corelight.com Open in urlscan Pro
199.60.103.6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Submission Tags: falconsandbox
Submission: On April 29 via api (April 29th 2024, 4:02:35 am UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 49 IPs in 4 countries across 34 domains to perform 163 HTTP transactions. The main IP is 199.60.103.6, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is corelight.com. The Cisco Umbrella rank of the primary domain is 976265.
TLS certificate: Issued by GTS CA 1P5 on March 23rd 2024. Valid for: 3 months.

This is the only time corelight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
54	199.60.103.6 199.60.103.6	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
28	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b05b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.102.51 18.66.102.51	16509 (AMAZON-02) (AMAZON-02)
4	172.67.139.119 172.67.139.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.19 13.33.187.19	16509 (AMAZON-02) (AMAZON-02)
3	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
10	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
1	34.117.110.211 34.117.110.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:3600:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:911d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:e600:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
163	49

54 199.60.103.6 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

corelight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b05b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.139.119 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-19.fra60.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.53 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.110.211 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.110.117.34.bc.googleusercontent.com

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:3600:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

corelight.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:911d (United States)

ASN13335 (CLOUDFLARENET, US)

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:e600:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

corelight.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	corelight.com corelight.com — Cisco Umbrella Rank: 976265	527 KB
30	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 12394 js.hubspot.com — Cisco Umbrella Rank: 4170 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4116 app.hubspot.com — Cisco Umbrella Rank: 5595 track.hubspot.com — Cisco Umbrella Rank: 2416	69 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5885 c.6sc.co — Cisco Umbrella Rank: 9001 ipv6.6sc.co — Cisco Umbrella Rank: 6019 b.6sc.co — Cisco Umbrella Rank: 3922	22 KB
9	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4253 forms-na1.hsforms.com — Cisco Umbrella Rank: 6866 perf.hsforms.com — Cisco Umbrella Rank: 13658 perf-na1.hsforms.com — Cisco Umbrella Rank: 4475	8 KB
7	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3583 px.ads.linkedin.com — Cisco Umbrella Rank: 328 www.linkedin.com — Cisco Umbrella Rank: 613 px4.ads.linkedin.com — Cisco Umbrella Rank: 6223	164 KB
5	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1791 ka-f.fontawesome.com — Cisco Umbrella Rank: 4267	101 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	69 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2206	25 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	160 KB
3	google.de www.google.de — Cisco Umbrella Rank: 7278	237 B
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1306 analytics.twitter.com — Cisco Umbrella Rank: 825	28 KB
2	insent.ai corelight.widget.insent.ai	23 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9083	705 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	394 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2941 www.google.com — Cisco Umbrella Rank: 2	315 B
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 47412 t.influ2.com — Cisco Umbrella Rank: 45669	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4528 forms.hscollectedforms.net — Cisco Umbrella Rank: 4688	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 737 script.hotjar.com — Cisco Umbrella Rank: 933	60 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	211 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 363 fonts.googleapis.com — Cisco Umbrella Rank: 33	32 KB
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 84491	2 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 123	20 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 497	697 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	274 B
1	t.co t.co — Cisco Umbrella Rank: 678	376 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7790	1 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4706	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 795	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 781	17 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3146	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2216	21 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5602	6 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6663	154 KB
163	34

	Domain	Requested by
54	corelight.com	corelight.com
13	track.hubspot.com
12	no-cache.hubspot.com	corelight.com
7	b.6sc.co	corelight.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	js.hs-banner.com	corelight.com js.hs-banner.com
4	connect.facebook.net	corelight.com connect.facebook.net
4	ka-f.fontawesome.com	kit.fontawesome.com corelight.com
3	perf.hsforms.com	corelight.com
3	www.google.de	corelight.com
3	cta-service-cms2.hubspot.com	js.hubspot.com corelight.com
3	forms.hsforms.com	js.hsforms.net corelight.com
2	corelight.widget.insent.ai	corelight.com corelight.widget.insent.ai
2	epsilon.6sense.com	j.6sc.co
2	fonts.gstatic.com	fonts.googleapis.com
2	perf-na1.hsforms.com	corelight.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.gstatic.com	www.googletagmanager.com www.gstatic.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	platform.twitter.com	corelight.com platform.twitter.com
2	www.googletagmanager.com	corelight.com www.googletagmanager.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	corelight.com
1	t.influ2.com	www.influ2.com
1	www.google.com	corelight.com
1	www.googleadservices.com	1 redirects
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	www.facebook.com	corelight.com
1	fonts.googleapis.com	js.hs-banner.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	analytics.twitter.com	corelight.com
1	t.co	corelight.com
1	forms-na1.hsforms.com	corelight.com
1	px4.ads.linkedin.com	corelight.com
1	www.linkedin.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	app.hubspot.com	corelight.com
1	tracking.g2crowd.com	corelight.com
1	ws.zoominfo.com	corelight.com
1	www.influ2.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	js.hsadspixel.net	corelight.com
1	js.hs-analytics.net	corelight.com
1	js.hscollectedforms.net	corelight.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	corelight.com
1	js.hubspot.com	corelight.com
1	static.hsappstatic.net	corelight.com
1	js.hsforms.net	corelight.com
1	ajax.googleapis.com	corelight.com
1	platform.linkedin.com	corelight.com
1	kit.fontawesome.com	corelight.com
163	55

This site contains links to these domains. Also see Links.

Domain
cta-service-cms2.hubspot.com
go.corelight.com
support.corelight.com
www.g2.com
github.com
www.ncsc.gov.uk
www.wireguard.com
blogs.vmware.com
www.bleepingcomputer.com
thehackernews.com
www.cybereason.com
www.team-cymru.com
www.darkreading.com
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com

Subject Issuer	Validity	Valid
corelight.com GTS CA 1P5	`2024-03-23` - `2024-06-21`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hsforms.net GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
hsappstatic.net E1	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2024-03-05` - `2024-06-03`	3 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-06` - `2024-05-06`	3 months	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
influ2.com GTS CA 1D4	`2024-03-28` - `2024-06-26`	3 months	crt.sh
zoominfo.com E1	`2024-04-19` - `2024-07-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-24` - `2024-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
t.influ2.com R3	`2024-03-18` - `2024-06-16`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-20` - `2025-05-07`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Frame ID: 332E657AA9D90B5FCAEF2EA4569A53F3
Requests: 161 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcorelight.com
Frame ID: 66859D8271EF80CEB324B1B2E5359D79
Requests: 1 HTTP requests in this frame

Frame: https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&event_listener=cMglkknTCUQr0hD&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: A2C8D02765940FBBF516EE9282EE10E4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New Sliver C2 Detection Released - Redteam detected | Corelight

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

163
Requests

98 %
HTTPS

57 %
IPv6

34
Domains

55
Subdomains

49
IPs

4
Countries

1771 kB
Transfer

4615 kB
Size

35
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLI4NgG%2BcHAnCcqhK48vmPYO9YQtXZLQCSVMpiV2cFc8yjZhgBbSSLZp7Qs28eL%2Bo6ly%2B%2FI0L7IO3wGXj9M6qOnwpUKlbCZp%2BPO1BOUjpYUzT2WWRrl0VTKH4y56ATNe1O0ozhgU38Ti54vIhCYPwaSf7j3iD0gD8tT6r%2Fm%2FawOfzPC%2BfgYmnfwa0DMhCX%2FB&portalId=8645105

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLJvS12%2FndcIDiTfzMDNX%2FvXuVyEXvVyKqcddkITrPUSQlw8QM%2FDdINyl0m5LTqPPX7mQB30PDwEG0Hsb292HoecCLngg32XBz%2BZmPibXq83lxdnDFCuh21wJIQsCYBGQgHF%2FlhvF9t%2BrLC8No5Cf9GCoaCidvQtYuYSXKlW47k%2F7RIH3Kjflq4U7duMasJL&portalId=8645105&webInteractiveId=322346020176&containerType=EMBEDDED&pageUrl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageTitle=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&referrer=&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F124.0.0.0+Safari%2F537.36&hutk=dcba15bbf93355518512f204a2f4c2b9&hssc=48219256.1.1714363350676&hstc=48219256.dcba15bbf93355518512f204a2f4c2b9.1714363350676.1714363350676.1714363350676.1&pageId=114262621716&analyticsPageId=114262621716&hsfp=2492303821&canonicalUrl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&contentType=blog-post
Title: SEE HOW

Search URL Search Domain Scan URL

URL: https://go.corelight.com/deal-registration/
Title: Deal registration

Search URL Search Domain Scan URL

URL: https://go.corelight.com/partner-academy-login-request/
Title: Partner Academy

Search URL Search Domain Scan URL

URL: https://go.corelight.com/partner-application/
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://support.corelight.com/hc/en-us/restricted?return_to=https%3A%2F%2Fsupport.corelight.com%2Fhc%2Fen-us%2Frequests%2Fnew
Title: Open a ticket

Search URL Search Domain Scan URL

URL: https://support.corelight.com/hc/en-us/restricted?return_to=https%3A%2F%2Fsupport.corelight.com%2Fhc%2Fen-us
Title: Account login

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/corelight/reviews?utm_campaign=widget_embed&utm_medium=riblet&utm_source=Corelight

Search URL Search Domain Scan URL

URL: https://github.com/BishopFox/sliver
Title: Sliver

Search URL Search Domain Scan URL

URL: https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf
Title: Further TTPs associated with SVR cyber actors

Search URL Search Domain Scan URL

URL: https://github.com/salesforce/jarm
Title: JARM

Search URL Search Domain Scan URL

URL: https://www.wireguard.com/
Title: Wireguard

Search URL Search Domain Scan URL

URL: https://blogs.vmware.com/security/2023/01/detection-of-lateral-movement-with-the-sliver-c2-framework.html
Title: released an excellent blog

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/hackers-adopt-sliver-toolkit-as-a-cobalt-strike-alternative/
Title: https://www.bleepingcomputer.com/news/security/hackers-adopt-sliver-toolkit-as-a-cobalt-strike-alternative/

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2023/01/threat-actors-turn-to-sliver-as-open.html
Title: https://thehackernews.com/2023/01/threat-actors-turn-to-sliver-as-open.html

Search URL Search Domain Scan URL

URL: https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
Title: https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors

Search URL Search Domain Scan URL

URL: https://www.team-cymru.com/post/sliver-case-study-assessing-common-offensive-security-tools
Title: https://www.team-cymru.com/post/sliver-case-study-assessing-common-offensive-security-tools

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/vulnerabilities-threats/-sliver-cobalt-strike-alternative-malicious-c2
Title: https://www.darkreading.com/vulnerabilities-threats/-sliver-cobalt-strike-alternative-malicious-c2

Search URL Search Domain Scan URL

URL: https://twitter.com/corelight_inc

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/corelight

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/CorelightInc

Search URL Search Domain Scan URL

URL: https://github.com/corelight

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CorelightInc

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1714363349707%26li_adsId%3D36ded3fd-aeae-4011-9209-3e7cabd36369%26url%3Dhttps%253A%252F%252Fcorelight.com%252Fblog%252Fnew-sliver-c2-detection-released-redteam-detected%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cookiesTest=true&liSync=true&e_ipv6=AQJLDoqu4NPpFAAAAY8oBL08IfYqccFhsxTlwIDkHhwUWnjebRGD60f0q5UPK0HoghMj5AA

