
6536037
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1187
x-served-by
cache-fra-eddf8230067-FRA, cache-tyo11975-TYO
etag
W/"f5e-9CY+ZfG2D1tXr+G8dDrQnwbBEmY"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:801::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:07:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
581161
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30244
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 May 2024 11:07:41 GMT
jquery.bxslider.min.js
cdn.jsdelivr.net/bxslider/4.2.12/ 		23 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/bxslider/4.2.12/jquery.bxslider.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7731d577c5dfa5f38e9bf82dedae51174c9ddd4d3d4668eea9d1e51d6ce13d66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 30 May 2023 04:33:42 GMT
x-content-type-options
nosniff
age
6536039
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
23543
x-served-by
cache-fra-eddf8230029-FRA, cache-tyo11975-TYO
etag
W/"5bf7-z6ox3Bc9Kcb0lQd4zMXLOxqRM5Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
infoblox-logo-2.svg
blogs.infoblox.com/wp-content/uploads/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-logo-2.svg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5e532f2001bd715ac2458b017f00e83297416f11297bb68a50d13e84f497b16b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 399, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1688363
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
2265
x-served-by
cache-chi-klot8100059-CHI, cache-fra-etou8220071-FRA, cache-fra-eddf8230027-FRA
last-modified
Fri, 14 Apr 2023 17:11:47 GMT
server
nginx
x-timer
S1685421224.633047,VS0,VE2
etag
W/"64398953-1558"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
21d39dc6-ef48-11ed-93d7-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 10 May 2024 15:34:20 GMT
search.png
blogs.infoblox.com/wp-content/uploads/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/search.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f27ff5fc0da5cefdc57dd9e79a91efdd46903e83bd6c86643aafd686430ffb0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-67b9459d46-sm249
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967259
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 25 Apr 2024 08:27:11 GMT
content-length
1228
x-served-by
cache-chi-klot8100114-CHI, cache-ams21038-AMS, cache-ams12783-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.632448,VS0,VE12
etag
"5dfb699b-4cc"
content-type
image/png
x-styx-req-id
f9b56f4b-e342-11ed-b13f-fe50e5fec3be
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2214, 0, 0
category-cyber-threat-advisory.svg
blogs.infoblox.com/wp-content/uploads/ 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/category-cyber-threat-advisory.svg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f9f7ff183d86cda77ec548473949359e842a6963e6457ebccaaa700c22702012
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 1, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463762
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-ldr52
content-length
2480
x-served-by
cache-chi-kigq8000020-CHI, cache-fra-eddf8230042-FRA, cache-fra-eddf8230027-FRA
last-modified
Wed, 04 Aug 2021 22:56:00 GMT
server
nginx
x-timer
S1685421224.632949,VS0,VE5
etag
W/"610b1b00-1eee"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
c4117964-e83a-11ed-bd01-9e639b737b97
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 01 May 2024 16:11:01 GMT
FB.svg
live-infoblox-blog.pantheonsite.io/wp-content/uploads/ 		446 B
503 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live-infoblox-blog.pantheonsite.io/wp-content/uploads/FB.svg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cddede585f1ce388062b874c8ed32e1bbe2a0ffa258e85ff334ec7d1b673200f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires
Thu, 16 May 2024 10:38:45 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1187698
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-76b44d5747-6ffn5
content-length
328
x-served-by
cache-chi-kigq8000177-CHI, cache-tyo11975-TYO
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.691003,VS0,VE5
etag
W/"5dfb699b-1be"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d5cfdfbe-f3d5-11ed-b0a4-f60a1c633dc9
cache-control
max-age=31622400
accept-ranges
bytes
x-robots-tag
noindex
x-cache-hits
1, 1
TW.svg
live-infoblox-blog.pantheonsite.io/wp-content/uploads/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live-infoblox-blog.pantheonsite.io/wp-content/uploads/TW.svg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ce6c568bcf951e8d9abeb0858e492c3b41c769b190fbfe5cfe5fd76932008ef0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires
Thu, 16 May 2024 14:27:45 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1173958
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-76b44d5747-6ffn5
content-length
653
x-served-by
cache-chi-kigq8000143-CHI, cache-tyo11975-TYO
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.691322,VS0,VE2
etag
W/"5dfb699b-46c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d3691129-f3f5-11ed-b0a4-f60a1c633dc9
cache-control
max-age=31622400
accept-ranges
bytes
x-robots-tag
noindex
x-cache-hits
1, 1
LI.svg
live-infoblox-blog.pantheonsite.io/wp-content/uploads/ 		604 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live-infoblox-blog.pantheonsite.io/wp-content/uploads/LI.svg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
868503219c7ca2afd9cab62a466011d4e99684a725dd287e55b1b57fbe78febd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires
Fri, 26 Apr 2024 12:33:53 GMT
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2908789
x-cache
HIT, HIT
x-pantheon-styx-hostname
styx-fe2-a-765c7d8db7-xn6st
content-length
406
x-served-by
cache-chi-klot8100114-CHI, cache-tyo11975-TYO
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.691266,VS0,VE2
etag
W/"5dfb699b-25c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
9af45ba7-e42e-11ed-8863-568e1e012c3b
cache-control
max-age=31622400
accept-ranges
bytes
x-robots-tag
noindex
x-cache-hits
1, 1
infoblox-blog-decoy-dog-1-timeline.png
blogs.infoblox.com/wp-content/uploads/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-1-timeline.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bac62f2d639a4421d672814883e8dd47d5e21fe66e0f172b2a0456d9bb5fa7dc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-78577757df-2vqvz
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
530694
x-cache
MISS, HIT, MISS, MISS
expires
Fri, 24 May 2024 01:08:49 GMT
content-length
48770
x-served-by
cache-chi-klot8100105-CHI, cache-ams21030-AMS, cache-ams21079-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:05 GMT
server
nginx
x-timer
S1685421224.632513,VS0,VE10
etag
"644180ed-be82"
content-type
image/png
x-styx-req-id
8a63a0c3-f9cf-11ed-a865-de7aa4f6a312
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 5, 0, 0
infoblox-blog-decoy-dog-2-domain-timelines.png
blogs.infoblox.com/wp-content/uploads/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-2-domain-timelines.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5abb2baea4406b91db0c70b520aac559e816d0edb8a7acdd8388aacefb8ceea1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-d8g28
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2966976
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 25 Apr 2024 20:24:07 GMT
content-length
73823
x-served-by
cache-chi-kigq8000171-CHI, cache-ams21038-AMS, cache-ams21070-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:08 GMT
server
nginx
x-timer
S1685421224.632458,VS0,VE11
etag
"644180f0-1205f"
content-type
image/png
x-styx-req-id
212da16a-e3a7-11ed-b630-b68f991f583f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-3-network-one-dns-resolution.png
blogs.infoblox.com/wp-content/uploads/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-3-network-one-dns-resolution.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6a42e83f3d253ede2d40dd4b55800b0493e3a26187564ac330af8fe1541eb94
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-7d4fd84698-vfr6t
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1060148
x-cache
HIT, HIT, MISS, MISS
expires
Fri, 17 May 2024 22:04:35 GMT
content-length
31244
x-served-by
cache-chi-klot8100023-CHI, cache-ams21072-AMS, cache-ams21079-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:13:45 GMT
server
nginx
x-timer
S1685421224.632479,VS0,VE15
etag
"644180d9-7a0c"
content-type
image/png
x-styx-req-id
cf681cdf-f4fe-11ed-a463-6a6f2169e78e
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-4-network-two-dns-resolution.png
blogs.infoblox.com/wp-content/uploads/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-4-network-two-dns-resolution.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
50305a56e3056a0c0d5bcb8dea1cb8be201e06776c6ab7e786e6a85b7e1c74ef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463761
x-cache
HIT, HIT, MISS, MISS
expires
Wed, 01 May 2024 16:11:01 GMT
content-length
27984
x-served-by
cache-chi-kigq8000058-CHI, cache-ams21045-AMS, cache-ams12778-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:13:47 GMT
server
nginx
x-timer
S1685421224.632136,VS0,VE13
etag
"644180db-6d50"
content-type
image/png
x-styx-req-id
c4204636-e83a-11ed-83d4-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-5-qname-timelines.png
blogs.infoblox.com/wp-content/uploads/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-5-qname-timelines.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba8e528bb93bef01c9cf3684f39df2776f20f7856634c82f6b183cf702e9024c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-mqh8k
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1828520
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 09 May 2024 00:38:23 GMT
content-length
61215
x-served-by
cache-chi-kigq8000056-CHI, cache-ams21039-AMS, cache-ams21026-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:13:48 GMT
server
nginx
x-timer
S1685421224.632443,VS0,VE11
etag
"644180dc-ef1f"
content-type
image/png
x-styx-req-id
cdf01a54-ee01-11ed-b796-d23a22b5f0e5
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-6-dynamic-loopback.png
blogs.infoblox.com/wp-content/uploads/ 		308 KB
308 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-6-dynamic-loopback.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c4c85c236cd2be6a497df7e03d1d1fe5ca287f3af4acfb6aea1ab44b1df8a78f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-665b7cbd6b-77zvh
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1210784
x-cache
MISS, HIT, MISS, MISS
expires
Thu, 16 May 2024 04:13:59 GMT
content-length
314881
x-served-by
cache-chi-kigq8000022-CHI, cache-ams21051-AMS, cache-ams21022-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:13:54 GMT
server
nginx
x-timer
S1685421224.632100,VS0,VE14
etag
"644180e2-4ce01"
content-type
image/png
x-styx-req-id
1546f623-f3a0-11ed-9829-8ac4e5d1e9e0
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1, 0, 0
infoblox-blog-decoy-dog-8-hilbert-all.png
blogs.infoblox.com/wp-content/uploads/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-8-hilbert-all.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2b410e6da32306ea9e3ed9c08815be0bc670a7d87ffc9775e2b6c667ae8efc1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-7nmvb
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2966976
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 25 Apr 2024 20:24:07 GMT
content-length
27653
x-served-by
cache-chi-klot8100041-CHI, cache-ams21024-AMS, cache-ams21061-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:12 GMT
server
nginx
x-timer
S1685421224.632567,VS0,VE14
etag
"644180f4-6c05"
content-type
image/png
x-styx-req-id
21412553-e3a7-11ed-be21-de67b4c7bc28
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-9-zoomed.png
blogs.infoblox.com/wp-content/uploads/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-9-zoomed.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1eec46c8950d1484c5e2e9f213cd08dc44195ebf1e7a1cbee96106a23b2f11ce
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-7fc56d6dd8-x7s4q
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2966976
x-cache
HIT, HIT, MISS, MISS
expires
Sat, 20 Apr 2024 18:23:34 GMT
content-length
25270
x-served-by
cache-chi-kigq8000109-CHI, cache-ams21026-AMS, cache-ams12726-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:14 GMT
server
nginx
x-timer
S1685421224.632909,VS0,VE14
etag
"644180f6-62b6"
content-type
image/png
x-styx-req-id
75b72d67-dfa8-11ed-a755-f2c2993d2576
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
figure-10-distribution.png
blogs.infoblox.com/wp-content/uploads/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/figure-10-distribution.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0b66f51681de63bf31610d24a7236398198b7a5014015bd88397775d82978e4c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-6f854dbb8b-fqxfc
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
0
x-cache
MISS, MISS, MISS, MISS
expires
Thu, 30 May 2024 04:33:43 GMT
content-length
32258
x-served-by
cache-chi-klot8100038-CHI, cache-ams21048-AMS, cache-ams21037-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 22:34:54 GMT
server
nginx
x-timer
S1685421224.632033,VS0,VE273
etag
"6441be0e-7e02"
content-type
image/png
x-styx-req-id
28db8922-fea3-11ed-a270-2a31bf337108
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 0, 0, 0
infoblox-blog-decoy-dog-11-left-ignorelist.png
blogs.infoblox.com/wp-content/uploads/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-11-left-ignorelist.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
273b22dc86c6b20709bf0dcc06d31fb36aee8358f2319d82d2ebe0991d184ea3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-7d4fd84698-8j4zx
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1208363
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 16 May 2024 04:54:20 GMT
content-length
26865
x-served-by
cache-chi-klot8100043-CHI, cache-ams21023-AMS, cache-ams12738-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:18 GMT
server
nginx
x-timer
S1685421224.632021,VS0,VE15
etag
"644180fa-68f1"
content-type
image/png
x-styx-req-id
b802da26-f3a5-11ed-b51d-a2a1e8da0dce
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-11-right-claudfrontnet.png
blogs.infoblox.com/wp-content/uploads/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-11-right-claudfrontnet.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
95b1e78faab98905bd913b9aaa9db3eabca9c0fc7c538e234b212cc250f717c3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-x86ft
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2966976
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 25 Apr 2024 20:24:07 GMT
content-length
18964
x-served-by
cache-chi-kigq8000059-CHI, cache-ams21076-AMS, cache-ams21070-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:14:21 GMT
server
nginx
x-timer
S1685421224.631998,VS0,VE31
etag
"644180fd-4a14"
content-type
image/png
x-styx-req-id
2142eab4-e3a7-11ed-853b-eadbd2420a05
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-12-windows-freegate-user-interface.png
blogs.infoblox.com/wp-content/uploads/ 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-12-windows-freegate-user-interface.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
40853f9ac6e5bb5fa8aad16d3025076d4492d9d1e3e0adef1972be650fb7c73d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-d7rdl
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2367793
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 02 May 2024 18:50:30 GMT
content-length
128243
x-served-by
cache-chi-kigq8000082-CHI, cache-ams21078-AMS, cache-ams12773-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:23:27 GMT
server
nginx
x-timer
S1685421224.631984,VS0,VE12
etag
"6441831f-1f4f3"
content-type
image/png
x-styx-req-id
35eca61d-e91a-11ed-84a6-1acf20ad1b89
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-13-pupy_qpage_decoder_appendix_b_ping.jpg
blogs.infoblox.com/wp-content/uploads/ 		252 KB
252 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-13-pupy_qpage_decoder_appendix_b_ping.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a6d3bf93859abdea1be83ca719df1ef7798b957d551bcd88693786a8d811a032
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-ldr52
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2367794
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 02 May 2024 18:50:30 GMT
content-length
257841
x-served-by
cache-chi-kigq8000150-CHI, cache-ams21078-AMS, cache-ams12757-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:23:53 GMT
server
nginx
x-timer
S1685421224.652314,VS0,VE11
etag
"64418339-3ef31"
content-type
image/jpeg
x-styx-req-id
35f12d57-e91a-11ed-bd01-9e639b737b97
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1, 0, 0
infoblox-blog-decoy-dog-14-pupy_qpage_decoder_appendix_c_fqdn_parsing.jpg
blogs.infoblox.com/wp-content/uploads/ 		333 KB
333 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-decoy-dog-14-pupy_qpage_decoder_appendix_c_fqdn_parsing.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
71c9adb6633e51eff95d9979599ba83aabcdb06a63b9ab957858defcd02ec790
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-7fc56d6dd8-9ddxc
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2966976
x-cache
MISS, HIT, MISS, MISS
expires
Sat, 20 Apr 2024 18:27:07 GMT
content-length
340720
x-served-by
cache-chi-klot8100163-CHI, cache-ams21072-AMS, cache-ams21054-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 20 Apr 2023 18:23:56 GMT
server
nginx
x-timer
S1685421224.652065,VS0,VE11
etag
"6441833c-532f0"
content-type
image/jpeg
x-styx-req-id
f51598fe-dfa8-11ed-bf96-def9f1e99121
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 63, 0, 0
avatar_user_290_1645745085.png
blogs.infoblox.com/wp-content/uploads/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/avatar_user_290_1645745085.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9f826be9a2bdd52bec6a2688bd18becc4ec823f9cb77debcbc8eda105dac83ef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-h8rhh
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2291372
x-cache
HIT, HIT, MISS, MISS
expires
Fri, 03 May 2024 16:04:11 GMT
content-length
22035
x-served-by
cache-chi-kigq8000142-CHI, cache-ams21033-AMS, cache-ams21054-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 24 Feb 2022 23:24:45 GMT
server
nginx
x-timer
S1685421224.651563,VS0,VE11
etag
"621813bd-5613"
content-type
image/png
x-styx-req-id
249103d4-e9cc-11ed-8f94-5af8c1373ff9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 3, 0, 0
infoblox-blog-promo-cyber-threat-report-q4-2022.jpg