Request Chain 127

https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham&npa=1&ct_eid=2 HTTP 302
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

163 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-sliver-c2-detection-released-redteam-detected Show response
corelight.com/blog/ 122 KB
24 KB 888ms
790ms Document
text/html 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5704e52cfed847d6c72806f975864becfbcdbe144f7e2809c706a1822c34053

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-114262621716,CG-48251609225,P-8645105,W-86323890986,CW-105809003625,CW-162376762169,CW-87239536287,E-104058125211,E-105445068311,E-128444017432,E-163022326855,E-163024466335,E-77969195071,E-77971433387,E-77972286520,E-77972429906,E-87238565501,E-93760631127,E-97621015714,E-98151980135,MENU-86323890986,PGS-ALL,SW-0,GC-105811404468,GC-79121806263,GC-86349509899,GC-87228382568,TS-77972180651
cf-cache-status: MISS
cf-ray: 87bc658e2d306a75-TXL
content-encoding: br
content-security-policy: frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Mon, 29 Apr 2024 04:02:28 GMT
edge-cache-tag: CT-114262621716,CG-48251609225,P-8645105,W-86323890986,CW-105809003625,CW-162376762169,CW-87239536287,E-104058125211,E-105445068311,E-128444017432,E-163022326855,E-163024466335,E-77969195071,E-77971433387,E-77972286520,E-77972429906,E-87238565501,E-93760631127,E-97621015714,E-98151980135,MENU-86323890986,PGS-ALL,SW-0,GC-105811404468,GC-79121806263,GC-86349509899,GC-87228382568,TS-77972180651
last-modified: Mon, 29 Apr 2024 04:01:45 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOCnaT5pZ7A1WkS6FcYGv1app4JiVVw2eNH51aXN5ZuVsaZaWppgqZeR9YnNAvwussyv8gbeUReSOuUp%2Ft7pM1MaGo0%2BSLas3Odk%2FrjS8CsMok964iA2EvBAUVvnZdQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 199
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-0-9-td/envoy-proxy-6c6c8c97b6-xjdkr
x-evy-trace-virtual-host: all
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 114262621716
x-hs-hub-id: 8645105
x-hubspot-correlation-id: bde7c02f-e400-4637-8ab2-8f8dcfb74940
x-request-id: bde7c02f-e400-4637-8ab2-8f8dcfb74940
x-xss-protection: 1

GET
H2 200 project.js Show response
corelight.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 101ms
100ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 a510ce56c300e2d885e99cf42a868640.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13577772
x-amz-cf-pop: WAW51-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BJlj5Yp1mVaJmt6isoQtbiF3WN3B9MPi2OUz64Yc7fCTq%2Fed3BHR5QGzOdXg2YjZ2VfX9HhlJQf5k2eZq1N1VkZ6%2BXq33p%2BbvTy62LZSZ2voTOooJczkIEUI%2FGJNBJ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87bc65932d766a75-TXL
x-amz-cf-id: T_T6csmuXeb-s-vMqsT9JPy-rjgjZFxhUPNUcJc0s5QhlAhBikaGVg==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H2 200 project.js Show response
corelight.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 97ms
97ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13491239
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRN%2BH5a389CXfoua9OEbHEqMM4p8vzaaMbG7GAorI76y%2F7coGB3d9hq6ipzDOBNhLpe2CbO3QFg2Sv6ZLOW%2FDKYvx7%2BPezL74k8pLBwdCF0iqXWfjHMuLleZA%2BUdv6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87bc65932d786a75-TXL
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H2 200 post_listing_asset.js Show response
corelight.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 98ms
98ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13728154
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FijveuVe0zNZVAxTdBWSMMfqkljNwkj9A4oCpIIqCSABHdbCfuKxwyrJN44O8hs6i20cpojOYs9TgmKF%2FeHO4nWCEe75JjPRvqqRPHmjzIsY9GzEKZbepVNCnJaUK1Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87bc65932d7a6a75-TXL
x-amz-cf-id: mhe-XZqlu0UYIouskl3OSMY2m4X2j8did-p1-Mtvgj_trvaRM8b1YA==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H2 200 mojoflex-styles.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77971433387/1713459523040/Corelight_MojoFlex/css/ 160 KB
25 KB 78ms
76ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77971433387/1713459523040/Corelight_MojoFlex/css/mojoflex-styles.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03e5a90fecdafc6bc210ac328f0907d2b0dd0c0915ab1182d91ad04efc66d13a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 2BFPVV2WDZ163N64
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b2056fe259141c251fc3e0449295af5f"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459523040
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: u8rRfWMW0u67vVG7hrDY3kPWFB4T92kV
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c2613e6a-2236-49b5-a247-0335bb5a59fe
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 222
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /hXy1Qab9eVKXaDVts3z+CNMB66Pk/gn2WMOXz99jle19KXS/qX8niEkh8orWPdPEvR07JKRbNM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c2613e6a-2236-49b5-a247-0335bb5a59fe
last-modified: Thu, 18 Apr 2024 16:58:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=le3%2FmiVegqHyTc2gDAb28JnSZWREkJ%2FRW2h%2FfbD4Qj%2Fjxe3jJdEPIn1UruMCTOFfvoat3W3asrCNABBpUKmk4Ssp0rdRQrM8OUc%2F%2BwmwjFv6ZH1Uc9%2Fqd81FabbNzcE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-jw4np
access-control-allow-credentials: false
cf-ray: 87bc65932d7e6a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: vamB8gUTdGcxXu3OIXlwK75f_x0MI9O6XUHwG9uIgJPiXSuCZimRgA==

GET
H2 200 blog_mojo.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/98151980135/1713459515362/Corelight_MojoFlex/ 19 KB
5 KB 100ms
99ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/98151980135/1713459515362/Corelight_MojoFlex/blog_mojo.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

303e54abc5684f12185aebf4ccf849d25f39f2ed567f292d619a50b37a25a880

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 58ZXP3RVN33369H3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"41b257d52536904dfd2ce57271f3f5e1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459516196
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: E08Z22Qw4LYGTkuRGn8P5CdkxLt2pNhO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f25881ea-7b82-4486-8cb5-5e2721ce7384
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 224
alt-svc: h3=":443"; ma=86400
x-amz-id-2: CxN9z4JJbXauXAinISWhj1+sTYKwUTQBa9igigUp8jRJnR+LcEXaJnmQCyKVbYmiD3uv0yeff4g=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f25881ea-7b82-4486-8cb5-5e2721ce7384
last-modified: Thu, 18 Apr 2024 16:58:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cqVoBlNo%2F3ew5dQWH%2FdvkI4xpcNB8F55NY5OcLk6Wyve4Gz01oksiLt1SZEiR0AqMZx6IEIDPuTItNKUlGr0%2FSWjnOmM6A%2FmLXazGws8V%2BadLu%2BBpQoYvJNqg455WM4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-szl7m
access-control-allow-credentials: false
cf-ray: 87bc65932d806a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: EDcsVfe-CcbOSwpt48xFmE3hVGoiDrvUbESOmkx83Z5bcM-PpZBZAQ==

GET
H2 200 child.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1714363311646/Corelight_MojoFlex/ 133 KB
22 KB 253ms
251ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1714363311646/Corelight_MojoFlex/child.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

41fa8d5539a1eab803acd6a0893a67bd12c8cd70bd6caff8a8b05e85d6983777

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: MMK7PHHVYJZ9SG2Y
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"44251c83efafe2a0aea2e4a66becc7e9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1714363312927
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XqHsddBOVeyVOLUDy3zSuJCnf1dA_N5D
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c098aefa-2628-41a2-a952-affa1cfa33e8
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cOcTJCeFNcmCedi/XOk9EAQc3GP+lDHZLGeQZDqB5WnZWUGjv30NPcHY9wFIAawHgLgA0BBoMow=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c098aefa-2628-41a2-a952-affa1cfa33e8
last-modified: Mon, 29 Apr 2024 04:01:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4c5E7CgsOyHV4UIZPxS6SSnfAAxGHscKEA%2Bz%2FYkBPcyUkk8QHJqEhLt5XrBWxKzykhUQ0lScevnN%2BSRnOR26Ei285wY4BWYhDikaDOJjy8VyEJRxQW00%2FMkL6qs8QQU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-7mxgq
access-control-allow-credentials: false
cf-ray: 87bc65932d846a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: KQZU_HDUHpc7hkkpWTDus__UILwxR5mJDU3J3O6sHSra4vlsftkqKw==

GET
H2 200 corelight-new_child.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/104058125211/1713459538132/Corelight_MojoFlex/ 671 B
1 KB 76ms
75ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/104058125211/1713459538132/Corelight_MojoFlex/corelight-new_child.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6be1f196d867b564cb1fc2fabd1e11f56790558e8f2571e5bb0886906fe270cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: E61SRNNX9GCPVQ8Y
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2bd31854fd26aa63e91a59a0a67be61b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459538781
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LmHRypeno2Ab_tmiw0ouTQ0A16DSMX6O
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f65cc254-1ae5-4a3e-a801-d8d06da0043a
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j/UPyrQKfaz0ckZ1Pf3BJAHYVVaeHA2Gx77F69oevy+zs0v2I2lVbrJWNLD+CGFcjEljOWi4RpAgFToQ0/iMzPhar+4nKe6rloe/2DaJ38Y=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f65cc254-1ae5-4a3e-a801-d8d06da0043a
last-modified: Thu, 18 Apr 2024 16:58:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mjpqs%2B9LHySmcNH%2F1XrCqBJ0gu84DoKcApVM0p%2FAYaHeLw89%2F2qnx6XzMXcYSji2KaxJu2YBzT06NDJTw%2FLlLg3Cd6G9RpFfnSp7vW83%2FR0kp8tf5tRY4W1LMx5gbo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-787tz
access-control-allow-credentials: false
cf-ray: 87bc65932d866a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: AFV3IltP1ZaTat8lUVltf4ovCDZDg8muQe6C47zYSLSzkl23FHthZA==

GET
H2 200 child-gravity.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/93760631127/1713459531646/Corelight_MojoFlex/ 866 B
2 KB 97ms
96ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/93760631127/1713459531646/Corelight_MojoFlex/child-gravity.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe3d5103952724acb7cfd8ae72224a40906bf9ec91087511412aa376e8d35811

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: WAET6JHKKACYDF44
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6a15ac73f98f5d09cb2a3b5793be9ba5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459532286
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: BVqdl4fJZqF0crnj9cVywmfabGP7XJAa
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3100af56-fe24-430f-bf99-fcd3c3762246
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 222
alt-svc: h3=":443"; ma=86400
x-amz-id-2: enB6dcxUvWAgsItTaoWLss8V7XO4NbNRviD49tHJIEDu8dcJQEDB6H8HAnlfcQJmOLn5A8oSPujZ4Pz8+kHRLg==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3100af56-fe24-430f-bf99-fcd3c3762246
last-modified: Thu, 18 Apr 2024 16:58:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b09bF%2Fdb69FvLWJOml97wRXyVhp5%2FWSqY1tm7jzQ1JI%2FryDEh7fPwZe12fAsEvzWcISdJCu3L3tRiwFALyLeBA%2F7rwhvkUBHMj%2FsqkJU2nSJEtbkB1by75lxhlpbKTQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-5ktnt
access-control-allow-credentials: false
cf-ray: 87bc65932d886a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: M3UbxFHcrmntM9aWgjF9zQAbrm0oC1caOIcBfbeCSuV5H41bcjcOiQ==