blogs.infoblox.com/wp-content/uploads/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/infoblox-blog-promo-cyber-threat-report-q4-2022.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6a5dffe58ffe8be12c8da54d26b190ef6722f90318b0be0e3ccf0ce43443e002
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-58f9846767-nbprf
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
618036
x-cache
MISS, HIT, MISS, MISS
expires
Thu, 23 May 2024 00:53:07 GMT
content-length
33614
x-served-by
cache-chi-klot8100092-CHI, cache-ams21076-AMS, cache-ams12723-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 23 Feb 2023 10:24:10 GMT
server
nginx
x-timer
S1685421224.652065,VS0,VE10
etag
"63f73eca-834e"
content-type
image/jpeg
x-styx-req-id
2e777ce6-f904-11ed-ad6c-2ef734f15139
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 22, 0, 0
arrow_link.jpg
blogs.infoblox.com/wp-content/uploads/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/arrow_link.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f0ef668120a2df876d90bbe0667a69db1e27b958aced171feb3d391b17bfde11
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-ldr52
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463762
x-cache
HIT, HIT, MISS, MISS
expires
Wed, 01 May 2024 16:11:01 GMT
content-length
24252
x-served-by
cache-chi-kigq8000048-CHI, cache-ams21067-AMS, cache-ams21028-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.651981,VS0,VE13
etag
"5dfb699b-5ebc"
content-type
image/jpeg
x-styx-req-id
c43627b5-e83a-11ed-bd01-9e639b737b97
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 73, 0, 0
slider-hp.js
blogs.infoblox.com/wp-content/themes/genesis-sample/ 		116 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/genesis-sample/slider-hp.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b663370b2ecf34db611eaba1d1064a9c0f08f8047c18c59f5ffd16caf58ef6b7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
2, 25, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2343581
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-24qnt
content-length
34566
x-served-by
cache-chi-klot8100144-CHI, cache-fra-eddf8230054-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 01 May 2023 19:55:32 GMT
server
nginx
x-timer
S1685421224.597444,VS0,VE2
etag
W/"64501934-1cfb8"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
953dae87-e952-11ed-9d64-7286072d42f0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 03 May 2024 01:34:01 GMT
social-facebook-1.png
blogs.infoblox.com/wp-content/uploads/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/social-facebook-1.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5ae44b29a07f543b7a144557b1bd07d18d2bb506283eb34c4decf6af582adfef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-75685f6499-8k95x
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967258
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 18 Apr 2024 18:29:19 GMT
content-length
2199
x-served-by
cache-chi-kigq8000096-CHI, cache-ams21068-AMS, cache-ams21039-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 22 Jul 2021 16:51:57 GMT
server
nginx
x-timer
S1685421224.651721,VS0,VE10
etag
"60f9a22d-897"
content-type
image/png
x-styx-req-id
eeef9816-de16-11ed-b1c1-da42860c9987
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 12612, 0, 0
social-twitter-2.png
blogs.infoblox.com/wp-content/uploads/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/social-twitter-2.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3ea04b8b3bd61287ef6d9241dab1b94924accc38651f973f9897828b4f60e738
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-2hd89
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2367792
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 02 May 2024 18:50:30 GMT
content-length
3648
x-served-by
cache-chi-klot8100165-CHI, cache-ams21031-AMS, cache-ams12753-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 22 Jul 2021 16:51:59 GMT
server
nginx
x-timer
S1685421224.651040,VS0,VE9
etag
"60f9a22f-e40"
content-type
image/png
x-styx-req-id
35fa9118-e91a-11ed-911c-52a2bd483d17
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 5, 0, 0
social-youtube.png
blogs.infoblox.com/wp-content/uploads/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/social-youtube.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
746f92201abc63d71f4bf1a7271eba568c0710b2677379826bdcd943faeecc2c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-pbcvg
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463761
x-cache
HIT, HIT, MISS, MISS
expires
Wed, 01 May 2024 16:11:01 GMT
content-length
3443
x-served-by
cache-chi-kigq8000054-CHI, cache-ams21036-AMS, cache-ams21021-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 22 Jul 2021 16:51:59 GMT
server
nginx
x-timer
S1685421224.651104,VS0,VE10
etag
"60f9a22f-d73"
content-type
image/png
x-styx-req-id
c44cff11-e83a-11ed-bd5b-46105b0ee308
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 9, 0, 0
social-linked-in.png
blogs.infoblox.com/wp-content/uploads/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/social-linked-in.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
81584aa37e1b82faaea55445c87f2c3c29abff2f3b0937435d5ae08646425bb0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-6f854dbb8b-d6ndm
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
377075
x-cache
MISS, HIT, MISS, MISS
expires
Sat, 25 May 2024 19:49:09 GMT
content-length
2674
x-served-by
cache-chi-kigq8000114-CHI, cache-ams21031-AMS, cache-ams21048-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 22 Jul 2021 16:51:58 GMT
server
nginx
x-timer
S1685421224.651409,VS0,VE11
etag
"60f9a22e-a72"
content-type
image/png
x-styx-req-id
370014c0-fb35-11ed-b436-7a2c88d57795
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 3, 0, 0
wp-ulike.min.js
blogs.infoblox.com/wp-content/plugins/wp-ulike/assets/js/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/plugins/wp-ulike/assets/js/wp-ulike.min.js?ver=4.6.4
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b53e5f3408771e8cf79666bc1466cd55c0314d4191ce9c2f7a75dfc20aa57589
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 491, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1616027
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-cd8db6d4c-h82wg
content-length
5113
x-served-by
cache-chi-kigq8000071-CHI, cache-fra-etou8220038-FRA, cache-fra-eddf8230027-FRA
last-modified
Wed, 10 May 2023 18:24:49 GMT
server
nginx
x-timer
S1685421224.597424,VS0,VE2
etag
W/"645be171-3d5e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
8d946e76-eff0-11ed-a295-def179a5ab96
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 11 May 2024 11:39:56 GMT
hoverIntent.min.js
blogs.infoblox.com/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 551, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463763
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-7nmvb
content-length
721
x-served-by
cache-chi-kigq8000162-CHI, cache-fra-etou8220046-FRA, cache-fra-eddf8230027-FRA
last-modified
Sun, 30 Apr 2023 19:26:18 GMT
server
nginx
x-timer
S1685421224.627167,VS0,VE2
etag
W/"644ec0da-5db"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
c3b23cf0-e83a-11ed-be21-de67b4c7bc28
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 01 May 2024 16:11:00 GMT
superfish.min.js
blogs.infoblox.com/wp-content/themes/genesis/lib/js/menu/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/genesis/lib/js/menu/superfish.min.js?ver=1.7.10
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 496, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2902714
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-424zb
content-length
2000
x-served-by
cache-chi-kigq8000144-CHI, cache-fra-etou8220072-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:33 GMT
server
nginx
x-timer
S1685421224.629038,VS0,VE4
etag
W/"644830ad-1193"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
c0f9e048-e43c-11ed-bbed-b2b6ad8e4145
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 26 Apr 2024 14:15:10 GMT
superfish.args.min.js
blogs.infoblox.com/wp-content/themes/genesis/lib/js/menu/ 		132 B
436 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js?ver=3.4.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
4, 488, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1256382
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-88bbd95cd-9pb4x
content-length
132
x-served-by
cache-chi-klot8100077-CHI, cache-fra-etou8220036-FRA, cache-fra-eddf8230027-FRA
last-modified
Sun, 14 May 2023 02:41:39 GMT
server
nginx
x-timer
S1685421224.629316,VS0,VE2
etag
W/"64604a63-84"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
eac57757-f335-11ed-884f-3aa6137d25d4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 15 May 2024 15:34:01 GMT
skip-links.min.js
blogs.infoblox.com/wp-content/themes/genesis/lib/js/ 		386 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/genesis/lib/js/skip-links.min.js?ver=3.4.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 483, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2463762
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-pbcvg
content-length
252
x-served-by
cache-chi-klot8100134-CHI, cache-fra-eddf8230121-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 01 May 2023 00:59:50 GMT
server
nginx
x-timer
S1685421224.630007,VS0,VE2
etag
W/"644f0f06-182"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
c3d7835d-e83a-11ed-bd5b-46105b0ee308
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 01 May 2024 16:11:00 GMT
responsive-menus.min.js
blogs.infoblox.com/wp-content/themes/infoblox-blog/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/js/responsive-menus.min.js?ver=2.10.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6fd951519999c4f446db71f347635025addb27c21d3b5915d498732ea1eec927
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 483, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1815951
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
1527
x-served-by
cache-chi-klot8100156-CHI, cache-fra-eddf8230061-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 08 May 2023 21:16:54 GMT
server
nginx
x-timer
S1685421224.629996,VS0,VE2
etag
W/"645966c6-e64"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
1159cfde-ee1f-11ed-93d7-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 09 May 2024 04:07:52 GMT
genesis-sample.js
blogs.infoblox.com/wp-content/themes/infoblox-blog/js/ 		1 KB
910 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/js/genesis-sample.js?ver=2.10.0
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a1c4a7fc8d5baa9d1b5e4d8c55c3229442dbf98430024e9b008cd3cd99c72fbb
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 481, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967260
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-nblwl
content-length
637
x-served-by
cache-chi-klot8100114-CHI, cache-fra-eddf8230065-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:34 GMT
server
nginx
x-timer
S1685421224.633237,VS0,VE2
etag
W/"644830ae-4e1"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
78759118-e3a6-11ed-9f6b-a65fb20cc436
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:24 GMT
lity.min.js
blogs.infoblox.com/wp-content/themes/infoblox-blog/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/js/lity.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
576e529ab8a4f6521f8aff687e04e47ca0e165585dfe6b82d1758fd99ff03336
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 64, 0
strict-transport-security
max-age=300
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967260
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-d8g28
content-length
3184
x-served-by
cache-chi-kigq8000140-CHI, cache-fra-eddf8230028-FRA, cache-fra-eddf8230027-FRA
last-modified
Tue, 25 Apr 2023 19:57:29 GMT
server
nginx
x-timer
S1685421224.632865,VS0,VE2
etag
W/"644830a9-1c1a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
787e0b84-e3a6-11ed-b630-b68f991f583f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 25 Apr 2024 20:19:24 GMT
jquery.sidr.min.js
cdn.jsdelivr.net/jquery.sidr/2.2.1/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.sidr/2.2.1/jquery.sidr.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fd57ae7228574a83527cb8917ec5a0ff944aa787934ee5b85a7976f259b7ae31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 30 May 2023 04:33:43 GMT
age
4762306
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
2765
x-served-by
cache-fra-eddf8230092-FRA, cache-tyo11975-TYO
etag
W/"1b7a-V8NZ9CJQc1jNZn9BGb1UCGoehC0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
gtm.js
www.googletagmanager.com/ 		301 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
79f19ba320fbd83b79850b2a01411b97b320fa7306cf5fee76c27b750fca61ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98633
x-xss-protection
0
last-modified
Tue, 30 May 2023 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 30 May 2023 04:33:43 GMT
wks0kwv.js
use.typekit.net/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/wks0kwv.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
d43c60fba3f2e7d415f0ca36e8393741a49416d4a3fed260cc51c28368e699a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Tue, 30 May 2023 04:33:43 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
6740
ciu-banner.jpg
blogs.infoblox.com/wp-content/uploads/ 		135 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/ciu-banner.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
945c284f98ebab78bcdccb6711ebc2340756345a312a8fcad4da1871505029bf
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-6f854dbb8b-x8cll
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
47302
x-cache
MISS, HIT, MISS, MISS
expires
Wed, 29 May 2024 15:25:21 GMT
content-length
138471
x-served-by
cache-chi-klot8100088-CHI, cache-ams21080-AMS, cache-ams21042-AMS, cache-fra-eddf8230027-FRA
last-modified
Wed, 04 Aug 2021 22:59:25 GMT
server
nginx
x-timer
S1685421224.652230,VS0,VE11
etag
"610b1bcd-21ce7"
content-type
image/jpeg
x-styx-req-id
06a219bc-fe35-11ed-8613-224f8b47cb96
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1, 0, 0
icon-kudo.png
blogs.infoblox.com/wp-content/uploads/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/icon-kudo.png
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
658414418ebba65bb3d94f37b93ce4245b29d3b900897c923eeffd56ace0d381
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-7cdc4c79db-tsh8g
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1744809
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 09 May 2024 23:53:34 GMT
content-length
3483
x-served-by
cache-chi-klot8100023-CHI, cache-ams21078-AMS, cache-ams12731-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.650971,VS0,VE10
etag
"5dfb699b-d9b"
content-type
image/png
x-styx-req-id
b59e07eb-eec4-11ed-8f5d-e24bc6d89ad8
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 18, 0, 0
search_icon.jpg
blogs.infoblox.com/wp-content/uploads/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/search_icon.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d80f9badc08b8777ce9133f8bfa898576eaac335a195355a410f34e83c26311d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-a-67b9459d46-ms8x5
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2967235
x-cache
HIT, HIT, MISS, MISS
expires
Thu, 25 Apr 2024 15:45:07 GMT
content-length
24824
x-served-by
cache-chi-klot8100092-CHI, cache-ams21065-AMS, cache-ams12730-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 19 Dec 2019 12:14:19 GMT
server
nginx
x-timer
S1685421224.650950,VS0,VE18
etag
"5dfb699b-60f8"
content-type
image/jpeg
x-styx-req-id
2726cafb-e380-11ed-a13d-2e6459be3498
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 36, 0, 0
arrow_down.jpg
blogs.infoblox.com/wp-content/uploads/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.infoblox.com/wp-content/uploads/arrow_down.jpg
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ddef9b3daec625719558594a045592a53c1b4b1e3c1360fa9e985a075b928c7a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-mwk8t
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
1873289
x-cache
HIT, HIT, MISS, MISS
expires
Wed, 08 May 2024 12:12:14 GMT
content-length
25176
x-served-by
cache-chi-kigq8000168-CHI, cache-ams21079-AMS, cache-ams21042-AMS, cache-fra-eddf8230027-FRA
last-modified
Thu, 22 Jul 2021 16:29:28 GMT
server
nginx
x-timer
S1685421224.650928,VS0,VE10
etag
"60f99ce8-6258"
content-type
image/jpeg
x-styx-req-id
91c2d14f-ed99-11ed-9970-8e91365dc59f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 62, 0, 0
ProximaNova-Semibold.woff
blogs.infoblox.com/wp-content/themes/infoblox-blog/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/fonts/ProximaNova-Semibold.woff
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:8d::765 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
16cce560fa71db9564d2563c6fde2d1fa9b7a25e1e3e4f9532ff3a675ac2b0c4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://blogs.infoblox.com/wp-content/themes/infoblox-blog/infoblox-custom.css
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits
1, 38, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 30 May 2023 04:33:43 GMT
age
2394393
x-cache
HIT, HIT, MISS
x-pantheon-styx-hostname
styx-fe1-b-746cdcf8fd-cb5h4
content-length
24600
x-served-by
cache-chi-kigq8000122-CHI, cache-fra-etou8220100-FRA, cache-fra-eddf8230027-FRA
last-modified
Mon, 01 May 2023 00:59:50 GMT
server
nginx
x-timer
S1685421224.650950,VS0,VE2
etag
"644f0f06-6018"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
471645b2-e8dc-11ed-83d4-326947994272
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 02 May 2024 11:27:10 GMT
details
epsilon.6sense.com/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.199.238.158 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-199-238-158.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-forwarded-for
Access-Control-Request-Method
GET
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,content-type,x-forwarded-for
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://blogs.infoblox.com
access-control-max-age
1800
date
Tue, 30 May 2023 04:33:43 GMT
server
nginx
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 30 May 2023 02:45:26 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
6497
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Tue, 30 May 2023 04:45:26 GMT
5835.js
script.crazyegg.com/pages/scripts/0042/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0042/5835.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de56d33adf5dd4c396874042c2878637bb6b68ca76f54331646bde61f17a32d6

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
cf-cache-status
HIT
age
59428
cf-polished
origSize=6063
ce-version
11.5.76
cf-bgj
minify
last-modified
Mon, 29 May 2023 12:03:15 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
7cf442b82ddbafa5-NRT
main.rtfl.js
visitor.reactful.com/dist/ 		273 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/dist/main.rtfl.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2013 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 16:31:06 GMT
content-encoding
gzip
server
Google Frontend
age
302558
etag
"yotqXg"
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
74b21250ddb8aa2b37810384741559bf
cache-control
public,public, max-age=432000
content-length
107826
expires
Wed, 31 May 2023 16:31:06 GMT
details
epsilon.6sense.com/v3/company/ 		730 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.199.238.158 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-199-238-158.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6c11a81403cc671a40a06177d5db361b70415e0f7f27519ba92749cc47eba4ae

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
Authorization
Token 482f94f5ef8419c30131ca99e9837fa458cb3174
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
X-Forwarded-For
null
Content-Type
application/json

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://blogs.infoblox.com
access-control-allow-credentials
true
content-length
391
6si.min.js
j.6sc.co/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 17 May 2023 00:27:16 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"64641f64-8a3f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
11052
expires
Tue, 30 May 2023 04:33:43 GMT
notice
consent.trustarc.com/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=infoblox.com&c=teconsent&js=nj&noticeType=bb&pcookie&gtm=1&text=true&language=en
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
3734d1572ed158e817088c61b9bb1c7cd51fea7e3bad8c4e271737c2c92db413
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 b86f96ad1cdd596db48371f729df3b5c.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT12-C2
x-cache
Miss from cloudfront
cloudfront-viewer-country
JP
content-length
5918
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=3600
cloudfront-viewer-country-region
13
timing-allow-origin
*
x-amz-cf-id
rP1fLE068OrAfTmR1_-ezIX4YMj4YNTH4AbWhh1k6zYYo9_J_tsEOw==
expires
Tue, 30 May 2023 05:33:43 GMT
42wt2pyhpc8v.js
js.driftt.com/include/1685421300000/ 		220 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/include/1685421300000/42wt2pyhpc8v.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c6ad31eb316f80c139d58b0e3f536ed968fbb2beebb901d1b86bfe54a3713836
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
x-amz-version-id
HjQCNBGkwd60UKe6nu0SQVVWe7QsNAOj
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
32
last-modified
Fri, 26 May 2023 18:28:42 GMT
server
istio-envoy
etag
W/"3870e65f13e32317d5527b6410b69662"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
eZG3iDeJ7WLOUsBipQ5kPNAcsnFOZ23DSMRfa1XVp-nPY2DkGnA-7w==
bizible.js
cdn.bizible.com/scripts/ 		67 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.58.59 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (tkb/7355) /
Resource Hash
c00e912ad556e16f15803b0645d6092adec4e23408b6d91dda68dab21480f1bf

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
content-encoding
gzip
last-modified
Thu, 18 May 2023 21:48:38 GMT
server
ECS (tkb/7355)
age
19315
etag
"24512881d289d91:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
25471
js
www.googletagmanager.com/gtag/ 		258 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-D4JXVXQTYG&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
97ce8bd17fb494b2c6e1318b62cde5b7dd944a2c011f3ecd7729094bc2cee24c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88001
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 30 May 2023 04:33:43 GMT
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=13722951&t=pageview&_s=1&dl=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&ul=en-us&de=UTF-8&dt=Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=1212933588&gjid=1724909660&cid=163747939.1685421224&tid=UA-1234994-1&_gid=716647300.1685421224&_r=1&_slc=1&gtm=45He35o0n61F7RMF&z=815698675
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blogs.infoblox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
blogs.infoblox.com.json
script.crazyegg.com/pages/data-scripts/0042/5835/site/ 		169 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0042/5835/site/blogs.infoblox.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0042/5835.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7a9c0cfd96917aaf32c1f1460be09505fff1d401298ac37c2feb945119dd043

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8752
ce-version
11.5.76
content-length
13228
last-modified
Tue, 30 May 2023 02:07:51 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cf442b83d71f59b-NRT
2718ebc4e0df9692161f1d6f94f9e5a8.js
script.crazyegg.com/pages/versioned/common-scripts/ 		72 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0042/5835.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
927178a84b374fc1f3147c4c3909bcc31ad32910c6095b0e4830eaed7ba94605

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 May 2023 12:50:21 GMT
server
cloudflare
age
61878
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cf442b85e14afa5-NRT
content-length
25092
collect
stats.g.doubleclick.net/j/ 		7 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-1234994-1&cid=163747939.1685421224&jid=1212933588&gjid=1724909660&_gid=716647300.1685421224&_u=YGBACEAABAAAACAAI~&z=145368140
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4008:c13::9a Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 30 May 2023 04:33:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blogs.infoblox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-D4JXVXQTYG&gtm=45je35o0&_p=13722951&cid=163747939.1685421224&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685421223&sct=1&seg=0&dl=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&dt=Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox&en=page_view&_fv=1&_ss=1&ep.cookieDomain=auto&ep.allowLinker=true
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D4JXVXQTYG&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blogs.infoblox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
blogs.infoblox.com.json
script.crazyegg.com/pages/data-scripts/0042/5835/sampling/ 		155 B
237 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0042/5835/sampling/blogs.infoblox.com.json?t=468172
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ac06a7fd059bcfc1df9b49aa3f7e297859a0de4bea0b808b36668b90603f51b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8751
ce-version
11.5.76
content-length
144
last-modified
Tue, 30 May 2023 02:07:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cf442b8fdf6f59b-NRT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-F7RMF
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a00:8::b81a:2b46 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=22320
accept-ranges
bytes
content-length
4777
lt-v3.js
lltrck.com/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://lltrck.com/scripts/lt-v3.js?llid=10235
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.29.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-29-199.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers
pix.js
des8qu5llanad.cloudfront.net/js/tracker/ 		0
0
tracking.js
trk.techtarget.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
41236
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
7cf442b92ec22080-NRT
expires
Tue, 30 May 2023 04:53:43 GMT
healthcheck
pagestates-tracking.crazyegg.com/ 		19 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagestates-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.167.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-167-19.nrt12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sun, 07 May 2023 21:00:58 GMT
via
1.1 1b226d41bb3b440fb6606e8a954c03f4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT12-C3
age
1927966
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
pQZ_pynzeW7nrBwxUm0C38fMWCIX7JuAapFMREqYCDcPI0BVv9jUFA==
healthcheck
assets-tracking.crazyegg.com/ 		19 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-22.nrt57.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Sun, 14 May 2023 11:37:19 GMT
via
1.1 5cf2560f7c8afa4de402da0380c23964.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1356985
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
J-7bWetp-ANKIzxHqZcrMhbFfbb3SGjzEOqCZkJNX4Ma8j0pmunVxA==
ga-audiences
www.google.com/ads/ 		42 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-1234994-1&cid=163747939.1685421224&jid=1212933588&_u=YGBACEAABAAAACAAI~&z=1199203921
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:828::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.jp/ads/ 		42 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.jp/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-1234994-1&cid=163747939.1685421224&jid=1212933588&_u=YGBACEAABAAAACAAI~&z=1199203921
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
eb5d126c-210f-49a1-ae29-27b9ed3b48c4
https://blogs.infoblox.com/ 		45 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/eb5d126c-210f-49a1-ae29-27b9ed3b48c4
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
45
Content-Type
text/javascript
gif.gif
ibc-flow.techtarget.com/a/ 		43 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1253438&r=1685421223952&ref=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
1253438
Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
via
1.1 google
x-guploader-uploadid
ADPycdtU7aPmqWrx9XoIkceI7hhSAJ6vv66Jqe5Au9liK5303ZIdPTbfVzLiTwrnOSXHvedm2Iq0_r6mJvrW1HCbKX14FySSelJh
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Tue, 30 May 2023 05:33:44 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1253438&r=1685421223952&ref=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 30 May 2023 04:33:44 GMT
expires
Tue, 30 May 2023 04:33:44 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ADPycdujkzW5Ew9TbE-AgFVCmvygc6fbI8Y7Eh0YZH-f4zSrtmZZHXfAWkGNkBcs7Z23idz-M6GoY0rhO9ZW_B2uEJoD_Lci0ZDy
token
cdn.linkedin.oribi.io/partner/32346/domain/blogs.infoblox.com/ 		36 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/32346/domain/blogs.infoblox.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:221a:2600:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 02:07:26 GMT
content-encoding
gzip
via
1.1 c840859ec974616ca6ae517a4e6900e8.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P2
age
8778
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=21850
x-amz-cf-id
0tMo4DiEEirmKAKe3QmTKcb9_0y_XGKWFNTBONxJWrduZM_F0_4Nkg==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-too...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-too...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32346%26time%3D1685421223954%26url%3Dhttps%253A%252F%252Fblogs.infoblox.com%252Fc...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-too...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-to...
0
489 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&cookiesTest=true&liSync=true&e_ipv6=AQK8tR7IV4P9FwAAAYhq7vPJbHCvUjTwbYkZjeHtu16SqeevGTlJ94vhaOs8aV4o8SlvJQ
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: B50ABDAAD0F742F7910717AD41D85971 Ref B: TYAEDGE1122 Ref C: 2023-05-30T04:33:44Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX84bVwwIQ1WF71BAyyXA==