GET
H2 200 swiper-bundle.min.css
corelight.com/hubfs/ 17 KB
6 KB 99ms
97ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hubfs/swiper-bundle.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

897d1c10fbbd847f5378172416a6d13cf2d98744211aad17421c456c57ff5a05

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-106199345464,P-8645105,FLS-ALL
age: 236049
x-amz-request-id: V6KHK53H7M9XTA66
x-amz-server-side-encryption: AES256
edge-cache-tag: F-106199345464,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a73b3a9656f47a43a6309fc6b14b4805"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678638992883
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 0f65f9aac16e53eeb77d85b7c23a21c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oBSo0mXMgG0s9l4mVdBeYbgJjakRATKs
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-106199345464,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0YkHS5xE3yepsf/CZfuHFpSjZwFQBNrDaGEUWhruEs8G7nOwuI222OgNGPncpBH6dyqghPS0uVU=
last-modified: Sun, 12 Mar 2023 16:36:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VaJLcVsfv9neDAB%2FbO4%2FjEDQT4rhJGirl7f1GgryToVr8XTupvum0V7AV3U9Lc0SxfbU5qFXFKqL%2B%2Fb5yFU6QS7tI41aSm2AdW71g%2BV8CSAgVuQmJsYuZasmoWI1qrk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87bc65932d8a6a75-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 2UhESQlLR_NyPg5Y0ew666DLTEWdEDeMJiCKxaLU5LGy8xlXuWfRTg==

GET
H2 200 module_105809003625_MojoFlex_Theme_Global_Header.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/module_assets/105809003625/1696886956916/ 4 KB
2 KB 75ms
74ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/module_assets/105809003625/1696886956916/module_105809003625_MojoFlex_Theme_Global_Header.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

14727cd82f312ef28e3f2c5b4abb127d372d32b41fb5a08dcdd297e1c3f3e5cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 6S5H6AY0RVY0FPGQ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e67112317325fd3a6d76938575fcceaf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1696886956916
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: VaPdf_tQ4a1PLzNQDb5zk_aOJ0oJ5s7H
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 51b6ddfb-4188-4e71-a2b1-3b6ff349bf6e
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 194
alt-svc: h3=":443"; ma=86400
x-amz-id-2: nx18sC6sXIFKqpaIFvsXLcu8TbIN/K9SmwlvTeacB5wAI8sRXdF+7uPRAIkTVjKz/eY0RWjnOck=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 51b6ddfb-4188-4e71-a2b1-3b6ff349bf6e
last-modified: Mon, 09 Oct 2023 21:29:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1aNwDuOe2XZ9lZLL7JEEmczrFmW1ytvX69GUtAatogZbLTGqJ34ir5od9xPaAbcM9e3wM3AYHOfAQixCtQk%2FtT4U8U0xDLRerBLX7NsqQhbsNOevcatJngBPptGi2aM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-tlb9j
access-control-allow-credentials: false
cf-ray: 87bc65932d8b6a75-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: in-SwVwrPBUvJNf5itKDzl0vHGv8ekks0R2zL7qFou7By1NDPWrTDw==

GET
H2 200 rss_post_listing.css
corelight.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
768 B 108ms
106ms Stylesheet
text/css 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 75f70026bed8fa7e14f645c02f074728.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13634365
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADijf9SRoFIqOKf7s4B5j6ddmmJOrrX%2BeskOZY2gWQBZpp1UQAtzwANx30%2F69GUXGt2RIRmd33zw5mEjf8QUVi9AT%2BPmZLBwj1i6OSs2%2Bjkp4cXnJfMw3NZjnPPxryE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 87bc65934dde6a75-TXL
x-amz-cf-id: jdOI1kFWuxTkUaxUM7qs9OdqkTOXXUI2GSBs38RoV5BdbvWbDGhItQ==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H2 200 87f7e1e107.js Show response
kit.fontawesome.com/ 12 KB
5 KB 144ms
52ms Script
text/javascript 2606:4700:4400::ac40:93bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/87f7e1e107.js
Requested by: Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40fd3bd4b40c69854df6b31303a10ee0ae928df767f9d790532608b22dd12077

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 46
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 87bc6593ca2d3636-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F8mjU8dBCESOX-0B-rBh

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 181ms
40ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

bd1dce8f2e262aa0adafc29048da72397951e8c93075ff9baaedd54f8631b5a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 766
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163630
x-li-uuid: AAYXNCTWELFdQODZtkoeiQ==
last-modified: Mon, 29 Apr 2024 03:49:44 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Mon, 29 Apr 2024 04:49:44 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 142ms
41ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 27 Apr 2024 16:16:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 128759
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Apr 2025 16:16:30 GMT

GET
H2 200 corelight-logo-white.svg
corelight.com/hubfs/logos/ 5 KB
3 KB 100ms
99ms Image
image/svg+xml 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/logos/corelight-logo-white.svg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e74dcf15cca4e6d0e153a358b63a5c73a4f392f519622524a6a0c678069e0803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-79127756136,FD-41040715242,P-8645105,FLS-ALL
age: 330254
x-amz-request-id: 52G8BYYDYPPZ53VF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-79127756136,FD-41040715242,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"358abf62ca4f90301acf22e4ccec6731"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1657733723090
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: hP5ULeAvF5ACG6.KINXjt1Nd4V.Dof0G
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-79127756136,FD-41040715242,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /CySy4hFmAIPIjIsSMGiYE0dfLryUTBvce6ofRjun8JimZBVEhpaT1J27sHzz1tt5eEQ5zX6Hrg=
last-modified: Wed, 09 Nov 2022 19:49:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lN9ozKO%2BIu5gIMXBsFrbUieyGQlTliqdEi07eRMJ%2FVj2%2FnFbNhgQsJO2XxXpi66nxMdvrvvf15LvXeExdOrP2bu2Ettk25rQY50soEs1%2FNjNZkf77IHAwmpl8Q1J%2BmQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87bc65934de06a75-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: SDRh_djV2HAQGcZ17CQb0wSrcuiiheESxbnuF0C0z3ndS34xz6ngHg==

GET
H2 200 5ac55411-1d8c-4ad9-b3e1-811fed6bdd22.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
3 KB 271ms
175ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/5ac55411-1d8c-4ad9-b3e1-811fed6bdd22.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3822338d1a5fd5e98412c492fe2ca4b5bdf36e4ece4420b17e9652d51d4aec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: 7WCXdsmyMgEUL_aL7.otJ0vSIonvRr7i
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739NTCBJK8ZRN1JV
x-amz-server-side-encryption: AES256
content-length: 1563
x-amz-id-2: IQubiMUtb2nSBAPyPemOmLPHIWWNjuo4OAyX7Jqw20MnKk1e/vvKKK3SgQnK7haV96qR6SzxiQQ=
last-modified: Mon, 13 Mar 2023 21:05:33 GMT
server: cloudflare
etag: "9127a9acc9f5137861b4abdeee690ae9"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3CcEV2CU%2FgeoZKNOhEm3bmdRYPCz97o5eTYs7VyAKNfeCSt%2FvTz7ixFvY6HnBgpHpOBBytyEp5TSNPwj5h7YuuqgYeKQawe0dBGLPznKA8JbXzybsoByfPuj99YJIvaq5fuUz8gFWtTkozIQP%2FN4iLvk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6593caff65b5-FRA

GET
H3 200 current.js Show response
corelight.com/hs/cta/cta/ 18 KB
8 KB 90ms
90ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/cta/current.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8223c7c43eb70aab59569d668a1dd0ef1fd5b893330aac7a21325dee27cc4f82

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 352
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.273/bundles/current.js&cfRay=87a40830d49a6a74-TXL
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d9d4ddf589e3048680af0ba831cf9fdf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.273/bundles/current.js
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: XcoeRgs7XaWGosiEFNyOsk35nam83Oqz
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 17ebe0c8-b493-43eb-851f-5797218266c4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 17ebe0c8-b493-43eb-851f-5797218266c4
last-modified: Tue, 26 Mar 2024 15:17:14 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e2%2FAIPuFSRSxtJV%2B9d4qRKNmVtkjIrGvs0KJchSK00Kz6PISf9JfC51MdnZl8tPMDMMDkKYA72GzKX49pmfe3PZoKULMqTlGlW2fHrcLHQ8JMWFXYXdaVRTqMtNFeUA%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-72bsp
cf-ray: 87bc6593cba94504-TXL
x-amz-cf-id: 5yDOYRD4npu2pfrz160gUpn1jp5RdpFXYzrSV0_sP9SvDTps5swEZQ==

GET
H2 200 c67f32d6-5f7d-4882-b9a4-84581070b432.png
no-cache.hubspot.com/cta/default/8645105/ 1 KB
2 KB 171ms
171ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/c67f32d6-5f7d-4882-b9a4-84581070b432.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23baae74616cd8c58429a7fb4c5ac0694df76614c162129a96b2bd8e71e06e90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: lFqKCqnZULchdJmigthLMvvBTjY8tsqC
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739H748G4D3FH3WP
x-amz-server-side-encryption: AES256
content-length: 1469
x-amz-id-2: A9lxCLc3o+S3WuSXb6zR83BMETos1MY78lsnyjG++aquBKR8ZQKRUdNbM3QvO0BGSoi4piGywag=
last-modified: Wed, 08 Feb 2023 17:08:50 GMT
server: cloudflare
etag: "1f587ebcd554760bd6cfc7589ef4531f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dxFmS1Jrt1J9m5VGoYxJcRlxkJECgnqCKPaImwFY9LhpuSNqdRwTwrewc37%2FkCQp5lFiIT0z%2B0ABKbvbq35X7lZecVUZyBNeo7mBQaayi%2B8NtQSCJ4zRmfnSAQHFmuVsEi5UAauKxY82Bx3YP3X2BXkG"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65946b7065b5-FRA

GET
H2 200 746a67fc-e664-42e8-8186-3095e7f251db.png
no-cache.hubspot.com/cta/default/8645105/ 3 KB
4 KB 173ms
173ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/746a67fc-e664-42e8-8186-3095e7f251db.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4068a0afe1bc1a747f5998d32ad97d00b5d3a0235b74c88726b361b7b1c098fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: lTIMpeRXMOuxVPBX.E.Epta9DBp1wKeN
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739R6SBVMV1N3XQY
x-amz-server-side-encryption: AES256
content-length: 3578
x-amz-id-2: EmLa0PQS3d+h/YPSNEaLaR6fMGDKCMHMugWeiS26vNxiwkVbDRkUJNDJhY1iUuwqhWjgz20yX5w=
last-modified: Wed, 18 Jan 2023 21:48:14 GMT
server: cloudflare
etag: "e61ee2d5e2bb9d5dc42ce059f591f9d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WeGlgIWQaek8pg8lG%2BSufBMy2UXj%2BJOFwztUxCzi9FeEl%2FIVIgjLofpUli6kPYi1DXsq%2BFsbcezvHNDLHcoxGjKjQGXsqTlRy4e1I4xmXp64%2F1mfVGPistJaTLmdierl0%2BceOmtTpQG3Rt0YsK1js45z"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6594ebd365b5-FRA

GET
H2 200 4e06ae17-4f1b-4406-8595-cf8d8f926938.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
2 KB 181ms
178ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/4e06ae17-4f1b-4406-8595-cf8d8f926938.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62ec87f62b29abc96f6c7ea15665f68e9f7158815573ea1061db9438f9d1a7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: EnpY28PgBP_acLRxqx.QOy3Y457X6Nhp
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739VW07MHN1AD2ZZ
x-amz-server-side-encryption: AES256
content-length: 1836
x-amz-id-2: WZyjXpqs0oaR1p+AsIWghjT/edy0IfAs0s+DltEPRNyaEXgBXoUp9pRZFcvFdwIizMAqW7OA4aY=
last-modified: Wed, 18 Jan 2023 21:48:00 GMT
server: cloudflare
etag: "741b4c952c72fd2cb7fda04f1e8f390e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xd0Fok9R5Jt%2F259AgolFKZMcQl45a0G77uS3uXtOM3dSojhGrJxJnIHt6IfuWaI3i4%2FlavGmy4cQlNqbS8LXNIsXERrJijt45bZLOQvNhoPVgfBnqVX9pZn10lqPr7SncmD9WTjnRT%2Bd8BQgVLAa2xRh"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950be965b5-FRA

GET
H2 200 3c3fe76f-b1f9-438f-8b6e-0037b6b464af.png
no-cache.hubspot.com/cta/default/8645105/ 1 KB
2 KB 428ms
425ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/3c3fe76f-b1f9-438f-8b6e-0037b6b464af.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

614164033aacd76ef1b78ef89f065f3fb8367305bfe262ad8bc2ca721755e6d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: e7q0qM3IW98IDu2L39oNujKZlvEi5P8Q
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739NJGXJ2WZ100WK
x-amz-server-side-encryption: AES256
content-length: 1443
x-amz-id-2: J1rqvw5Uram2PnUGaCybjtmh8yz8mHnTdHRy+gEbP9aRzbsNKyhv00SO5zTTIA4OGkU61+yB96c=
last-modified: Wed, 18 Jan 2023 21:47:30 GMT
server: cloudflare
etag: "e4fa4503df6b00b008ba5cd9eff3e618"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdPYlUKikZVyX3L0jL8VKfVBKWokTLOGJlKo50JAqXi2ogr8J4%2FWqlTAn7zQh0lc86YyzbarlCuHP0QeOcDowglFFnsJujPWF3l1If0sBW70kj%2F%2FSxibwCosgPDVJzDoXDffP5NE%2BtvWTQ%2FT0bxyJv39"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950beb65b5-FRA

GET
H2 200 b103bb72-7fdd-4d47-804a-2a2dae7c17af.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
2 KB 174ms
171ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/b103bb72-7fdd-4d47-804a-2a2dae7c17af.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25358bb77160d8191367503bb11903319b17d4d93c50bfcaf2d77f77d46c9782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: v8xOuACRCMAZ4ax1OrJmQWnsLLbhysl3
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739SRDAH87S787CF
x-amz-server-side-encryption: AES256
content-length: 1724
x-amz-id-2: 48iT6iGPl7/2cT5RHxjEg0E3LkNCPnP2wys5zj8GgPP5UAM+qXQFgEDCVTiynuD0fUZoTVRcIKw=
last-modified: Wed, 18 Jan 2023 21:46:31 GMT
server: cloudflare
etag: "fcd99fb71934a666ad128aedab78ce3d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2B7JvyLOupqnw%2Bui3IxZuxN%2BPLtxzI7l5RHTmbhgncl80SB%2Bfq3Us3U1ChDUShCstukRNHouzOvvrmLeY9bTF4Sn6HHJqa0BDk2I4Ay8mV4MgjLHE4ZZCP6wgSirhrPcSH6MvtC3Mq%2B8TXoBCN%2Ffy2Aq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bed65b5-FRA

GET
H2 200 59624fba-bb17-44bb-ae4c-9f2b95e57077.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
3 KB 183ms
180ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/59624fba-bb17-44bb-ae4c-9f2b95e57077.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a25f02db852d211ad12b88c0744102bb08c3c196563e46ee9631f872d5b74c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: ztoGJ7sHRpYtNiCwalBQ6ZnOgeKJrxk5
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739HK0QPFXWSRNT6
x-amz-server-side-encryption: AES256
content-length: 2173
x-amz-id-2: Jlz17jfYeOOLoXpVrVoY+Fv1Zk82YcLq43Cg/r52hlmOSBkIECVuZGXDhIHXcBQnmvgB7XMdITM=
last-modified: Wed, 18 Jan 2023 21:47:01 GMT
server: cloudflare
etag: "dd551bbbadb9a1d6f2c1796e7aeced55"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2BKNJWOyHlTllKgJaduBPQU53wVyb3pMLUauDM5LQYbKpiZcnxgRnQaQZAYNXd%2B5JgA%2B23SHLUSLwSL7eNcHC%2B3FyNOlHF9h2O3DAMnyv4LOnZIOztg8kb3PJemGiIzsZv%2FsevDcmvLPm5FisLKnR92Q"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bee65b5-FRA

GET
H2 200 0828571a-213e-454d-af18-3755eaeb5334.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
3 KB 181ms
179ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/0828571a-213e-454d-af18-3755eaeb5334.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b987d7829d7e4289760ce61fceda8a9b15754f00aa2b6dcbf3600c80493fd4ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: uRvoTbY2DkN6qoAwh7npbCyv3et25Ghu
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739GAMFMNS7REEQD
x-amz-server-side-encryption: AES256
content-length: 2418
x-amz-id-2: 99lpzuWvH9Oewav/xLy2owwUvre4E6A6C6XOydjEYKf98Kxd1PbI71cDFvaMdLRZB9EdeWjg3IA=
last-modified: Wed, 18 Jan 2023 20:52:50 GMT
server: cloudflare
etag: "a86d216818e490aa44d1ced8697b9d1e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=goY3ZSRWARCtcS2x9DCIkCZINe9KSp3jdd4qK449iMh6cOj7FZHjM9fT2%2FG%2BdOYxLYT6ZxkdvTET74eeFMImdwp%2BVX4GIhKbn8%2B9TFfLitK9AopZKVMOPcmqgQcIHsNvrhTOgapha6DDRLXc2RSyBimV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bef65b5-FRA

GET
H2 200 e9e336a9-c35c-4f6d-8147-41fcc20838b1.png
no-cache.hubspot.com/cta/default/8645105/ 1 KB
2 KB 178ms
175ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/e9e336a9-c35c-4f6d-8147-41fcc20838b1.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

614164033aacd76ef1b78ef89f065f3fb8367305bfe262ad8bc2ca721755e6d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: 9DqWMMrJRVLBr8R0XRWt3iDdNKisQh7D
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739MTZCQNX1K4N98
x-amz-server-side-encryption: AES256
content-length: 1443
x-amz-id-2: /CQH+C3jUYcJ0F9Tbax65LWk9w9AUsD+6SejpcOIHtdOVyfJP1eZ2j6a8STbTJ0ZDdfxihRWXJs=
last-modified: Wed, 18 Jan 2023 21:47:19 GMT
server: cloudflare
etag: "e4fa4503df6b00b008ba5cd9eff3e618"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=26By0MfFgEFku75xuuP7DdWKckzobXWkeG39FVRPhe96%2F2%2FDm%2BCA3FoLKvmrncd467QeM%2FPQphS8fsEVMHmnRlOFlununUsVYlLcsFQA85u13gaJ9REnbL73UO2AkSqermG4j6Feal7hJnI2qE3%2B%2FnCz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bf065b5-FRA

GET
H2 200 d5ae4142-40ca-4950-89fb-258f5a4d6e30.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
3 KB 183ms
181ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/d5ae4142-40ca-4950-89fb-258f5a4d6e30.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ce2dd613301891dad5c3e48cff50a944301886e0ee92f5e8d386fea7f1db52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: NjWPPud9uY7YIM47Oqx1hHuITtnPfyy6
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739JQVYPZNS1CMX3
x-amz-server-side-encryption: AES256
content-length: 2167
x-amz-id-2: nR9Y2WJ90VP+QM0E8cV5q2ZCQTszNXV83vx5EmufuTpft8rNtje5cTRi7gtVCuxm3A2KfzQr1wE=
last-modified: Thu, 21 Dec 2023 21:01:30 GMT
server: cloudflare
etag: "68c2e0874e5870e9ba31cf902b74f9bf"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FT0vapEyLEVVdc9dZBu8hyZP6V2QT8koGuOdKDExRsVBZ0LCfQF08EGvhsZqzri9lvo0ny1oGqd%2FD%2FZGXmOt6Dvij05fWLrGlbu8R37%2Bece67BlYjD1UU1qCNlmvAS6GE2spJg0atxltF6z6F7H4cKK"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bf165b5-FRA

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 482 KB
154 KB 111ms
67ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 289
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87bc5e848ef93683-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 853d4b60-1c0c-4d82-87b7-c35c204bf8f7
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 853d4b60-1c0c-4d82-87b7-c35c204bf8f7
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W9qsvNxKxTD3RDxgtbWr0T0LN5RrzDUy%2F%2BnXMttAsmakQ40tNWnyAXr8BscLVRHB7FJR9w7qXrpje67unC7yO43kTw2GHF846zSujgBHaWq6wNvLTi3cw3uALBbtla9F"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-trtck
cf-ray: 87bc65954a6a366f-FRA
x-amz-cf-id: PIZjlSpRuF1JUOoOEz3otLx5IQgVTmR2jn-05fTp4wyARoSKGFMfJQ==

GET
H3 200 g2-medal-ndr-leader-winter-2024.png
corelight.com/hubfs/images/icons/ 23 KB
24 KB 146ms
145ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/icons/g2-medal-ndr-leader-winter-2024.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2699e99247cf27ee65aea99e5b995e53949cf4ef7a6d1ac6fb635d549ccf26dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-150468918901,FD-95848185418,P-8645105,FLS-ALL
age: 46
x-amz-request-id: 9YVV7J6CSNC2P9NT
x-amz-server-side-encryption: AES256
edge-cache-tag: F-150468918901,FD-95848185418,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="g2-medal-ndr-leader-winter-2024.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "bcc0864b5d52c8643d6077d4f4c04c6c"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702923152743
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Xcb2moutpooO26w1P8aCCkxLFB.WWkMF
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=40545
x-cache: RefreshHit from cloudfront
cache-tag: F-150468918901,FD-95848185418,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 23372
x-amz-id-2: kYAz7rcDzlMpBupAQYxzCno2WLmSbMoMKu7ar7A1nZ4J8wFTdIXSK8lDahSKJdFMkgKJ6f6yBFc=
last-modified: Mon, 18 Dec 2023 18:12:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wGQlkSkRBbgGpcsWf59B%2Fee9lYZDR6DeT7Tc6u7uL7TCoQvJW7vATsNrJhqDh6YDMfm1rc7A1CGyvo9NnutJ9nDaao17pjKp98tPs1%2Buu0XEEvIqul3%2F%2FRh9%2FsQe0k%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 87bc6594fdea4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: KymUIdN4A2C2wo1J7odMV43--cyBFAPs1NqtsjwVog3ehJrQLDlqgA==