Redirect headers

date
Tue, 30 May 2023 04:33:44 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 58ECA103C4C24B7E9E71708FAE85D15E Ref B: TYAEDGE1018 Ref C: 2023-05-30T04:33:44Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32346&time=1685421223954&url=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&cookiesTest=true&liSync=true&e_ipv6=AQK8tR7IV4P9FwAAAYhq7vPJbHCvUjTwbYkZjeHtu16SqeevGTlJ94vhaOs8aV4o8SlvJQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAX84bVoM5GL6x5CmA2qew==
get
consent.trustarc.com/ Frame 3D49 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=crossdomain.html&domain=infoblox.com
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=infoblox.com&c=teconsent&js=nj&noticeType=bb&pcookie&gtm=1&text=true&language=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
1558
cache-control
max-age=2592000
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 30 May 2023 04:07:45 GMT
expires
Thu, 29 Jun 2023 04:07:45 GMT
pragma
public
strict-transport-security
max-age=31536000; includeSubDomains
timing-allow-origin
*
vary
Origin
via
1.1 0e1856722118e7a1ce544e476ee3a2fe.cloudfront.net (CloudFront)
x-amz-cf-id
81bHzSV-VmB159BjuU018rUwMEguESbJq46jrH67rpnBLEtKuRIqkA==
x-amz-cf-pop
NRT12-C2
x-cache
Hit from cloudfront
v1.7-164
consent.trustarc.com/asset/notice.js/v/ 		78 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-164
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=infoblox.com&c=teconsent&js=nj&noticeType=bb&pcookie&gtm=1&text=true&language=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
fcd86e8b75ae82f035ff1f28433dacab9d367f838f707e4482e2f542c0037096
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:14:16 GMT
content-encoding
gzip
via
1.1 b86f96ad1cdd596db48371f729df3b5c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT12-C2
age
1167
x-cache
Hit from cloudfront
pragma
public
last-modified
Mon, 17 Apr 2023 03:19:03 GMT
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
mZlzvBrPt9uH74qRKoOWWWrSpC02OtDdEEsqWjR8CHcAhycgRScAGg==
expires
Thu, 29 Jun 2023 04:14:16 GMT
log
consent.trustarc.com/ 		43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/log?domain=infoblox.com&country=jp&state=&behavior=implied&session=6b0d1066-937e-4b48-a319-1b77f3fe0d3c&userType=NEW&c=cbbc
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:44 GMT
via
1.1 0e1856722118e7a1ce544e476ee3a2fe.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT12-C2
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
G98UJG14-cpEzFRLysJde7tVqa-4xEXbC1dHfZ3nJITONae5EM8OpQ==
expires
Mon, 26 Jul 1997 05:00:00 GMT
clock
tracking.crazyegg.com/ 		30 B
138 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/clock?t=1685421223985&tk=94c1298a9befcde50aad42a699da8ca2&s=237558&p=%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&u=425835&v=13edbf0d66ffbdc2bde2c719b7c76dd2578e1dc1&f=blogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic&ul=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.215.128.220 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
8da203236184dd38ee5142980cc67c06335bd9b1124e5067e544e4f815ffd8c3

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 30 May 2023 04:33:44 GMT
cache-control
no-store
server
awselb/2.0
content-length
30
content-type
text/plain
l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
server
nginx
etag
"a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33660
l
use.typekit.net/af/86b539/00000000000000003b9b093a/27/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/86b539/00000000000000003b9b093a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
40b87680850d61dff26f2280eaac2487e2261e8771cca1f4eba69dc366cd1fe2

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
server
nginx
etag
"7419d3e31dff61919238b7104d975fb9f66eb724"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
35128
l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b99ce50d05750058143cb93936075ad5107f9a3e5b03f2d4872c0ebe753a9f7

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
server
nginx
etag
"852dacc5cd2685c187708b882b28635465e17bd0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32688
l
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
server
nginx
etag
"98ea2e3888e90196090ca6bc7ddc5345e1871a7a"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34380
p.gif
p.typekit.net/ 		35 B
205 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=wks0kwv&ht=tk&h=blogs.infoblox.com&f=139.140.175.176&a=6646607&js=1.21.0&app=typekit&e=js&_=1685421224045
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:a800::17c0:2d61 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
last-modified
Sat, 09 Oct 2021 02:10:38 GMT
server
nginx
etag
"6160fa1e-23"
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
notice
consent.trustarc.com/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=infoblox.com&country=jp&js=nj2&c=teconsent&noticeType=bb&pcookie&gtm=1&text=true&language=en
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=infoblox.com&c=teconsent&js=nj&noticeType=bb&pcookie&gtm=1&text=true&language=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
ce6e9b28b09c0ba74bf042fae5dda02ca3c9424889fa106bf72682435fc2f949
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 b86f96ad1cdd596db48371f729df3b5c.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT12-C2
x-cache
Miss from cloudfront
cloudfront-viewer-country
JP
content-length
4870
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=3600
cloudfront-viewer-country-region
13
timing-allow-origin
*
x-amz-cf-id
vkfmMjAhDCr5S2ZlsrQhuDNS84Ekd9OiapG8HR8ruPRroO9E9w6n5g==
expires
Tue, 30 May 2023 05:33:44 GMT
d9b6b28e3d84db3e4c966a5cf73af402.js
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/d9b6b28e3d84db3e4c966a5cf73af402.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0042/5835.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 25 May 2023 09:08:04 GMT
server
cloudflare
age
61876
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cf442bbd902afa5-NRT
content-length
8025
3dfd0cab-16bc-4670-a244-b672e238d616
https://blogs.infoblox.com/ 		241 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/3dfd0cab-16bc-4670-a244-b672e238d616
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc3fc6bfc07298ef9d64db1b2994195daec150dcc9d11b0e091dfd11398bef6f

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
241
Content-Type
text/javascript
get
consent.trustarc.com/ 		61 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=MuseoSans-300.otf
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
ecc24f40f565ce3d863f4ab0fe3258c6d92ca796776a4cae7d68fb52fdddeb7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
public
date
Tue, 30 May 2023 03:46:00 GMT
content-encoding
gzip
via
1.1 b86f96ad1cdd596db48371f729df3b5c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT12-C2
age
2864
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
SnFVf0Ka0CHDhwhtbFzVgUDSnbZwMwk5EStIXx7fJPxa-BapLxTMYQ==
expires
Thu, 29 Jun 2023 03:46:00 GMT
get
consent.trustarc.com/ 		62 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=MuseoSans_700.otf
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
c36ca8cd5566c156e23f38dde55efa9767270c732ddcb7ed915ea44b2295601e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blogs.infoblox.com/
Origin
https://blogs.infoblox.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
public
date
Tue, 30 May 2023 04:07:41 GMT
content-encoding
gzip
via
1.1 b86f96ad1cdd596db48371f729df3b5c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT12-C2
age
1563
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
WzyixCIRhMSsKREU9x4WVBKJjFX6ygrEP1-qgiBrBK9x78-uRgAINA==
expires
Thu, 29 Jun 2023 04:07:41 GMT
bannermsg
consent.trustarc.com/ 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=infoblox.com&behavior=implied&country=jp&language=en&rand=0.7439996551658561&session=6b0d1066-937e-4b48-a319-1b77f3fe0d3c&userType=NEW
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.86.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-86-37.nrt12.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:44 GMT
via
1.1 0e1856722118e7a1ce544e476ee3a2fe.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT12-C2
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
XdZ0fEUDjo4ymZ1JpGjWQPqLogZkEAigif3w5DBg5OVSY5o38Jjbmg==
expires
Mon, 26 Jul 1997 05:00:00 GMT
3ac29513-972c-4e64-82e5-80eb58bac19a
https://blogs.infoblox.com/ 		0
0
7875256a321b320ef0300f1381a82d77.js
script.crazyegg.com/pages/versioned/tracking-scripts/ 		101 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/tracking-scripts/7875256a321b320ef0300f1381a82d77.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0042/5835.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84aadf28092f01d2005e82f9538fc2638646d7b2da8418dcc0b58addaa229455

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:44 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 May 2023 12:50:27 GMT
server
cloudflare
age
61880
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7cf442bc398cafa5-NRT
content-length
33507
v11
tracking.crazyegg.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/v11?u=425835&st=237558&ss=2930c5e0-fea3-11ed-8f5e-41873b517df8&p=47c6a44f7ec3751aa2da0d5104bd5450&tk=94c1298a9befcde50aad42a699da8ca2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.215.128.220 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
Authorization,Content-Type,Access-Control-Allow-Origin,Access-Control-Allow-Methods
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
content-type
application/octet-stream
date
Tue, 30 May 2023 04:33:44 GMT
server
awselb/2.0
v11
tracking.crazyegg.com/ 		0
83 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/v11?u=425835&st=237558&ss=2930c5e0-fea3-11ed-8f5e-41873b517df8&p=47c6a44f7ec3751aa2da0d5104bd5450&tk=94c1298a9befcde50aad42a699da8ca2
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.215.128.220 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-type
application/gzip

Response headers

access-control-allow-origin
*
date
Tue, 30 May 2023 04:33:44 GMT
server
awselb/2.0
content-length
0
content-type
text/plain
ba5a0889-656b-462d-abe8-4898eee9b8e9
https://blogs.infoblox.com/ 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/ba5a0889-656b-462d-abe8-4898eee9b8e9
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d372edb49a5ae087d8e451fa0560c2439b3a836c09c9d2a083800e10b190c2f5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
5451
Content-Type
c8400bea-e39c-43e8-b07f-60b3fc85fbd6
https://blogs.infoblox.com/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/c8400bea-e39c-43e8-b07f-60b3fc85fbd6
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10a996996ec921d516899c0d3df103e5eca5a71cf9afec9c057ae240e11ab7be

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
4517
Content-Type
58e8e5b7-6488-4477-aec2-c8aa1f1dd144
https://blogs.infoblox.com/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/58e8e5b7-6488-4477-aec2-c8aa1f1dd144
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4cf3364bd3961853d889da4ef119bee8270af436b1533374fb8392b29566b21d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
1580
Content-Type
text/javascript
ipv
cdn.bizible.com/m/ 		43 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=69312e206b924dffd99cc0feeb0f4096&_biz_s=6edfaa&_biz_l=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&_biz_t=1685421224458&_biz_i=Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox&_biz_n=0&rnd=8101&cdn_o=a&_biz_z=1685421224459
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.58.59 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (tkb/7308) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:44 GMT
last-modified
Tue, 23 May 2023 17:53:18 GMT
server
ECS (tkb/7308)
age
556826
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
Image/GIF
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
u
cdn.bizibly.com/ 		43 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/u?_biz_u=69312e206b924dffd99cc0feeb0f4096&_biz_s=6edfaa&_biz_l=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&_biz_t=1685421224462&_biz_i=Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox&rnd=279615&cdn_o=a&_biz_z=1685421224462
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.58.59 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (tkb/73C4) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:44 GMT
last-modified
Fri, 26 May 2023 21:13:23 GMT
server
ECS (tkb/73C4)
age
285621
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
Image/GIF
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
xdc.js
cdn.bizible.com/ 		84 B
517 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=69312e206b924dffd99cc0feeb0f4096&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.05.18
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.58.59 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (tkb/7318) /
Resource Hash
6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:43 GMT
content-encoding
gzip
server
ECS (tkb/7318)
etag
EFEDFBC3
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
content-length
186
/
visitor.reactful.com/config/247745/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/config/247745/?page=%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&hash=&referer=&user_id=&hshkgid=25d11fe7-cf1f-4536-932b-122407ae5219&cb_rtfl=_rtfl_jsonp_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2013 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
six-sense-data,url-params-data
Access-Control-Request-Method
GET
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
access-control-allow-methods
GET
access-control-allow-origin
https://blogs.infoblox.com
cache-control
no-cache
content-length
0
content-type
text/javascript
date
Tue, 30 May 2023 04:33:44 GMT
expires
Tue, 30 May 2023 04:33:44 GMT
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
server
Google Frontend
x-cloud-trace-context
b0cb96e3f800b82900c1131142117c0e
/
visitor.reactful.com/config/247745/ 		911 B
812 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://visitor.reactful.com/config/247745/?page=%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&hash=&referer=&user_id=&hshkgid=25d11fe7-cf1f-4536-932b-122407ae5219&cb_rtfl=_rtfl_jsonp_0
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2013 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
130e5e77587c8b49f6ccc879fc325209a07780338e010c16bb1768bcb9a1b5c9