GET
H3 200 g2-medal-best-support-ndr-winter-2024.png
corelight.com/hubfs/images/icons/ 27 KB
28 KB 172ms
171ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/icons/g2-medal-best-support-ndr-winter-2024.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

95e1b299e52e2bbac71fcc321475f61acd999d88afca042840682d14f2c49b9b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-150469693525,FD-95848185418,P-8645105,FLS-ALL
age: 585280
x-amz-request-id: DZH7CRKAJFJW4PY5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-150469693525,FD-95848185418,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="g2-medal-best-support-ndr-winter-2024.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "9de547c5a91691bad8a152fa8fca0153"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702923152790
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 814faccbc899c623ea413ca14fe07c54.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2Rnodiepg_QOFU6UjSm6ClAz9.qwiRv6
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=48487
x-cache: RefreshHit from cloudfront
cache-tag: F-150469693525,FD-95848185418,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 27426
x-amz-id-2: qh28kPlJfje4uh3JKAuFfiBgOarkwLM/s4Aw2u5ROAFiW6VS4CDR4yiOVGg95JWvvRUTUw9oaA4=
last-modified: Mon, 18 Dec 2023 18:12:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxepu6gjChRtfD2CFsrZOCWeoxJIAnkoAgOwkLv3HQoL%2Fw1HjFdeVRSX%2BUPm9kq8YX0Ua2IDWsj8j6lRhQVmPKy9sNt3sFYvcqzXkpp6N2i2joovylt2qDYbOQB70FE%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 87bc6594fdeb4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: hn-6ZkRJmye6jcuvaho_ObDjWRH9WFPpV2fLmhFEiXYoeEO-LGNt9Q==

GET
H2 200 e2d17c15-4cbd-4184-8a4c-d49d230ee94b.png
no-cache.hubspot.com/cta/default/8645105/ 1 KB
2 KB 179ms
177ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/e2d17c15-4cbd-4184-8a4c-d49d230ee94b.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558fe5be47283f45ee0e7563753df1e7aa1c4df78f853cb48f32e83dafa6b296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739RJH5BBYK5BZ7X
x-amz-server-side-encryption: AES256
content-length: 1172
x-amz-id-2: aHpBt8Pj/6I8N76TrscEMaHrLbj20lElzQ2DEebFzLOshU0MdibFULDLEyW3S9d4/+90iwgulHs=
last-modified: Tue, 06 Dec 2022 14:35:33 GMT
server: cloudflare
etag: "138fb73cc7079d513e3f0bef8263a0aa"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CMIr3Gq9PVz%2Fw3vpgi11dscmsQN0nWEY%2B%2F%2FcEGMiyP6QDfFDj4B7edIasgrdq1FWNCmpkL%2FB7qzgqHiNMnG1S%2BkRejntwHvQdrSGtiyeE1wBKeaXsBgUj0ELeYiUTFtCzp%2FOHgQ96bnBn%2BdvN9%2Bx7klC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bf265b5-FRA

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.840/ 13 KB
6 KB 142ms
50ms Script
application/javascript 2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 2364563
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Apr 2024 16:01:41 GMT
server: cloudflare
etag: W/"3a4474324e070674ecd017b9d44b9c99"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CjXtKfbbEkb9zZ8jkmFOQ%2BUc0t43FMh4TZFg7gTMEYOvi7iK6CYsv%2B5oFtvELXeYP6EbXE9%2B3rPb3MQynSR%2ByH1f1UjEOq%2BrSErn5HxFB44YodcqRiqF2IQSGN%2FKhXzi%2FZ8dkevIH3YhcXTSpO0HZ7cFGoM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87bc65959ae1bbcb-FRA
x-amz-cf-id: uPbLZkmjrnCQRcy_jlXxA53kIIcKlWFGGfQZ_1GaMR0TsSieN4Mxjg==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H3 200 child.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1714326451941/Corelight_MojoFlex/ 5 KB
3 KB 117ms
116ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1714326451941/Corelight_MojoFlex/child.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbc5aa208f0f2846e2a10efe06e75293bd2f05b8b597fcb12a3cd8ba19d4b314

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 3SBT21V96V95N13J
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0ab791db67c1e948f00eb26a08bfe005"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1714326452136
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: d1uZG_sMpZZMRB5JFWLeN3e4XJDzniDS
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 2f9b7cb9-d3a9-41b8-9357-0bc48e995dbe
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Am5l5hjD2EMiecJvpv4zZZWO3z0V7PAZNs6id0kDWCgzxBc16SpH+OcJ0qJRJk5z7i4IkC36hXI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2f9b7cb9-d3a9-41b8-9357-0bc48e995dbe
last-modified: Sun, 28 Apr 2024 17:47:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8yuiztonb7GHWTHI9CIcVqpfJS9YocnSIOAWp893niPhz4mpbOGydOJ2x73gBGAZX4UP7EVVRxjek3MxMiUH0tyvjHHw4Ifzv0iGojJxZLdtPcB55HTLUmmAWxs%2B85M%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-grv69
access-control-allow-credentials: false
cf-ray: 87bc6594fdde4504-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: VZrvjslkA-ic_fASX1wnELw8zTWQ4pwtkzodcL-kmAgNOMri7vZArg==

GET
H3 200 waypoints-jquery-min-mf.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/163022326855/1713459521729/Corelight_MojoFlex/js/libraries/ 9 KB
4 KB 88ms
87ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/163022326855/1713459521729/Corelight_MojoFlex/js/libraries/waypoints-jquery-min-mf.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e91dc52d0cccd3a463c15e7d25f63d4a36e907150438b57e46a68414c93bd53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: H3AZZZKT3WEFPRCV
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"4f13eec9f12db953a19902ca63ba700e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459522010
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CzGDIDPPAIX8MJcDIhOovGcy9xeKcbns
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b8af6fe9-5e73-446c-9ef4-edfc327591ce
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 207
alt-svc: h3=":443"; ma=86400
x-amz-id-2: mVm9+NCiOxxvK0KAK0BJv1CBAcfva4xX8knOnuWNtTJYLorxR9bFHfdM4Z5IXRZZjvdAEp7tbJPw1dADirf0RMWoDK/bj+6/
x-evy-trace-route-configuration: listener_https/all
x-request-id: b8af6fe9-5e73-446c-9ef4-edfc327591ce
last-modified: Thu, 18 Apr 2024 16:58:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ok3rWGsYrmfnyWcaqQWRiiYe4n9g%2FEDPY1soB80q26jGJUmkbQuIgCxM0jv5rGmQSqSmw9MFxDvbakZNtI2Opsi8xyuqV%2FGn7NpiBMt1Z5KYIaurmwb9zZsl9vg%2FBnM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-szl7m
access-control-allow-credentials: false
cf-ray: 87bc6594fde24504-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: iHJUxz3M9T69OzHchcCvX2PrRYFKpzXKMOmXyCsYEY29zRNNDUVqjw==

GET
H3 200 aos-min-mf.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/163024466335/1713459515365/Corelight_MojoFlex/js/libraries/ 14 KB
6 KB 89ms
87ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/163024466335/1713459515365/Corelight_MojoFlex/js/libraries/aos-min-mf.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf14f6caf5c8fe88fe8af9e0a3a074dfd5a5d8260410e27d1c6e2e9d1ed76d9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 58ZJYNJKK73DFF90
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2b6ab9477fd3d26218c6f3123a9039cf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459515712
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Qtww6qREpe7_R1RSfvzS7163K.0YRmuS
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 82cf481b-a273-4c09-a4ac-78c3ec708dd3
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 217
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OJzizBaCHQLF3RE9pj4bEQ0Oh/W0wJqaBBPOd93J9RHpg1QS+PlYmpUWKnu8TAMAgV3YREY8jyc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 82cf481b-a273-4c09-a4ac-78c3ec708dd3
last-modified: Thu, 18 Apr 2024 16:58:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PbyjI4JCAKA%2Brzcg3kmsMUeEXfiJYp9XjFD5oFT%2B%2F%2FJ%2BQ07S8MREA9O2rG6Ky8UgoLV4psS0CXkMnKwQpOUjyXX4keWuYjmvi1vCAG712qmmaEEWkOjl%2BHZGgBbeZFA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-787tz
access-control-allow-credentials: false
cf-ray: 87bc6594fde34504-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: TjV6n5jjlcx4hMOJlu3A0QLpxHWl1JM1Jkl-CzhU6KewIMsQMILeLA==

GET
H3 200 mojoflex-scripts.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/128444017432/1713459519643/Corelight_MojoFlex/js/ 2 KB
2 KB 118ms
115ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/128444017432/1713459519643/Corelight_MojoFlex/js/mojoflex-scripts.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e4d846b48db6a1963c5ee1004a73f10e8c0b374460cc602b4cb453170e8b46b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: 58ZWSXD5105NJDCY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"88fbbbf6d717d786e963097066f673a0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713459519803
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9Ve85KU7ttdq4qGZTOwlWnoNxnJjYpWq
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 23074b39-41f5-48c8-9e82-36efba944022
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 359
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BgoCNlBg+eYUd4ElBDDWYwbLdveDje7PD9AQWqkqYeKRIPT96V/vkevfcc8yPsMvKTkpfzKXFws=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 23074b39-41f5-48c8-9e82-36efba944022
last-modified: Thu, 18 Apr 2024 16:58:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBNPFHIjkro8AYR7npQAI%2FS6QRyOOD882rz4Og23ixyY%2FQLwYVWnYBcQ4IHfsNwHPRKxSu%2B%2BIgB4943L9B2VDh%2Fj%2BJxckJEH9ywCo3CvV2LB25szt7jYp6q9fC7ipeg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-jw4np
access-control-allow-credentials: false
cf-ray: 87bc6594fde54504-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: XfRgCAi4Pa3-ubYLmxcopbZYz4rli5rekUnLNTpYEp9atIznI4C7mg==

GET
H3 200 swiper-bundle.min.js Show response
corelight.com/hubfs/ 134 KB
40 KB 118ms
116ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hubfs/swiper-bundle.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dedcafeb898832fb9f1111121a98b723740d84515f1417de4e6c4b21298cb083

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-106203911768,P-8645105,FLS-ALL
age: 585280
x-amz-request-id: GJASJW942R9BGRE7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-106203911768,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a169d382ec5d558e193cacf830bc5d04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678638993193
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 45dddc65ba3da4a1716d9c10f4aaaa08.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: W2didsQcfD0ackAtneMRgxQ0w85k76rX
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-106203911768,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EdKJvKSS74fzH82zJXcrxejeaAQLG0alj4YxYYdbV9tziWW/8acox4mvtsXBbXcDp66pubatLGk=
last-modified: Sun, 12 Mar 2023 16:36:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHJ2vLnu%2B0uVxBZDeycT5IAxh1W1kVQUPHzD5MkoFCIyoLrAiVtk6l77o3m7lsdS4RyfSvKR18w%2F%2BKnvratAKdyTqTBBF1ON2HiPrmtqE4cezxl7sk1u4z%2FCAYMsCiw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87bc6594fde74504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: tzbsQcHz6j4okLMjlQqb-wXzZKXLzZsaOgzXWQw9FqdNm-6pfptG3A==

GET
H3 200 module_105809003625_MojoFlex_Theme_Global_Header.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/module_assets/105809003625/1696886956152/ 5 KB
3 KB 146ms
144ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/module_assets/105809003625/1696886956152/module_105809003625_MojoFlex_Theme_Global_Header.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

23481c6b52ce91d84f1e30499fe8d375edd95a1c032514b2d68fa9e263c91089

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 46
x-amz-request-id: PC6QAK2XYJJK7JBC
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"36eecc71c269a933c606cf079411cbf8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1696886956152
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3131b940cd6fd6a885d42f83a5b3a42.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Jtw04U4DLYju1l01pQQKIwoSRiPZCdlQ
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: d9b50002-34c6-4a6c-9f9e-7fe8d57a49be
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BiCztw7w86GFAwYfSVTYPXcYfLcqpfR1cCIj85iHCZdJ1J6n+haI3XYqYPl05bzqf84I4Z+Svko=
x-evy-trace-route-configuration: listener_https/all
x-request-id: d9b50002-34c6-4a6c-9f9e-7fe8d57a49be
last-modified: Mon, 09 Oct 2023 21:29:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NeqjERjm52l9pjQWNFoxkIMJ%2F7rc5pYM0w9sRI3kpHlcdhRD0%2Ber4%2FrdvvDER7%2F%2BcenIUmvosAeav3663GuaVCqwojLHZp02ZKefxGQLsmz9aaa7rgkGg%2BvahLcX0E%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-2p6jk
access-control-allow-credentials: false
cf-ray: 87bc6594fde94504-TXL
timing-allow-origin: corelight.com
x-amz-cf-id: 4dgf0OyNXvgozKl6NijdLJNisfqLTfnaJMZ5f5G2d7SHU70PN7gQ9A==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 97ms
87ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8903e555bd60b3e66725a7316fa1c399c1c330b6f207dfbf294e287857d526c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 207
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1087/bundles/project.js&cfRay=87bc6087cd161c3a-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"aca27b624bf30d36e5f4f145ae76704a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1087/bundles/project.js
date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: iqAR5gkkMAkFd.Z3L05RGWJk1d1nl__E
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 61087b40-49b2-431c-914a-7c867c6c468c
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: 61087b40-49b2-431c-914a-7c867c6c468c
last-modified: Fri, 26 Apr 2024 11:14:32 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LzmpN4ty8tiUHhC0NR2EEEsXIOquwz2umV5x4cMO9bal2gVb4VH%2BrcJ%2FPpBma875rWQOycB9d%2BDACHgyVmHdphDq9gZqDm4pEhx3pjUOIZ6lG5Ey4RX1IjBMmTJs6jYh5Gwr6PVE5TsHdY5r"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-wwmrm
cf-ray: 87bc65954c1565b5-FRA
x-amz-cf-id: NYIqEdvkwHYoCPMsstmxsyDpJYvLTpIWfVQGwYbVgfxOWw9THMP-KQ==

GET
H3 200 8645105.js Show response
corelight.com/hs/scriptloader/ 2 KB
1 KB 174ms
173ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/scriptloader/8645105.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8634b0160bf2a010582a639309b98f4ac332bcd33fd99ccdef3f15d9bcbd48d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 46
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2528
x-hubspot-correlation-id: 27d913ba-4218-4cc4-9748-a028cbd4f075
content-encoding: br
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 27d913ba-4218-4cc4-9748-a028cbd4f075
last-modified: Sun, 28 Apr 2024 20:48:15 GMT
cf-bgj: minify
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-4ns82
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KiNXh%2B4KMi6e0bxPiqx5u71HHHsraQ3dm5ZxIBE6AZrkGAktLXhWd1Ts4kXkMph0SfJiKeJG9BcyE5XFc3NlFYu%2B5HY7jmI96inYCJ6FqxJ8jmmJGYXHd8cag4khrcw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87bc6594fdec4504-TXL
expires: Mon, 29 Apr 2024 04:03:59 GMT

GET
H3 200 index.js Show response
corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 175ms
173ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 44a23a2f4d4e9659f5b008d1f39e1318.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2283136
x-amz-cf-pop: WAW51-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWZmmt%2B8XA%2FP%2FnmPMhBtXjk8o4snX3w6jNvW65XegWj3MjFPVdmEws2nmHu4UpM4cR9GO2c6U9OgP%2B7ixQPelc5Iylyw3217qunBMMCKm%2BQHZDRcfjRHqxU1qE1Dj9Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87bc6594fdee4504-TXL
x-amz-cf-id: 5LTyQyxZIRPK3NZXGJfmCy10Vf8EZlRquB0oSXT-gV1kjarqaNrJ5Q==
expires: Tue, 29 Apr 2025 04:02:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 322 KB
108 KB 151ms
64ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5cdabf9c448f9a56ffdfec9cf2dcfbb950b9c98e63646517e60bda92c9e6fe6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109841
x-xss-protection: 0
last-modified: Mon, 29 Apr 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Apr 2024 04:02:29 GMT

GET
H2 200 hotjar-875805.js Show response
static.hotjar.com/c/ 12 KB
5 KB 145ms
39ms Script
application/javascript 18.66.102.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-875805.js?sv=6

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-51.fra56.r.cloudfront.net

Software

Resource Hash

b3f81566d2553746a6f23a1e077cc582575c146763ddb7e62abfd3410d4ecf28

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 29 Apr 2024 04:01:43 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 46
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/99851912a48257ce533a6c565268e2fa
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: 5jfLY6MTomTW_gQFectJ-GqsDTdzHfHWB9l6ReIJwFX5RLa029N-bA==

GET
H3 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 97ms
54ms Fetch
text/css 172.67.139.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
via: 1.1 3fdf3aacaef6ec40c4eedb85c8144da2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 2405182
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08vEi9biS%2F2NDZHZk99YMWZgpAFRQQbG5cbKVCjLR4r2Cn1rCUoRpFzAhkCoHd%2FOa%2Fd2IohS34gMsI7LGFVFNm1fq22IusftQ2vHnSfo50qIxz8SKEFN32vKFapdxG0bRjwTlD%2BVQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 87bc6595183f996f-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 9gG9qq_IGid3RxGkObViNGctfoKfiL5JrmV8mPSeWfVZ4x-KD3__Cw==

GET
H3 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
5 KB 96ms
54ms Fetch
text/css 172.67.139.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
via: 1.1 08b9c2fd11813ffdb8fa03129d0a465c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 1449506
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2B8x5blA2PiSsJ%2FKS8s%2Bj6i4kp6I8L7szdOyCScF%2BkgUX3DFuRkcnIaPHfFy8AFU6HBgaRbqD8U6GEEnTlWI3wFlmP8gowdSS4tUu6yeW4Ij2nlGAXRokyK56YRwKgitMWGXa2ehTw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 87bc6595183c996f-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: kus2MafySiPzc7UWytHFwRuers2clsmwBhz7CG4sT-YKXCjm0Jp8yA==

GET
H3 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
1 KB 95ms
53ms Fetch
text/css 172.67.139.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
via: 1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 2405182
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CEL5OI47STPmf3CGsAeq%2BTTi7KFrvt1PIkCHJ5G%2BRVkPJByswEiB%2B3mjIjL2gAl%2BxRlPXn%2BbL13OIs4avHG86WBocO0DnKV5BrnCr67VqSo0sBs2ENNfgNU6r4XEa48AHkdIV1Qbjg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 87bc65951837996f-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: eIgHzBPP90vLS16SxsV-mN2O_j2uFnt2hS6GR9LFUxP02PD6WYOBfg==

GET
H2 200 5ac55411-1d8c-4ad9-b3e1-811fed6bdd22.png
no-cache.hubspot.com/cta/default/8645105/ 2 KB
2 KB 180ms
179ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8645105/5ac55411-1d8c-4ad9-b3e1-811fed6bdd22.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3822338d1a5fd5e98412c492fe2ca4b5bdf36e4ece4420b17e9652d51d4aec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: 7WCXdsmyMgEUL_aL7.otJ0vSIonvRr7i
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 739H891GCEAG8VWF
x-amz-server-side-encryption: AES256
content-length: 1563
x-amz-id-2: gLrqPSWicboRopC4eKM8ot5ezWl4O2TRqvdaly5Nt/DOBiXlocyAqcBYQZP2F5bCm97Rf5cfu/Q=
last-modified: Mon, 13 Mar 2023 21:05:33 GMT
server: cloudflare
etag: "9127a9acc9f5137861b4abdeee690ae9"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mLfZ6KytXtWAU3xgKZprK79D%2FwGU9pG0Y6xuhZ4Zl%2BHX4iFtxneiTeX4TYJAmLKLU228JFAV9%2FNBG2x8IJuxsn%2FyOk1%2BF7jnU6kB4vBxYCV%2B0A3DVr2GNkegGUQiaGHpsoZxHbT5jkW2J1BGAO4GLnz%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc65950bf365b5-FRA

GET
DATA 200
OK truncated
/ 340 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ae7013ffe863140fac13872103ccdc68e1be3ca7f25f2d4628fc98c5570ea64

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 542 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c2c4075ecb81753440e4a79ea66ea2f22240253b50d5380b98a0f9619d22980

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 500.woff2
corelight.com/_hcms/googlefonts/Open_Sans/ 44 KB
45 KB 180ms
180ms Font
font/woff2 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/_hcms/googlefonts/Open_Sans/500.woff2

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fa02324c8c22f4ef10a3eedde83598446d454f2fb6283a3eb6eefb00ebf959b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 13 May 2024 04:02:29 GMT
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 4f04fd3192b8e206f3b06830e1587d80.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 45
x-amz-cf-pop: VIE50-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: YGTFGASY84T328FD
x-cache: RefreshHit from cloudfront
x-amz-version-id: rL4jNxkWGVbSfN0qanz_EyqP.0UJw1ld
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 45272
x-amz-id-2: gXxtlPuHKpbY2uUR+j+6cSy8F7cjRKZxP/mEoVazzZj+oJvmQ6x2rEpDPma4hUgcxY69Ebb7haS0GV+6CAdej53GPixJLunhw94vCF2nLto=
last-modified: Sat, 16 Dec 2023 14:02:49 GMT
server: cloudflare
etag: "8dcb475cc60eec81e3d739524bb9dbab"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FH8EhXhLOmyegGDgURUUHJL9zxkfYqNlD752b1XmkqM%2BiyaXzJDqptB9J8W9hm1z1nQv%2BpNCKwXGmt2LhPJGtiXfVfAnIR%2Fm98zJEXdpt0msxOBw8EO%2FJxNOMYLMbo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 87bc65951e294504-TXL
x-amz-cf-id: 2iS6LPGRXWfLqlbdDvobqL8JcT01XSan1aiLieoa9-luDYEot2NJmg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 700.woff2
corelight.com/_hcms/googlefonts/Open_Sans/ 42 KB
43 KB 182ms
182ms Font
font/woff2 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/_hcms/googlefonts/Open_Sans/700.woff2