Request headers

Referer
Six-Sense-Data
eyJjb21wYW55Ijp7ImRvbWFpbiI6IiIsIm5hbWUiOiIiLCJyZWdpb24iOiIiLCJjb3VudHJ5IjoiUm9tYW5pYSIsInN0YXRlIjoiSWxmb3YiLCJjaXR5IjoiVm9sdW50YXJpIiwiaW5kdXN0cnkiOiIiLCJjb3VudHJ5X2lzb19jb2RlIjoiUk8iLCJhZGRyZXNzIjoiIiwiemlwIjoiIiwicGhvbmUiOiIiLCJlbXBsb3llZV9yYW5nZSI6IiIsInJldmVudWVfcmFuZ2UiOiIiLCJlbXBsb3llZV9jb3VudCI6IiIsImFubnVhbF9yZXZlbnVlIjoiIiwiaXNfYmxhY2tsaXN0ZWQiOmZhbHNlLCJzdGF0ZV9jb2RlIjoiIiwiaXNfNnFhIjpmYWxzZSwiZ2VvSVBfY291bnRyeSI6IlJvbWFuaWEiLCJnZW9JUF9zdGF0ZSI6IklsZm92IiwiZ2VvSVBfY2l0eSI6IlZvbHVudGFyaSIsImNvbXBhbnlfbWF0Y2giOiJOb24tYWN0aW9uYWJsZSBNYXRjaCIsImFkZGl0aW9uYWxfY29tbWVudCI6IlRoZXJlIGlzIG5vIHZhbGlkIEIyQiB1c2UgY2FzZSBhcyB0aGlzIHdhcyBtYXRjaGVkIHRvIHNvbWV0aGluZyBvdGhlciB0aGFuIGEgY29tcGFueSBuYW1lL2RvbWFpbiAoaS5lLiBib3QsIGhvc3QsIG5vaXN5IHNpZ25hbCwgZXRjLikiLCJpbmR1c3RyeV92MiI6W10sInNpY19kZXNjcmlwdGlvbiI6IiIsInNpYyI6IiIsIm5haWNzIjoiIiwibmFpY3NfZGVzY3JpcHRpb24iOiIifSwic2NvcmVzIjpbXSwic2VnbWVudHMiOltdLCJjb25maWRlbmNlIjoiTG93In0=
Url-Params-Data
e30=
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:45 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://blogs.infoblox.com
content-type
text/html; charset=utf-8
cache-control
no-cache
access-control-allow-credentials
true
x-cloud-trace-context
9cf181772c1c7d835cec029515a0971d
access-control-allow-headers
Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length
465
expires
Tue, 30 May 2023 04:33:45 GMT
24715247-e48b-4bf1-9453-99e37f14777d
https://blogs.infoblox.com/ 		911 B
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://blogs.infoblox.com/24715247-e48b-4bf1-9453-99e37f14777d
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
130e5e77587c8b49f6ccc879fc325209a07780338e010c16bb1768bcb9a1b5c9

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length
911
Content-Type
text/html
/
tracking.reactful.com/tracking/247745/ 		6 B
118 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.reactful.com/tracking/247745/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2013 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept
*/*
Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 30 May 2023 04:33:45 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
7082dfcbc531d2b799e4c678af0ce891
cache-control
no-cache
content-length
26
/
c.6sc.co/ 		7 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/?d=1
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:45 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://blogs.infoblox.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		18 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:5000::172b:f91a Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8740aacb5975846fbbaabd8da3d6f6246eb6c483838bd4e17e24ea28abd55dee

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 04:33:45 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://blogs.infoblox.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2001:ac8:40:1d::1e
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468172_388757782_1089155013_23_998_1_0";dur=1
content-length
18
expires
Tue, 30 May 2023 04:33:45 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2265a5821f1ffef41888301786d2737e6c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22482f94f5ef8419c30131ca99e9837fa458cb3174%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Requested by
Host: blogs.infoblox.com
URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:46 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
core
js.driftt.com/ Frame 3E84 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1685421300000/42wt2pyhpc8v.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
45a5034fb579abfcdf7c2355acf9d2fafbd5f55c0b743ae714a33cfb60d56d2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 30 May 2023 04:33:45 GMT
etag
W/"a42912d0d6ba902687cfe19df6574d1c"
last-modified
Fri, 26 May 2023 18:28:34 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-id
g7Ywi3LWFZukSggdnLWW-Kmdlazksly6Wz4eVnQrUY_FKVmbNwkaWg==
x-amz-cf-pop
NRT57-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
vAU.GHsHYTUcq_1p7A7lsygb9ocWNnea
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
16
chat
js.driftt.com/core/ Frame A00E 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1685421300000/42wt2pyhpc8v.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
45a5034fb579abfcdf7c2355acf9d2fafbd5f55c0b743ae714a33cfb60d56d2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 30 May 2023 04:33:45 GMT
etag
W/"a42912d0d6ba902687cfe19df6574d1c"
last-modified
Fri, 26 May 2023 18:28:34 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-id
VAYLP2jxbuyoyTeNSEmgNBppSOuCqh55N6seNEtF2nJYvKqN2rJVPw==
x-amz-cf-pop
NRT57-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
vAU.GHsHYTUcq_1p7A7lsygb9ocWNnea
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
18
img.gif
b.6sc.co/v1/beacon/ 		43 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A40%3A1d%3A%3A1e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:45 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/ 		730 B
579 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.199.238.158 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-199-238-158.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6c11a81403cc671a40a06177d5db361b70415e0f7f27519ba92749cc47eba4ae