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bf57814a6b2bd6a383a3c9dd5f579845dcc7ba20409682d1ff89899d1573d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 13 May 2024 04:02:29 GMT
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 46
x-amz-cf-pop: FRA60-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: 4ANMZTER5KH4XP11
x-cache: RefreshHit from cloudfront
x-amz-version-id: R2IEGmGEm8TDjtfICMtBhxYyro9umCN6
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 43180
x-amz-id-2: d6xKoroFMU+GxNtbI+uWlcH6HPsbBNIU++2T5lZpreZ3ukREKagWKVvfioXMhYCGPDCFE0chuwE=
last-modified: Sat, 16 Dec 2023 14:02:51 GMT
server: cloudflare
etag: "f52454a3ee6492332ba2c08e99fd5603"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5xrx3ol4IRPoQ%2BZJOe9hoaFgVxLbxq0fODqVyKKr00Yb%2FEKYHRRaqa5F%2BOvAZijz1vatO9sxSp0%2Byq4HGLXtqVYUng14sxnAamLJYLNLD0Sl5wrabGRUA5S1nBKIm4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 87bc65951e2b4504-TXL
x-amz-cf-id: Zb1qTHOgj_-7nTUSAw34coxGlXnGpCAFHICVL-mnXU56gOdoCIfXVw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 regular.woff2
corelight.com/_hcms/googlefonts/Open_Sans/ 44 KB
45 KB 184ms
184ms Font
font/woff2 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/_hcms/googlefonts/Open_Sans/regular.woff2

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bf0f99d4fd072d78144c191d4b7836883fbf2e2a56bfd01acd0aeac2e7a44a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 13 May 2024 04:02:29 GMT
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 e287a2eedc3ea7a96ca60cf17cda7732.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 45
x-amz-cf-pop: TLV50-C2
x-amz-server-side-encryption: AES256
x-amz-request-id: 880A34RHW12VEEKQ
x-cache: RefreshHit from cloudfront
x-amz-version-id: EZOv5EVLxtPdq2Aed2BvxqU9ox7ckBhX
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 45032
x-amz-id-2: WncGSBMGZ7S8hbF4W9VHUkbFjN1Gw4c+8SdLeCwFCi4NVQ4KKPFmc5PMB3MEk/ui+FSWMeGuye4=
last-modified: Sat, 16 Dec 2023 14:02:54 GMT
server: cloudflare
etag: "9092d5f6db55377bcbcf071329a267c3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDJgZZlT8uMf8qPwADfyRIuOuAP7YgzgMlj73MHjGc0V7c854zWdRbNXjeDeMYEjih5z0Q%2FgLnWt58OpdIFQn%2FA5%2FGRCUiEXQJjpKiOD3MHYj3BeFh7cUhaBhD6q1cU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 87bc65951e2d4504-TXL
x-amz-cf-id: E7cAtLKo5M1lGJ3XSfnO8lTEwPTskq1lD6LdnKKsSSRgVp18KYDrOg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 close-cases-promo.png
corelight.com/hs-fs/hubfs/images/thumbs/ 34 KB
35 KB 162ms
161ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/thumbs/close-cases-promo.png?width=368&height=368&name=close-cases-promo.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

37c93bac189f71431779aeecb27465e9536e65045ac02b3f8ccd4f214e68e5eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 d5395aef0c58da123cbcc801b71e308c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-164930085536,FD-95863673994,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 34754
cf-resized: internal=ok/m q=0 n=893+0 c=0+61 v=2024.4.0 l=34754
last-modified: Thu, 18 Apr 2024 22:50:30 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfnhUkNin8xrZZAcVDiOhvzTKOH8cm8aIoFrTlqX-dDQ:2bbf42a81860abb1ec2211ef6124170e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J2VCElEW39iWL5INJmGkFzlvI4yQiam14VJTYYJVZjRZnpCSuGeSqa60QMLbAcDkjWCQYZn6bFDu9AuTmh%2BcyO7MJ6x3PgjcUF5VY7ForJLvntxO191sCc%2FcLY4A%2FCA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65951e154504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 ad-nav-crowdstrike.png
corelight.com/hs-fs/hubfs/images/thumbs/ 2 KB
2 KB 186ms
185ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/thumbs/ad-nav-crowdstrike.png?width=68&height=68&name=ad-nav-crowdstrike.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d8432db5d8bda4576c370ed3902d694f32b57b86d9e2ba5d03285c2d4336672

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 40a902f286563915aea80584452db576.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-101698888627,FD-95863673994,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1666
cf-resized: internal=ok/m q=0 n=941+0 c=0+1 v=2024.4.0 l=1666
last-modified: Wed, 08 Feb 2023 17:03:45 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfyDD4jiR-6rJF_VQNI4NPxttQ2MfMW7zB-TeryskZDQ:f893acc4bc73673495d2b1aae7597635"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfH2KPam31BDKqJlPMtcmhi7OqSQtvr3kaexv8MqfxEUI8eicp6qWqiXbEBPfmfKTF8zDcuafkiw8YHxyTdT6onBoO%2BgTIX%2BWUvZTz0ZT4Swee2JtvkEfr4BvaUdxuQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65951e164504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 ad-images-nav_0013_IDS.jpeg
corelight.com/hs-fs/hubfs/ 1 KB
2 KB 186ms
186ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/ad-images-nav_0013_IDS.jpeg?width=68&height=68&name=ad-images-nav_0013_IDS.jpeg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72aede9f66355c4f1713297cc7cc72552c07d1766176a9d874a306849ed7126b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 a49b989a1c88787f19380a9f833baede.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-96854586463,FD-47159440173,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1280
cf-resized: internal=ok/m q=0 n=1615+0 c=0+5 v=2024.4.0 l=1280
last-modified: Mon, 13 Mar 2023 16:58:35 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfRNL3kW9vBfR_4ato9O2GWyMh2MfMW7zB-TeryskZDQ:170f6d3a9feeb01f2a6f9d847ae6b894"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rtt0qI%2FlAA0jL%2Fj2mVlrp8y5uIAI5IGEap1q%2FCCnacfhZCrJZSkjwbY4hUQfJ0bN0D3oA3p8bFhkdUVKJ7zMpO9SCJWxY%2FgIuIGkfH4zHBDgC6RC7sxcF6lypTxQKJU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65951e184504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 ad-images-nav_white-paper.png
corelight.com/hs-fs/hubfs/ 1 KB
2 KB 187ms
187ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/ad-images-nav_white-paper.png?width=68&height=68&name=ad-images-nav_white-paper.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8401b2b8039cc56539f18618bcca1f1cef95b2146f1042fa9646ce3d16a0663

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd0534abd85b6499804267c2d8854b1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-97468529766,FD-47159440173,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1374
cf-resized: internal=ok/m q=0 n=1755+0 c=0+1 v=2024.4.0 l=1374
last-modified: Mon, 13 Mar 2023 16:58:35 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfJEjGtRlyV58P22OWEYKFkRtm2MfMW7zB-TeryskZDQ:ac242cc9262981f5fee1eebae4d22d55"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZG6XogFXpt4KLe1u%2BToO%2FnUoWJrKJ744g5ndsr3fExHiGVHGH8gZzMWaucylujnTazVJ78b%2BzAYwd6boqAbnacPM8wHxRTbc7g4SazZilX6Xa8pum4mZVv9%2BgYLsR5M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65951e194504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 regular.woff2
corelight.com/_hcms/googlefonts/Lato/ 15 KB
16 KB 195ms
195ms Font
font/woff2 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/_hcms/googlefonts/Lato/regular.woff2

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddcb1e5bb52d488ff8b7e878df9d5d8a019f06891e134eb3fc01c9a35db30b8f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 13 May 2024 04:02:29 GMT
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 444bee00bd8f759506e806be3c13fa6c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 44
x-amz-cf-pop: FRA60-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: ZGXS8QX8TKD5J6NE
x-cache: RefreshHit from cloudfront
x-amz-version-id: k7W20okydYG8cztHmyIJBPhllmyj3REh
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 15012
x-amz-id-2: 15Ytr/fHOVvUqm8FqIwiLLz8SwaGZP+imGLW/JP3qxTO0YzPu1laTvbBrq+Rd1w2gne//SC6pL6MVJoWsFMtXXwD2YKgKn+U
last-modified: Sat, 16 Mar 2024 14:00:02 GMT
server: cloudflare
etag: "e70f6ac8c13883766ebf415680dde08c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9KDlM12qyEKSYZ7nYFXPvKMPQfgRgGDS1aOPIKYjD74lMWP6MltAzaOZzh2qOQi8DDIfom%2BDpqRCW7sOvI9hS9bZ%2Bjz4tBNpvLuJLYPvgezYAsB5NaR%2BT1f7eCq2U0%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 87bc65952e534504-TXL
x-amz-cf-id: ucf72zSoqVSyPEDX02chEY4ucRdlyqjtG-ib60_HTtwqwh83HCACOA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 glossary-icon.svg
corelight.com/hubfs/ 1 KB
2 KB 181ms
181ms Image
image/svg+xml 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/glossary-icon.svg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

75b750786f34efa5a804f93cc2a5ffc001904476866c1cddba29f977ba22bf8b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-148380200794,P-8645105,FLS-ALL
age: 46
x-amz-request-id: 57WGKFVFEFQEK3XG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-148380200794,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"aa9499227d33eb70bcf90f186edbac29"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701661617113
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 28de398d6bd20bc440c06f568b49c876.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KY4cu41ZSvSNligOUeFwAAYWROz6owVF
x-amz-cf-pop: WAW51-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-148380200794,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: o88qFI2SJlTyn2nq02eSxSd1EyL10sOBewjhFjjwm42SP9k7OMOdx8Rg9ts1C9vzFqpggi7ba8s=
last-modified: Mon, 04 Dec 2023 03:46:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=heHuMjYsboLizkB1FA9ixykoJGf3GjoAAvKKFNQZD5QwQky9AQuakFxbWJmLvU7qO0ai4c3j2cC31v%2BWcZL4s%2B8plqYizMDHPV4wX8SRBR1nbdP%2Bw0dRaozaBRFaXYk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87bc65952e454504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: sOzYPmvHZAhMaqfimlsy17Qf2gOB9hF4Gv5OESHS8nD-Waqs2tkkmA==

GET
H3 200 ad-images-nav_0006_Blog.jpeg
corelight.com/hs-fs/hubfs/ 1 KB
2 KB 182ms
181ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/ad-images-nav_0006_Blog.jpeg?width=68&height=68&name=ad-images-nav_0006_Blog.jpeg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e62574faf308e7dfa7c7ceca7a2ae1eac9a58354ae711db342721fc8cbe1540e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f0aabb4cf746d4b45640e8d63e2aaf1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-96854460523,FD-47159440173,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1094
cf-resized: internal=ok/h q=0 n=678+0 c=0+1 v=2024.4.0 l=1094
last-modified: Fri, 24 Feb 2023 20:33:03 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfyWrIaWgmjisn8eYaaZVBubnX2MfMW7zB-TeryskZDQ:d74039899d2fefd59d4ae8adc3e5b6d7"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSL3V5TPES%2BvdCKQ5e3MUQKk0T6NfC0VmpTAawygpBkcp7uZT1Gfpll11DxD3MAlXaUfnqq%2BdlSELNnQRONqXN01bVdboGwYasGEYPU9dG3oqNnQK69F4gQqJEzNYQU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e474504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 ad-nav-NDR-for-dummies.png
corelight.com/hs-fs/hubfs/images/thumbs/ 2 KB
3 KB 182ms
181ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/thumbs/ad-nav-NDR-for-dummies.png?width=68&height=68&name=ad-nav-NDR-for-dummies.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