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
Authorization
Token 482f94f5ef8419c30131ca99e9837fa458cb3174
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:45 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://blogs.infoblox.com
access-control-allow-credentials
true
content-length
391
details
epsilon.6sense.com/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.199.238.158 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-199-238-158.ap-northeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://blogs.infoblox.com
access-control-max-age
1800
date
Tue, 30 May 2023 04:33:45 GMT
server
nginx
runtime~main.ee640fde.js
js.driftt.com/core/assets/js/ Frame 3E84 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
4a61c19c6ef05b4dc758e7b25cf7d345abd2e74018a713af632bea0cdae81b31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
BxApkCkxw9iZo27Y51jgASPhXYfDwytG
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
last-modified
Wed, 24 May 2023 17:36:09 GMT
server
istio-envoy
etag
W/"5c99d6096a5940df73aa6614c84410c0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Vm64eUIvD69bW7DzGarG9yq9pFBsqFPv6QZgr2tFVhyhEuc0mUWDzg==
9.4a3e9801.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Thu, 11 May 2023 09:08:21 GMT
x-amz-version-id
Wtoc25BtBsZgd02B_ZCKaTgE2JtgEsq0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1625124
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
38
last-modified
Mon, 24 Apr 2023 15:58:53 GMT
server
istio-envoy
etag
W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
X3AHVRGpEDao60F_Tg2ZKjm0ge31Z6RLogE0Nf5oVTU6CSkMizghNg==
main~493df0b3.8b2c72a3.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.8b2c72a3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
PEKJf28yFXtQsHpFTSgRcYwUyvcrWHpZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
27
last-modified
Thu, 11 May 2023 20:21:38 GMT
server
istio-envoy
etag
W/"fbe50ae663ea71c43233c4d8a81585e0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ixYoZNGKAMOCu98jKugwfsrymJ02V6JmFBZmZ69t4gIERU5AsRxjYQ==
runtime~main.ee640fde.js
js.driftt.com/core/assets/js/ Frame A00E 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
4a61c19c6ef05b4dc758e7b25cf7d345abd2e74018a713af632bea0cdae81b31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
BxApkCkxw9iZo27Y51jgASPhXYfDwytG
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
last-modified
Wed, 24 May 2023 17:36:09 GMT
server
istio-envoy
etag
W/"5c99d6096a5940df73aa6614c84410c0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kTjPlmRK5i8Vk_s6zq0NVyDLmajhLGZW5HdnzxiP5kGoX3Oj7z_nDA==
9.4a3e9801.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Thu, 11 May 2023 09:08:21 GMT
x-amz-version-id
Wtoc25BtBsZgd02B_ZCKaTgE2JtgEsq0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1625124
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
38
last-modified
Mon, 24 Apr 2023 15:58:53 GMT
server
istio-envoy
etag
W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
LW78UyfV0clzf4xnpRE8tQ_bOZtD5bPpTrFGukGSJwjRzbJUJbaOMg==
main~493df0b3.8b2c72a3.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.8b2c72a3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
Origin
https://js.driftt.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
PEKJf28yFXtQsHpFTSgRcYwUyvcrWHpZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
27
last-modified
Thu, 11 May 2023 20:21:38 GMT
server
istio-envoy
etag
W/"fbe50ae663ea71c43233c4d8a81585e0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
-aNfLQ2OmV0Mj6_eChyaFUiy60_KsdyMFJ55qHISgWgoc_kYzsAjNg==
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=13722951&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&ul=en-us&de=UTF-8&dt=Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aGDACEABBAAAACAAI~&jid=&gjid=&cid=163747939.1685421224&tid=UA-1234994-1&_gid=716647300.1685421224&gtm=45He35o0n61F7RMF&cd1=&cd2=&cd3=Romania&cd4=Ilfov&cd5=Voluntari&cd6=&cd7=&cd8=&cd9=&cd10=&cd11=&cd12=&cd13=&cd14=0&cd15=Low&z=672737880
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 29 May 2023 09:06:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
70050
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
51.558be3c5.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
E9kltLe7negE4reDnM86vmSO8flAP8Mx
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"fa281fcbe4b2e35558d60fae3e316367"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vU03uJX4CHPElhzJGpdbNgVkIrpIwY6gat59ME2opIfKc-lY8eyykQ==
35.d0f1ccda.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
A8YnNnv0zvQLQLfIS87dPAZbci1RhGvy
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"46fa5a7bc37a22544a908e4ad950309c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ZgeD8k_CKn5UuL8VUfJRYyJ7Kwb9gtvOLbFvhPY5PXYBQvSuVHDpWw==
24.6f929cdc.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/24.6f929cdc.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
fQLwqKmJZHArbdOov5qZMXdG2CESWzan
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
26
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"cde6235e62d8e8a559e1510d9a2b5821"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
v3UbnvL_TgfMz9UNxbIMiOPtdPv45WQVnDfpnavbZg0JQt4FtQXYyw==
19.6f85b843.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
9PfxVnD.fRTQs.fTz8K5lFoBCy3X8z2_
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
oHU_0Iga088kawUIIE6_7aX22in7t9FAGmwgMSYgvMN42m4aqmzcIA==
41.b4fc4de2.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
q7Xb4J36R1GKt.Ug3gWeAZysjQcLRWzw
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
mwu-820dKwe_TCGPKzi8vcAXBo4UTlaVzm8c220GZ-lkmFT10loU3g==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 08 May 2023 12:55:27 GMT
x-amz-version-id
VwRVUjqXcW5.goc5_8Z3kEVBZ9a2xrp7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1870698
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
65
last-modified
Mon, 24 Apr 2023 15:58:51 GMT
server
istio-envoy
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3poOIPbOs70QNjpS7MEnZqDExDpo_F_KowQwTU0m-Z_9tIkBdSEcwA==
26.04e7f30b.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		66 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
97ST2S5xHTQ0Pf.V8eTLi6azYlYYnqG7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
bPr87c3wYVuPTFW53Xm9q3SuQ-2GYz__h_SPOco0AeeQV0BIsjLOjQ==
14.e24a6190.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
8J_1AN4L8lY0Ida5MThLOMba8PExoHOk
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Thu, 11 May 2023 20:21:35 GMT
server
istio-envoy
etag
W/"16d7ae86e21434a32157d3226ac9bb77"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
mhueq4Fql66cvOMcIcTAmeA0Dma5kGa4uFcr2tB82gEQdFuwlA5PtQ==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
v8rZgc8Dg_ieesdOyqaXl_QFD70ry_bn
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:35 GMT
server
istio-envoy
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
S7CgX5Haterr0R24vLHig0yM4DwgzsbqIJ4uF5gkmqYspJdHUzN5jw==
18.9c1bd1fb.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
sQdksC6dT90RaCfa7wT.pTeBi0ASE0ht
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
24
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"02f09379c544befa413d22eb57ed41de"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
hPtA-wJ51dsG58LstsEpIOam0wwKBZ6fV57AsxT5ipv6ya55VZzG0w==
49.f7274268.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		105 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/49.f7274268.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
rTKdJ4hd1xCIsZvhhjkDteU3Ylu7OGXA
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
25
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
44VKxS_03Ep33mrAuW6htayfVNPw5YyO0aZw10--auRRztYCZFDZag==
40.31ef8dbf.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
fL1eyhJAjeOMoBgQxCtiwy6lvY0w86hR
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
16
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"b0793fa46e8c0ae1846b7be8a833da35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dD8KyWgWjbnCeQ8UGEd0vgiddT-cloyYTEVJDxp46BnLLjTnsOHjbQ==
29.31d09948.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/29.31d09948.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
ktjFJTHiHgiUDp5.chrerIF.d24_2JS7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"455157cb49065fb85fed54901ddaeb0e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
zh98YG7lG-BAv7QjRfU1CkA7lriw8zEOmUauazCCfYk6U6b9g-lZ5g==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
B1mykqCE9wypmwFjSVTi8fOhqWzBquxj
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5PFOM8qwnydMUmF-B-mX6v7TYINSdDqUf_sP18Knix7gBrfAAfiZRQ==
8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 3E84 		31 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
VVmRYVfWzfnQFnbpiv16i6emJpGcKYd1
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
mlc7F_V4c1hl8I1WBGGlhozQ3CFP_Fyl42-qMRVPaXvFRBAwV3rDNg==
8.ed1158b9.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		80 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/8.ed1158b9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
841585fb87b4ce68a8cc628285245c277b6253801721bffee5a431f9b3aa1dfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 24 May 2023 18:02:49 GMT
x-amz-version-id
KdUiqrAuaymuQdnMIq4OwhIeQpBWqLOm
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
469856
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Wed, 24 May 2023 17:36:08 GMT
server
istio-envoy
etag
W/"dbd4c77d3c886b5b8871457dc7964359"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
1ZiWBNkv9s3xb7sZJtL0lc76NiA6VNLRf5AujqzFj4cH0sTvn8xK6g==
16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 3E84 		24 B
698 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
content-length
24
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6kYwV-1nC2gYSLwgTgjRIGxAJug6yFZQwsOFOVO6YZmJdkJvOwqHbQ==
16.edda9a9a.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/16.edda9a9a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
k0dhUf7rYYMdaxr58e_z4IoysXIEsSnm
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"811ba8544eb8b9f726d69ed50bba3299"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VkF7Em5KQNApyI_BzaaciAWvzT2_XcvCXRlTrzTHU8bJnS-0kE0p1w==
25.d45cdec5.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/25.d45cdec5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c69851747a1addf82cea8c867af8cb2ba7f6165f28bb81714be4de3211ca657
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
NtVeoe1OmKiFWJrBCb8OazI7MlJ2fPxF
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
31
last-modified
Wed, 24 May 2023 17:36:06 GMT
server
istio-envoy
etag
W/"9e85ed5caaae0bde6c2bad66a5d5e60d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
jd22vqt-jQSuAIgp50BHaqYofNQn3I1bGMK3-39F5ZrjMtPyPmoUHg==
17.4ecd84af.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/17.4ecd84af.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5d144e46fba867db60b305f49e76ba783c069d84b7247d84e405c7304520b9ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
vntaYrAbICv3H4SbcAYzStJNoy.38tvx
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Wed, 24 May 2023 17:36:06 GMT
server
istio-envoy
etag
W/"f8355172e425878c7fcf23caa1f4da7b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
YBctAd8wljHIYUXkOkLXrD2YNfMBc2ZLt3C9A1u3opQaGzTjYUCbhQ==
51.558be3c5.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
E9kltLe7negE4reDnM86vmSO8flAP8Mx
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"fa281fcbe4b2e35558d60fae3e316367"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
CJHKikWCc9fjO1xOZ0nTONzluUV9XTP1p9Q_EGDrs5HBi9n4GvtDlA==
35.d0f1ccda.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
A8YnNnv0zvQLQLfIS87dPAZbci1RhGvy
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"46fa5a7bc37a22544a908e4ad950309c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ioBtVmcCneEcLtp4LUNG_8cibBUt8ZvQc6I3sqSkNd5dv2thKbUEHA==
24.6f929cdc.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/24.6f929cdc.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
fQLwqKmJZHArbdOov5qZMXdG2CESWzan
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
26
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"cde6235e62d8e8a559e1510d9a2b5821"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
SRDlZgs2eWEYwm2O1d49dIkRL88iVqeNqN72eNHWIEwVPf1FvAPDBg==
19.6f85b843.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
9PfxVnD.fRTQs.fTz8K5lFoBCy3X8z2_
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xjqVxLkV_I1V57o22sM2BL-VuFVbUSFAiY50ttFQ2UZQWJYGgzIAvw==
41.b4fc4de2.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
q7Xb4J36R1GKt.Ug3gWeAZysjQcLRWzw
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
32ixzNNia7XQtXiyUQazc-WAowXLnKbHRgGibsqYRiTMQS_Jcm8JjA==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		74 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 08 May 2023 12:55:27 GMT
x-amz-version-id
VwRVUjqXcW5.goc5_8Z3kEVBZ9a2xrp7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1870698
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
65
last-modified
Mon, 24 Apr 2023 15:58:51 GMT
server
istio-envoy
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
QANiiVNttBp-cTU96XBVQHJwie2leiM1LgbB8oOzAl4JqL5LabIK6A==
26.04e7f30b.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		66 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
97ST2S5xHTQ0Pf.V8eTLi6azYlYYnqG7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3UA4Fp-5PxR-I8aq_K4iM-kdKwVxFXJZhEDuyEytZf_AkP2JRHnZqw==
14.e24a6190.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
8J_1AN4L8lY0Ida5MThLOMba8PExoHOk
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Thu, 11 May 2023 20:21:35 GMT
server
istio-envoy
etag
W/"16d7ae86e21434a32157d3226ac9bb77"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
7ZZeoL26ClRgabYdGBUDHqdMhfUxVRgaZHVgMxPq6ZOTJlSKMTHKqQ==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
v8rZgc8Dg_ieesdOyqaXl_QFD70ry_bn
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:35 GMT
server
istio-envoy
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pVQhcV9Yh27A4Zgl-w0ruMx37F_pR_X1WrrNr93N2FNQiYfX94dUTQ==
18.9c1bd1fb.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
sQdksC6dT90RaCfa7wT.pTeBi0ASE0ht
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
24
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"02f09379c544befa413d22eb57ed41de"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aSqSXrnF5_7YYapVpPb12l09Uhsn5R9M_bq-Bw4NeC6Sj_QA1r8DVw==
49.f7274268.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		105 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/49.f7274268.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
rTKdJ4hd1xCIsZvhhjkDteU3Ylu7OGXA
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
25
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
jJhF6QGodW0WOefxDywCl_b6nH8g2AzwUL0LX1ccqjW-uhe9whDhnw==
40.31ef8dbf.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
fL1eyhJAjeOMoBgQxCtiwy6lvY0w86hR
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
16
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"b0793fa46e8c0ae1846b7be8a833da35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
W9mJby7QB5nq4hqqqFICGdxbCiD7mwooY8V2jGS4zJ5fqeJu65fnOQ==
29.31d09948.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/29.31d09948.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
ktjFJTHiHgiUDp5.chrerIF.d24_2JS7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"455157cb49065fb85fed54901ddaeb0e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
A70aMbVC1OePutDG155GoEhgEHvRdvQ5xjWVsu_pPFRb8-86ezLLLA==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
B1mykqCE9wypmwFjSVTi8fOhqWzBquxj
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
r_CmUh9MFwTVkdejou-z9Ftk4DkbF7NWbZg3JaxEc3TaGmRuO6iYhQ==
8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		31 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
VVmRYVfWzfnQFnbpiv16i6emJpGcKYd1
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
C6SuWcIdIUGfJ7u3KPmxNKU3EnCOKjPpruipUYRN0LCU8vzYTOGi_A==
8.ed1158b9.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		80 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/8.ed1158b9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
841585fb87b4ce68a8cc628285245c277b6253801721bffee5a431f9b3aa1dfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 24 May 2023 18:02:49 GMT
x-amz-version-id
KdUiqrAuaymuQdnMIq4OwhIeQpBWqLOm
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
469856
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Wed, 24 May 2023 17:36:08 GMT
server
istio-envoy
etag
W/"dbd4c77d3c886b5b8871457dc7964359"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
b_MSwpZUmaimfYdbkQmKgh4w7wnXA3Xtw_vVytIZw_4HuGKem6ILOQ==
16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		24 B
696 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT57-P4
age
1524253
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
content-length
24
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
BkRuI0CH_ShVBm17MtNzTD0mPLsgQ7yDW5owyY2oyJ5EwqR3lSlpXg==
16.edda9a9a.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/16.edda9a9a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id
k0dhUf7rYYMdaxr58e_z4IoysXIEsSnm
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"811ba8544eb8b9f726d69ed50bba3299"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
-dlOcv9YUYeFfR301S9Cfy8nJJRE-0MlE52-iXSFtYDanDfpGgZvqQ==
25.d45cdec5.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/25.d45cdec5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c69851747a1addf82cea8c867af8cb2ba7f6165f28bb81714be4de3211ca657
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
NtVeoe1OmKiFWJrBCb8OazI7MlJ2fPxF
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
31
last-modified
Wed, 24 May 2023 17:36:06 GMT
server
istio-envoy
etag
W/"9e85ed5caaae0bde6c2bad66a5d5e60d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wtpn_Q8NtVMAlzZTorjyK5TXdrg3pdiak7_LVjfVzE5WuVHZGcUdJg==
17.4ecd84af.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/17.4ecd84af.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5d144e46fba867db60b305f49e76ba783c069d84b7247d84e405c7304520b9ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 26 May 2023 18:28:35 GMT
x-amz-version-id
vntaYrAbICv3H4SbcAYzStJNoy.38tvx
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
295510
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Wed, 24 May 2023 17:36:06 GMT
server
istio-envoy
etag
W/"f8355172e425878c7fcf23caa1f4da7b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
MCF3nACW2TAbVqgDSzRc6o5Hq5BjEpdSz4NtLyeLSdvmOdTlYvy7Ow==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 09 May 2023 19:52:47 GMT
x-amz-version-id
9txt1e7t.mN3CfE_7JSf4I0op6bADUL6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1759258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Tue, 09 May 2023 18:32:21 GMT
server
istio-envoy
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yk5JPU5d0pPP8wx0O3qGKKDdTQrxWx6mLqOhWxf2wbabLkCdihduyw==
27.01c2bea5.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
EDFxPbC2SIjngwRCXMB6ypTc_CmOfkX5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"04a233a42dcf8c50a83bfecea8ba552d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3QBWpL10094LQoRcGEl6jMSeYFOOSgqPhGd_jXFS22nN3nUXl0eb3A==
28.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 3E84 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/28.9bf46b67.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
Ldzhp6UG4sNenaZenxeK_0DV8yNjPJwN
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
22
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
W/"4f21faf2ba450e5fcdf7eda90813e185"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
h4-TFf698hQPIFeDQAZMLnEyPaMXBerqm_bUsQGWcmGXYiSPCpJ9Nw==
28.b06e405e.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/28.b06e405e.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
22401c003c78aad72366e7e2b3592d82cbc8a474ec7f5b15639613a77641b23a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
b3zMelvbuV9qXKrmIrH4KdyR7bAi_3Vs
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"8f4ed18a2ffae20429fa69b370366a12"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3PS5eBKJIguFIKCIDW4RlUji1mDvfXGIMNfzp04Pupx8R5-GxEh-vA==
22.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 3E84 		365 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/22.c695453b.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
zNWcsE.uoNstLbMM0Pr_Cj3l_NH4JluZ
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
16
content-length
365
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
"06b2963b029c0824382815165bfea73e"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aLduJ4tCMm6bpBdpYRT05J9ZhCAl3kF5TN_GjqptulO7CUZnC-pdlA==
22.981c09d0.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		91 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/22.981c09d0.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
433c7007fd847e86dd3ba3cb382546226afb92f21d99f6fa71aac2cc14efe9d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 24 May 2023 18:02:50 GMT
x-amz-version-id
yn9Hq4SH_eai_hkPgaBveXwWhsXSIDWT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
469855
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Wed, 24 May 2023 17:36:06 GMT
server
istio-envoy
etag
W/"41dedd962c2f339a0f6a6dcd23d7603f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
0WKY4qm3jrvSrbtDiSwksqM5zd8Lkd05Edf9XOiGkkPdjpZ0SIm1uA==
37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
G5rA3YuA.xdLgBVBAaM97qFBrhcbsReD
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
W/"87532c4db85f1429fa6d759bc3332f36"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6Jm3CRlezc_gDf099xFmi1kuj6e9MEFq_6P2cuUeVb-hs2E63M4k7w==
37.298cbb69.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
YOxQezNRtY7ITBDySuoqINrKXBrEQzL4
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"86b289eeb2bf9d30034f30d9794e8041"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
bQ75OkpbEeb2_39xrie4kRnw6UJtf9kP_yxVTnsZ-QGkj1uo2kb5kA==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 09 May 2023 19:52:47 GMT
x-amz-version-id
9txt1e7t.mN3CfE_7JSf4I0op6bADUL6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1759258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Tue, 09 May 2023 18:32:21 GMT
server
istio-envoy
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PWh3yVk6jIuRjIT5u-fuquTDnaSOr0tdrce0UDNOVqV7i5vPUrWpPw==
3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 04:22:53 GMT
x-amz-version-id
P9gtMBgZB8iia5dqAHTmi7Kn8PruOT7j
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
4925452
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
57
last-modified
Fri, 31 Mar 2023 03:20:34 GMT
server
istio-envoy
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vP9P1GiionVu_V_IQmRQrTuZqTHj1UWP4UF99RhltElSS7L3Lobs_Q==
3.f50b964b.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Thu, 06 Apr 2023 04:01:28 GMT
x-amz-version-id
Hxp6YjX5Fg05qm4JPtdqkR65aNG3o0Et
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
4667537
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
42
last-modified
Wed, 05 Apr 2023 19:06:49 GMT
server
istio-envoy
etag
W/"1ac37bf2b93050f29058b66a9ad43e10"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
CTVNjvBVadiwTVmjF-tScRC3miqQCASUhN6Ms7pBT4IYHFY77F7AeA==
1.02a6af84.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		44 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/1.02a6af84.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Thu, 11 May 2023 16:29:52 GMT
x-amz-version-id
iwDhOIduMdv6DVv1u7iOFOla57ZgesRY
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1598633
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
54
last-modified
Wed, 10 May 2023 14:14:09 GMT
server
istio-envoy
etag
W/"295093fc512c5e44a90c3c28242de8ae"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
lrZDOqrJghswMuJ0NnyNOj-uKLeK8F9OYy0dB6FHYpAyLtH3eQjPRA==
1.60b53d7b.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/1.60b53d7b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3f9975dcb021180e0dd69d696757cef5b76fb963697bbcfbaf87b0acaa213f76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
v03JXVSwGdkZkuBk1hxXiG8rD6IQlF88
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524251
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
18
last-modified
Thu, 11 May 2023 20:21:35 GMT
server
istio-envoy
etag
W/"94d2dcaadbc49291b972764dcdd3f531"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
URz8vpDkHUJyR5fePkIW0u2271S72GzGRHqnfypzv1dTIPGySbGsMw==
4.b4477698.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/4.b4477698.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Wed, 05 Apr 2023 20:29:54 GMT
x-amz-version-id
0s5HvDu7I8ZUWeiRZtf_7BJNbUsVlUik
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
4694630
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
14
last-modified
Wed, 05 Apr 2023 19:06:49 GMT
server
istio-envoy
etag
W/"ec2b0368f8359c0e46e2bfb9cf8e79ef"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9MGYJkQeVZNP2AV0p-UDgEKVeSgtYKVZnTj5XDGDdOfjOlO8pdzIGA==
34.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame A00E 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/css/34.a3318c5e.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
xxp3nzgzD4Kk8mOGrOfNqLRKvTTi.6QJ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524252
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
18
last-modified
Thu, 11 May 2023 20:21:34 GMT
server
istio-envoy
etag
W/"b06e02b360914b25e58305b1b9b954dc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yCnClMq859F7NyEzVBODnN8wrPkgBXRPEm89M5liIXmcL_bveDhZUQ==
34.a099776c.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/34.a099776c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
17d79e1bc3fb327894fe4611b2551527a6face62f87403e7bc93fe974cad0c3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id
BuU8KyhN2S8xl_VUHjSrb0n0eiDbFcYH
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524251
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 11 May 2023 20:21:36 GMT
server
istio-envoy
etag
W/"a8086e66cb80597ddcb23c26e0440f15"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4coaVXpLrSL1XPyRI5UpZGggeBe0m3SybHlzbTksOSyEjn5_R6S0uQ==
v2
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 3E84 		147 B
588 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping/v2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
71eed4d64598fe01390202c892a197df84d9b8517ac56d5770258c3750b42ec6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 30 May 2023 04:33:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
143bc2a1f994aef
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
147
v11
tracking.crazyegg.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/v11?u=425835&st=237558&ss=2930c5e0-fea3-11ed-8f5e-41873b517df8&p=47c6a44f7ec3751aa2da0d5104bd5450&tk=94c1298a9befcde50aad42a699da8ca2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.215.128.220 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blogs.infoblox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
Authorization,Content-Type,Access-Control-Allow-Origin,Access-Control-Allow-Methods
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
content-type
application/octet-stream
date
Tue, 30 May 2023 04:33:46 GMT
server
awselb/2.0
v11
tracking.crazyegg.com/ Frame 23A7 		0
83 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/v11?u=425835&st=237558&ss=2930c5e0-fea3-11ed-8f5e-41873b517df8&p=47c6a44f7ec3751aa2da0d5104bd5450&tk=94c1298a9befcde50aad42a699da8ca2
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/2718ebc4e0df9692161f1d6f94f9e5a8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.215.128.220 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-128-220.ap-southeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-type
application/gzip

Response headers

access-control-allow-origin
*
date
Tue, 30 May 2023 04:33:46 GMT
server
awselb/2.0
content-length
0
content-type
text/plain
img.gif
b.6sc.co/v1/beacon/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A43%20GMT%22%2C%22timeSpent%22%3A%222844%22%2C%22totalTimeSpent%22%3A%222844%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:46 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
v3
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 3E84 		25 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v3
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 30 May 2023 04:33:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
a9ec48c20aac4d70
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
10
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
widget_bootstrap
bootstrap.api.drift.com/ Frame 3E84 		14 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bootstrap.api.drift.com/widget_bootstrap
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
9373598ee6d6329027f8c51110dcaf9fb779221ac16a62e3bde4b659dcd29a67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 30 May 2023 04:33:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
istio-envoy
requestid
ddc82ff0f738e001
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
240
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
img.gif
b.6sc.co/v1/beacon/ 		43 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223845%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:47 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
track
event.api.drift.com/ Frame 3E84 		749 B
809 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://event.api.drift.com/track
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
10956d5c269879a832da355e17137f78ab605ec8436b0da096ae31519ea2ccc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
jp-JP,jp;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODQwMDM4ODA3OSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjUwMjQ5OTEiLCJleHAiOjE3MTcwNDM2MjYsImlhdCI6MTY4NTQyMTIyNn0.WqxIfOQQ-GEOJQbBPKDNjEOrvGjW96Da-OxdRVifVM0wn63zk7b0I9nSOP4hvxaQiNKZ26SqO4OqBNtyMBOorQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 30 May 2023 04:33:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
daf02877766e531c
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
749
track
event.api.drift.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.api.drift.com/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Tue, 30 May 2023 04:33:48 GMT
requestid
drift4ae71864ed2bfd25d2fbbd95e6d
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
1
57.3fe6ce5a.chunk.js
js.driftt.com/core/assets/js/ Frame 3E84 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/57.3fe6ce5a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=42wt2pyhpc8v&eId=42wt2pyhpc8v&region=US&forceShow=false&skipCampaigns=false&sessionId=d90c0dc9-9ff5-4b02-a836-800a4207292f&sessionStarted=1685421225.539&campaignRefreshToken=fccae5b0-a72e-40ff-908a-553ae71a5398&hideController=false&pageLoadStartTime=1685421223135&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:36 GMT
x-amz-version-id
.sHJCgZAVT7FBjcCQK57dlXTswO0t9Yg
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524251
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"d8fe910bd6146f598b818efb6c5a914c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
F6cF4bqPdCHR4P2Q1s2z6UzdIABonu84SNIwnkWIif9fi9RHJTEvOQ==
57.3fe6ce5a.chunk.js
js.driftt.com/core/assets/js/ Frame A00E 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/core/assets/js/57.3fe6ce5a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ee640fde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.216.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-216-49.nrt57.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1685421223135
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 12 May 2023 13:09:36 GMT
x-amz-version-id
.sHJCgZAVT7FBjcCQK57dlXTswO0t9Yg
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 29bc979ed5b97121d22a3551faf230d4.cloudfront.net (CloudFront)
x-amz-cf-pop
NRT57-P4
age
1524251
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 11 May 2023 20:21:37 GMT
server
istio-envoy
etag
W/"d8fe910bd6146f598b818efb6c5a914c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
SbXee3xti7fh_2DxR_Lp-7FyLb0A5l2tVeEHugjKdZCmx1_tE-cQFw==
img.gif
b.6sc.co/v1/beacon/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A47%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224847%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:48 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
bulk
metrics.api.drift.com/monitoring/metrics/event3/ Frame 3E84 		25 B
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.api.drift.com/monitoring/metrics/event3/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-218-138.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 30 May 2023 04:33:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
e41a2445915466fd
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
12
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
img.gif
b.6sc.co/v1/beacon/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=65a5821f1ffef41888301786d2737e6c&svisitor=null&visitor=cf8f490d-abf5-4815-82b2-4f3c112dbf18&session=bb0589f0-a654-46c9-8cca-847a53a1c082&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2030%20May%202023%2004%3A33%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225848%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Infoblox%E2%80%99s%20Threat%20Intelligence%20Group%20identified%20C2%20servers%20in%20DNS%20arising%20from%20a%20persistent%20toolkit%20called%20Decoy%20Dog%20and%20how%20Infoblox%20can%20help%20protect%20your%20network%20from%20similar%20attacks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analyzing%20DNS%20Traffic%20for%20Anomalous%20Domains%20and%20Threat%20Detection%20%7C%20Infoblox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblogs.infoblox.com%2Fcyber-threat-intelligence%2Fcyber-threat-advisory%2Fdog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic%2F&pageViewId=b5577235-33de-4b9a-899a-6b27a7bc92ac&d=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.88.195 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-195-88-195.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 04:33:49 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
des8qu5llanad.cloudfront.net
URL
https://des8qu5llanad.cloudfront.net/js/tracker/pix.js
Domain
blogs.infoblox.com
URL
blob:https://blogs.infoblox.com/3ac29513-972c-4e64-82e5-80eb58bac19a

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 boolean| credentialless object| _wpemojiSettings object| twemoji object| wp function| $ function| jQuery number| windWidth string| animateWidth number| defaultAnimateWidth function| csbwfsSetCookie function| csbwfsGetCookie function| csbwfsCheckCookie function| getlicensekeysform object| dataLayer function| readMore object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| __dispatched__ undefined| __i__ string| GoogleAnalyticsObject function| ga object| _rctfl function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _6si object| scriptTrustArc function| drift undefined| driftt object| gaplugins object| gaGlobal object| gaData boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Flickity function| Unipointer function| Unidragger function| imagesLoaded string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL function| searchbar object| wp_ulike_params object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT function| onYouTubeIframeAPIReady function| ga_skiplinks object| genesis_responsive_menu object| genesisSample function| lity string| _linkedin_data_partner_id boolean| llcookieless object| formalyze number| ziq_domainid boolean| ziq_install_tracker object| techtargetic string| animateHeight number| defaultAnimateHeight function| lintrk boolean| _already_called_lintrk object| truste function| shouldRepop function| shouldResolveConsent string| userType function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| Typekit object| cesrk05869519944725743 string| cesrk05869519944725743_path object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API undefined| _ object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| _rctfl_track object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory boolean| _storagePopulated object| drift_sentry_config

33 Cookies

Domain/Path Name / Value
.infoblox.com/ Name: _gid
Value: GA1.2.716647300.1685421224
.infoblox.com/ Name: _gat_UA-1234994-1
Value: 1
.infoblox.com/ Name: _ga_D4JXVXQTYG
Value: GS1.1.1685421223.1.0.1685421223.0.0.0
.infoblox.com/ Name: cebs
Value: 1
.techtarget.com/ Name: __cf_bm
Value: h1ibxOrrn7vgPELMmnw2TOiooO1npy5NfVm9TkVSI3Y-1685421223-0-Ac6DbOFRUhQcU8doVbfZaEJnbqnCyDiNSN2sAOVWip1cq93+WLM+eR/FAL6RMy22uB806CFZCcplMMdS8gmTYbw=
.infoblox.com/ Name: TAsessionID
Value: 6b0d1066-937e-4b48-a319-1b77f3fe0d3c|NEW
.infoblox.com/ Name: notice_behavior
Value: implied,us
.infoblox.com/ Name: _ce.clock_event
Value: 1
blogs.infoblox.com/ Name: ln_or
Value: eyIzMjM0NiI6ImQifQ%3D%3D
.infoblox.com/ Name: _ce.clock_data
Value: 42%2C146.70.201.137%2C1
.infoblox.com/ Name: cebsp_
Value: 1
.infoblox.com/ Name: _ce.s
Value: v~13edbf0d66ffbdc2bde2c719b7c76dd2578e1dc1~lcw~1685421224413~vpv~0~v11.fs~1~v11.cs~237558~v11ls~2930c5e0-fea3-11ed-8f5e-41873b517df8~ir~1~v11.sla~1685421224390~v11nv~1~v11.s~2930c5e0-fea3-11ed-8f5e-41873b517df8~lcw~1685421224421
.infoblox.com/ Name: _biz_uid
Value: 69312e206b924dffd99cc0feeb0f4096
.infoblox.com/ Name: _biz_sid
Value: 6edfaa
.infoblox.com/ Name: _biz_nA
Value: 1
.bizible.com/ Name: _BUID
Value: 69312e206b924dffd99cc0feeb0f4096
.infoblox.com/ Name: _biz_pendingA
Value: %5B%5D
.linkedin.com/ Name: li_sugr
Value: bcaf3774-f3ae-4781-807d-8048e0257113
.linkedin.com/ Name: bcookie
Value: "v=2&fccb07db-6dac-4801-8093-664ebcf5e630"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3019:u=1:x=1:i=1685421224:t=1685507624:v=2:sig=AQEkCB1L-iZm0nnYD7nM9LaZvBSKYsDj"
.linkedin.com/ Name: UserMatchHistory
Value: AQKP_-epkCxEEwAAAYhq7vKQogO5reCTQPXE2feBRXSADyWbtt7AEoo8gn7ENtQM-Kdszna3KidcQA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJymgf8wx9c9QAAAYhq7vKQX8UzuiBXcWM713tnw75HigWI7qbm-orJmArczTdEGZmQ-K7tz6CvqcTlBardIg
.blogs.infoblox.com/ Name: _rtfl_s_handshake_guid
Value: 25d11fe7-cf1f-4536-932b-122407ae5219
.bizibly.com/ Name: _BUID
Value: f8bea0d9a40366f1449a7ed96597d398
.infoblox.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%7D
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230530043344c8ac4dbe-835b-46e5-83f5-a2ee5ec5071fAQGLirKLLm1vZVXk7j9NK0a3DrrDY1dx"
.infoblox.com/ Name: _rtfl_s_247745_specific_site_session
Value: X1NXY1JFWnZOazl5R2dURmZUODBlQVFfY2NhNWIwODI3NzQ4ZjEwOWZjYjllNWRkYjk4NWRmNGY0NmYyMGM1ZA==
.infoblox.com/ Name: _rtfl_s_unique_visitor_session
Value: X1hTSjdraTFieFFYRmtDTjJjY3RPd3lfNTQyNDdmMTRmNTRkMjcwMDZjZThjYzcyNmExMzY0MjhlMjdhMmI2MA==
blogs.infoblox.com/ Name: _rtfl_s_specific_site_sessions_count
Value: 1
blogs.infoblox.com/ Name: drift_campaign_refresh
Value: fccae5b0-a72e-40ff-908a-553ae71a5398
.infoblox.com/ Name: _ga
Value: GA1.2.163747939.1685421224
blogs.infoblox.com/ Name: drift_aid
Value: e8ba526a-3687-48c9-8aeb-a5b80b67fb58
blogs.infoblox.com/ Name: driftt_aid
Value: e8ba526a-3687-48c9-8aeb-a5b80b67fb58

3 Console Messages

Source Level URL
Text
network error URL: https://des8qu5llanad.cloudfront.net/js/tracker/pix.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security error URL: https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
Message:
Refused to load the image 'blob:https://blogs.infoblox.com/3ac29513-972c-4e64-82e5-80eb58bac19a' because it violates the following Content Security Policy directive: "img-src 'self' https: data: *.jsdelivr.net *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io".
network error URL: https://lltrck.com/scripts/lt-v3.js?llid=10235
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.jsdelivr.net *.infoblox.com *.pantheonsite.io *.infoblox.local *.vimeo.com *.addthis.com *.typekit.net *.driftt.com *.drift.com *.google-analytics.com *.eloqua.com *.nr-data.net *.doubleclick.net *.linkedin.com *.vidyard.com *.google.com *.captivate.fm *.soundcloud.com *.youtube.com *.6sense.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.pathfactory.com *.mktoresp.com *.google.co.in *.adnxs.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ *.use.fontawesome *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com cdn.bizible.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.cookielaw.org *.driftt.com *.bidr.io *.cloudfront.net *.bing.com *.linkedin.com *.licdn.com *.typekit.net *.googletagmanager.com js.driftt.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.newrelic.com *.nr-data.net *.vidyard.com *.captivate.fm *.soundcloud.com https://cdnjs.cloudflare.com *.jobvite.com *.jsdelivr.net *.infoblox.com *.lltrck.com lltrck.com https://lltrck.com https://ajax.googleapis.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.adnxs.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.google.com *.googleapis.com *.typekit.net *.gstatic.com *.googleusercontent.com https://info.infoblox.com/js/forms2/css/ *.jsdelivr.net *.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.bootstrapcdn.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.trustarc.com; img-src 'self' https: data: *.jsdelivr.net *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io ; font-src 'self' https: data: filesystem: use.typekit.net *.use.fontawesome.com; media-src 'self' mediastream: blob: filesystem: *.driftqa.com *.kaltura.com *.js.driftt.com https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3; frame-ancestors 'self' https: data: http://*.jsdelivr.net *.infoblox.com https://*.jsdelivr.net *.infoblox.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ http://infoblox.litmos.com/ https://infoblox.mindtickle.com/ https://infobloxpartners.mindtickle.com/ https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com cdn.bizible.com cdn.linkedin.oribi.io; frame-src 'self' https://www.youtube-nocookie.com https://play.vidyard.com https://www.google.com *.youtube.com *.vimeo.com https://w.soundcloud.com/ https://player.captivate.fm/ jobs.jobvite.com info.infoblox.com *.jsdelivr.net *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com https://js.driftt.com/ https://js.driftt.com/conductor/assets/media/notification.d46d7db1.mp3 *.js.driftt.com cdn.bizible.com cdn.linkedin.oribi.io
Strict-Transport-Security max-age=300
X-Content-Type-Options
X-Frame-Options allow-from <URI>
X-Xss-Protection

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
assets-tracking.crazyegg.com
b.6sc.co
blogs.infoblox.com
bootstrap.api.drift.com
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.jsdelivr.net
cdn.linkedin.oribi.io
consent.trustarc.com
des8qu5llanad.cloudfront.net
epsilon.6sense.com
event.api.drift.com
fonts.googleapis.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
live-infoblox-blog.pantheonsite.io
lltrck.com
metrics.api.drift.com
p.typekit.net
pagestates-tracking.crazyegg.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.crazyegg.com
snap.licdn.com
stats.g.doubleclick.net
tracking.crazyegg.com
tracking.reactful.com
trk.techtarget.com
use.typekit.net
visitor.reactful.com
www.google-analytics.com
www.google.co.jp
www.google.com
www.googletagmanager.com
www.linkedin.com
blogs.infoblox.com
des8qu5llanad.cloudfront.net
13.107.42.14
13.215.128.220
13.249.167.19
143.204.86.37
152.195.58.59
18.65.216.22
18.65.216.49
23.195.88.195
2404:6800:4004:801::200a
2404:6800:4004:80b::200e
2404:6800:4004:822::2003
2404:6800:4004:822::2013
2404:6800:4004:825::2008
2404:6800:4004:828::2004
2404:6800:4008:c13::9a
2404:6800:400a:80a::200a
2600:140b:5000::172b:f91a
2600:140b:a00:8::b81a:2b46
2600:140b:a800::17c0:2d61
2600:9000:221a:2600:2:53b2:240:93a1
2606:4700::6812:c9f
2606:4700::6813:9408
2620:12a:8001::2
2620:1ec:21::14
2a04:4e42:8d::765
2a04:4e42::485
3.94.218.138
34.111.208.231
52.200.29.199
54.199.238.158
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0b66f51681de63bf31610d24a7236398198b7a5014015bd88397775d82978e4c
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
10956d5c269879a832da355e17137f78ab605ec8436b0da096ae31519ea2ccc7
10a996996ec921d516899c0d3df103e5eca5a71cf9afec9c057ae240e11ab7be
120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401
130e5e77587c8b49f6ccc879fc325209a07780338e010c16bb1768bcb9a1b5c9
16cce560fa71db9564d2563c6fde2d1fa9b7a25e1e3e4f9532ff3a675ac2b0c4
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
17d79e1bc3fb327894fe4611b2551527a6face62f87403e7bc93fe974cad0c3c
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1eec46c8950d1484c5e2e9f213cd08dc44195ebf1e7a1cbee96106a23b2f11ce
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
22401c003c78aad72366e7e2b3592d82cbc8a474ec7f5b15639613a77641b23a
273b22dc86c6b20709bf0dcc06d31fb36aee8358f2319d82d2ebe0991d184ea3
277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b410e6da32306ea9e3ed9c08815be0bc670a7d87ffc9775e2b6c667ae8efc1f
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
34988554893009eb1f64d49b96d6dd472699ad46e71557eab757bcfcecee4342
3734d1572ed158e817088c61b9bb1c7cd51fea7e3bad8c4e271737c2c92db413
3ac06a7fd059bcfc1df9b49aa3f7e297859a0de4bea0b808b36668b90603f51b
3db1168843385fea0dc0842a968671b7dae44b9eae418313ca2764f86bfa73fc
3ea04b8b3bd61287ef6d9241dab1b94924accc38651f973f9897828b4f60e738
3f9975dcb021180e0dd69d696757cef5b76fb963697bbcfbaf87b0acaa213f76
40853f9ac6e5bb5fa8aad16d3025076d4492d9d1e3e0adef1972be650fb7c73d
40b87680850d61dff26f2280eaac2487e2261e8771cca1f4eba69dc366cd1fe2
433c7007fd847e86dd3ba3cb382546226afb92f21d99f6fa71aac2cc14efe9d0
45a5034fb579abfcdf7c2355acf9d2fafbd5f55c0b743ae714a33cfb60d56d2b
47bb48dbb60985f6c3925bcf32c14d6c586edcad7b629b9c97fe3705d1660279
4a61c19c6ef05b4dc758e7b25cf7d345abd2e74018a713af632bea0cdae81b31
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
4cf3364bd3961853d889da4ef119bee8270af436b1533374fb8392b29566b21d
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
50305a56e3056a0c0d5bcb8dea1cb8be201e06776c6ab7e786e6a85b7e1c74ef
51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17
526d676a40f3d7b45aa46213e63602a7ea7e2906505a99df3bd593c94e94e1cc
55ddd1f80cec627f624b79cea24ccd18fb38180c3bff6757ffe56be7c1a6445d
576e529ab8a4f6521f8aff687e04e47ca0e165585dfe6b82d1758fd99ff03336
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5abb2baea4406b91db0c70b520aac559e816d0edb8a7acdd8388aacefb8ceea1
5ae44b29a07f543b7a144557b1bd07d18d2bb506283eb34c4decf6af582adfef
5d144e46fba867db60b305f49e76ba783c069d84b7247d84e405c7304520b9ac
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e532f2001bd715ac2458b017f00e83297416f11297bb68a50d13e84f497b16b
5f27ff5fc0da5cefdc57dd9e79a91efdd46903e83bd6c86643aafd686430ffb0
658414418ebba65bb3d94f37b93ce4245b29d3b900897c923eeffd56ace0d381
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6a5dffe58ffe8be12c8da54d26b190ef6722f90318b0be0e3ccf0ce43443e002
6c11a81403cc671a40a06177d5db361b70415e0f7f27519ba92749cc47eba4ae
6c69851747a1addf82cea8c867af8cb2ba7f6165f28bb81714be4de3211ca657
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6
6fd951519999c4f446db71f347635025addb27c21d3b5915d498732ea1eec927
708ac71ed8728392391eb1d7c3fdb816dedb96bfcd4a1ab9238647623b9528c6
71c9adb6633e51eff95d9979599ba83aabcdb06a63b9ab957858defcd02ec790
71eed4d64598fe01390202c892a197df84d9b8517ac56d5770258c3750b42ec6
746f92201abc63d71f4bf1a7271eba568c0710b2677379826bdcd943faeecc2c
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7731d577c5dfa5f38e9bf82dedae51174c9ddd4d3d4668eea9d1e51d6ce13d66
7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467
780929714861ca223c2893799ec20e113d5cd9d3dcae15be3aca5db440ea1db2
79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d
79f19ba320fbd83b79850b2a01411b97b320fa7306cf5fee76c27b750fca61ac
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7d2f997d3abc6d5c182b7826ea43636c26196a2a42273c875096cb1ad62f6c7e
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
81584aa37e1b82faaea55445c87f2c3c29abff2f3b0937435d5ae08646425bb0
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
841585fb87b4ce68a8cc628285245c277b6253801721bffee5a431f9b3aa1dfc
84aadf28092f01d2005e82f9538fc2638646d7b2da8418dcc0b58addaa229455
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b
868503219c7ca2afd9cab62a466011d4e99684a725dd287e55b1b57fbe78febd
86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33
8740aacb5975846fbbaabd8da3d6f6246eb6c483838bd4e17e24ea28abd55dee
8b691b68ce2b648677ff1bb637d09e0a0005ecbc2ef054f1c3b118e96a3debf5
8da203236184dd38ee5142980cc67c06335bd9b1124e5067e544e4f815ffd8c3
913eba8f73d4feff3ad28bb0eaab998afe9a90ad4df397b38da8f905a062a133
927178a84b374fc1f3147c4c3909bcc31ad32910c6095b0e4830eaed7ba94605
9373598ee6d6329027f8c51110dcaf9fb779221ac16a62e3bde4b659dcd29a67
945c284f98ebab78bcdccb6711ebc2340756345a312a8fcad4da1871505029bf
95b1e78faab98905bd913b9aaa9db3eabca9c0fc7c538e234b212cc250f717c3
97ce8bd17fb494b2c6e1318b62cde5b7dd944a2c011f3ecd7729094bc2cee24c
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9b99ce50d05750058143cb93936075ad5107f9a3e5b03f2d4872c0ebe753a9f7
9f826be9a2bdd52bec6a2688bd18becc4ec823f9cb77debcbc8eda105dac83ef
a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629
a1c4a7fc8d5baa9d1b5e4d8c55c3229442dbf98430024e9b008cd3cd99c72fbb
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32
a6d3bf93859abdea1be83ca719df1ef7798b957d551bcd88693786a8d811a032
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af335ae1df719f317ca7709c3be725666a09460dc586a7178da5630d2052778e
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b53e5f3408771e8cf79666bc1466cd55c0314d4191ce9c2f7a75dfc20aa57589
b663370b2ecf34db611eaba1d1064a9c0f08f8047c18c59f5ffd16caf58ef6b7
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
ba8e528bb93bef01c9cf3684f39df2776f20f7856634c82f6b183cf702e9024c
bac62f2d639a4421d672814883e8dd47d5e21fe66e0f172b2a0456d9bb5fa7dc
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c00e912ad556e16f15803b0645d6092adec4e23408b6d91dda68dab21480f1bf
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c30722f96f97f72577d3e23418aa6ca80a5031d2ab8caabb8609d059dc557126
c36ca8cd5566c156e23f38dde55efa9767270c732ddcb7ed915ea44b2295601e
c4c85c236cd2be6a497df7e03d1d1fe5ca287f3af4acfb6aea1ab44b1df8a78f
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c6a42e83f3d253ede2d40dd4b55800b0493e3a26187564ac330af8fe1541eb94
c6ad31eb316f80c139d58b0e3f536ed968fbb2beebb901d1b86bfe54a3713836
cddede585f1ce388062b874c8ed32e1bbe2a0ffa258e85ff334ec7d1b673200f
ce6c568bcf951e8d9abeb0858e492c3b41c769b190fbfe5cfe5fd76932008ef0
ce6e9b28b09c0ba74bf042fae5dda02ca3c9424889fa106bf72682435fc2f949
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d0ff37ec6455fc98cf29d6e3d6a6117c260e2623f9f8238519a6570b7081daaf
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d198aa686d1152dea61220e984befd325376330286ffbeb9bba9d43347c2f065
d372edb49a5ae087d8e451fa0560c2439b3a836c09c9d2a083800e10b190c2f5
d43c60fba3f2e7d415f0ca36e8393741a49416d4a3fed260cc51c28368e699a2
d4f24797ac4621646a35e5e688a697b8595cdcb186317372d3bc70c490bd6c73
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7a9c0cfd96917aaf32c1f1460be09505fff1d401298ac37c2feb945119dd043
d80f9badc08b8777ce9133f8bfa898576eaac335a195355a410f34e83c26311d
dc3fc6bfc07298ef9d64db1b2994195daec150dcc9d11b0e091dfd11398bef6f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddef9b3daec625719558594a045592a53c1b4b1e3c1360fa9e985a075b928c7a
de56d33adf5dd4c396874042c2878637bb6b68ca76f54331646bde61f17a32d6
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ecc24f40f565ce3d863f4ab0fe3258c6d92ca796776a4cae7d68fb52fdddeb7d
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ef668120a2df876d90bbe0667a69db1e27b958aced171feb3d391b17bfde11
f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f9f7ff183d86cda77ec548473949359e842a6963e6457ebccaaa700c22702012
fcd86e8b75ae82f035ff1f28433dacab9d367f838f707e4482e2f542c0037096
fd57ae7228574a83527cb8917ec5a0ff944aa787934ee5b85a7976f259b7ae31
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a