45d59b6e59333d371da89e42cf92b4624df88cae51ece97c18697d5f8da261e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f0aabb4cf746d4b45640e8d63e2aaf1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-99066713429,FD-95863673994,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 2272
cf-resized: internal=ok/m q=0 n=903+0 c=0+2 v=2024.4.0 l=2272
last-modified: Wed, 18 Jan 2023 20:48:24 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfGzUbiE_1YD9o9TU5vSJx-tpy2MfMW7zB-TeryskZDQ:bd72eecbd123c61c5b482e1e48cd3a9a"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAlJhwnaORHD4J4Lj39qgB6Mtu3H1kzBv%2BYhURXKLMM5z7aEpoxvIRoCt1fdFgDPJTUaVD%2BAbA0JIbUJaPnB0c41VEfyKCTEqgznB6%2BFkgCx3NaeP7DEwZvD5CwacuM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e4a4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 video.png
corelight.com/hs-fs/hubfs/images/icons/ 508 B
1 KB 183ms
182ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/icons/video.png?width=68&height=68&name=video.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b03d579e737cbf19c079bca9aad68908bed4d72467ef7b741552936a194536

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f0aabb4cf746d4b45640e8d63e2aaf1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-118363808116,FD-95848185418,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 508
cf-resized: internal=ok/h q=0 n=37+0 c=0+1 v=2024.4.0 l=508
last-modified: Wed, 12 Jul 2023 16:45:34 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfkRrBrWLP3cwmIkJ_hOLpgNjJ2MfMW7zB-TeryskZDQ:8ac62ee91d1d48f4a39e7c84c3eb3ba1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ixfn7r46KaX34PjTqB9UW2IoDPeOe8gGsPOC5hSvNNfLOKcSGJBnhJ4uGKe2QCDTd0JJqwc4FKd1AX7LKjGPIZFAlKKkCwxvJ2gWyOgLRP2jCHG7xVx5TZR%2BJNzB%2Bas%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e4c4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 ad-nav-ESG.png
corelight.com/hs-fs/hubfs/images/thumbs/ 2 KB
2 KB 183ms
182ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/thumbs/ad-nav-ESG.png?width=68&height=68&name=ad-nav-ESG.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

14553f98ca5e7a72c2df9578326ffa7e256d53718c06f854c6769fc2f3c0b0c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 e8763d44c4998cd590854aad30f4704e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-99066710033,FD-95863673994,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1716
cf-resized: internal=ok/m q=0 n=892+0 c=0+6 v=2024.4.0 l=1716
last-modified: Wed, 18 Jan 2023 20:39:07 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfpMe3k8cY8gH8QiP_VxeE1jHZ2MfMW7zB-TeryskZDQ:d75e288999c3e156a7c582f4629d7b04"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uA4vJL404jaS4OswdeakKAo487WMm71omkSL7wQGcZFtiUIH17blU30zzgAzoa88CgWKVqsqZRftPfj5lOHDhpN8J86WtPp%2BKTvuRMD0py9fXBtAt4AWNfOTC6LiKxU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e4d4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 g2-medal-best-support-ndr-winter-2024.png
corelight.com/hs-fs/hubfs/images/icons/ 2 KB
3 KB 184ms
183ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/icons/g2-medal-best-support-ndr-winter-2024.png?width=75&height=84&name=g2-medal-best-support-ndr-winter-2024.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8806ace940f8f207fa1d6d89b34e0135860751048e12f74bee171034f48ae7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 7831077905969c90ee4e09ffe271ccc8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-150469693525,FD-95848185418,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 2158
cf-resized: internal=ok/m q=0 n=853+0 c=1+5 v=2024.4.0 l=2158
last-modified: Mon, 18 Dec 2023 18:12:33 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfbMUbUvfVX6LS76zAQMqq7Zc668Kdgoh7iUENfD8QDQ:9de547c5a91691bad8a152fa8fca0153"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rd0L%2Fy5orj4NVudMsRSr0%2B%2F6wUWAK0X8E6UhpOwK6WCZfdfSfQ2Ao1ykM0SWjBItplCLgfbcTg9oqVVTP4xyAWJndtTHcf46%2FLFrLjexCSHz63DO6QYXM9ddQF45qvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e4e4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 sliver.jpg
corelight.com/hs-fs/hubfs/images/screens/ 29 KB
30 KB 1098ms
1097ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/screens/sliver.jpg?width=800&height=501&name=sliver.jpg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f344d260103c56826c86212dca64039061c3821c3e7e38478bfb6bcc48f27cb7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1e707a645d1b585e3b6fc5ef39d2e56.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-114287466557,FD-99357069482,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 29912
cf-resized: internal=ok/m q=0 n=954+0 c=4+50 v=2024.4.0 l=29912
last-modified: Thu, 04 May 2023 19:46:11 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf0sS5Ed7J_TOdkc5ns9fNSAh0x053i_vzd06ei7YhDQ:2365c9fb8fd036f82abed5ad8ca40dbf"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLNFYOIvrGVEXkrdGGqiejDlsqqICCqWNKClqx8Je3%2F9fPK9xvqpjRP3OG7hyxx%2FXBtnjv1iwq5%2FyuNydis4rHFUMxA9ZE%2FA69Bx8610BsMRt3ODP9ESPc4gMIQDxcM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e4f4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 sliver-vt-xforce.jpg
corelight.com/hs-fs/hubfs/images/screens/ 22 KB
23 KB 909ms
909ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/screens/sliver-vt-xforce.jpg?width=800&height=371&name=sliver-vt-xforce.jpg

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

694197d3613ba4fb47387a61684cecd92f41393d8178122dc1ef019d537790da

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 28de398d6bd20bc440c06f568b49c876.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-114283414866,FD-99357069482,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 22860
cf-resized: internal=ok/m q=0 n=797+0 c=2+32 v=2024.4.1 l=22860
last-modified: Thu, 04 May 2023 19:46:11 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfOyQ9weNK9ao1JGHF9F7nCNx57J9Xg40AOtDaTqK8DQ:445616d606c07343a4d7d9bf8450e8ae"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yaO3XQunTx9xhfDoIF7Zx1D%2B8LG8jSstO9q9kfII578zVL8G8Tkp2PyDLC9A1%2FchIVz7plgIYuxpiCtdIoYa6bHYqxElf1My1HqNlFyHzxleIspC0pgqo3wCLrnp5AA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e504504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 sliver-compile-mtls-canary.png
corelight.com/hs-fs/hubfs/images/screens/ 35 KB
36 KB 1076ms
1076ms Image
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hs-fs/hubfs/images/screens/sliver-compile-mtls-canary.png?width=800&height=372&name=sliver-compile-mtls-canary.png

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09dba3f65845161538079f794a5282eea5573583ae9659e61586a72fdd09440b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 d24f708ab52a3355ee0608b56f5760ac.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-114290183766,FD-99357069482,P-8645105,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 35940
cf-resized: internal=ok/m q=0 n=948+0 c=2+40 v=2024.4.0 l=35940
last-modified: Thu, 04 May 2023 20:02:06 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfjmKA3Kobcljkzi4c9-IoCVGFE-knttNnRGfCrNYfDQ:759b3f7f806fd1358f7eb46a8d2acb32"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FhmbTqU5uC45XUA%2Bjqn5PPR7fM4ne35f1HYAms2HvlevQP5NOKW%2BVeDZKx1Vxq63aUMufKkRl7xSPX3MZmDc3MymX%2BKPRrNyRhnqbPK7Df1wh%2FtRazyJxak1LedOzVw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87bc65952e524504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 modules.25f289cf2c430c5f1dfb.js Show response
script.hotjar.com/ 221 KB
55 KB 148ms
45ms Script
application/javascript 13.33.187.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.25f289cf2c430c5f1dfb.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-875805.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-19.fra60.r.cloudfront.net

Software

Resource Hash

bcce269fe4e329e6aac07bda59f9f10948f0ff09a492146306f16bfc24a99e35

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 13:00:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 d818b372f81cbe23bb149df5877c444a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 313343
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55734
last-modified: Thu, 25 Apr 2024 12:59:19 GMT
etag: "3ff5bf469e0b33aaa48641e0415af35f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 1Y2zFUJaAn8wOte5QmtyZ5tpgXsQo0e__3ZdxNLmbJTPNKpolnWk6A==

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/8645105/640fff37-8a4e-4e98-8786-9e101fe2b937/ 3 KB
2 KB 197ms
164ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/8645105/640fff37-8a4e-4e98-8786-9e101fe2b937/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5609e0c27694a974a94ef062694dc8bbf6814993a228b22fb277ad33dbf070e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e0f5487b-b21b-4835-8a2d-3a52de9efadb
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e0f5487b-b21b-4835-8a2d-3a52de9efadb
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 87bc6596ebb7451c-TXL
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4nf5n

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
3 KB 119ms
39ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c04a1dcae520b5479ae6bf78b98c3fde47e3cf35e0a5e67843f4da3a6c6590a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Apr 2024 04:02:29 GMT
content-md5: QZ/IbhcrEcNjX5qeR2y3Yw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: CRFqAh+PSr+NSEbw2UEwhTe+StggG0la2M5wXIol1D5g4VIE0lZ4JuXEO6DxjWmU7TSL0nqnYsBFJOeaH6v1Kg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: c18aba78f71fd68d50502093bbf5fda6
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "500e1333d5dcf9b6c4ef006a2b2fe45b"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 29 Apr 2024 04:11:43 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 238ms
154ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c76dd89a767afd512ce6c6370424f39a632ebb736c16ac37952fbfd97575448

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.491/bundles/project.js&cfRay=87bc65975cd0367e-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"020909a609cf986b4a8a88cfb577a8db"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.491/bundles/project.js
date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: _rd02ux3UWoVQsATQDf.p_LxkLPJ6umh
via: 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 6cda3d52-275e-4745-8080-a718eaca32d3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6cda3d52-275e-4745-8080-a718eaca32d3
last-modified: Wed, 10 Apr 2024 18:06:23 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
cf-ray: 87bc65975cd0367e-FRA
x-amz-cf-id: 3A5Wqg8AfI-rFgJH6jRpqAQQVkcjEnlyq3q_CqXaPd1aL4HomDkHUg==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/8645105/ 76 KB
25 KB 133ms
50ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/8645105/banner.js
Requested by: Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065a69b2574e568921a51c6e9378820d9640d1f2b09961b99540ef2af05e1b3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: vrJkCHOPbDxmSp5n7ZWjTCTkMGyCsmoe
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 5EYFRN30FXW1ASTK
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 4615ba8d-991e-4c0a-b7ae-ecf3239dd9f4
age: 45
x-envoy-upstream-service-time: 19
x-amz-id-2: 6wOoW4W7Apo4iRUwg114lnKK/FnwAJTWhJnT4TjKWtVQGmFJrY7mGuReaIw/JGOS8+xfO2mmpYA=
x-evy-trace-listener: listener_https
x-request-id: 4615ba8d-991e-4c0a-b7ae-ecf3239dd9f4
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 15:16:14 GMT
server: cloudflare
etag: W/"5bb2eccf91afba9ea15995cf90dec21d"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 87bc65975e31927f-FRA
expires: Mon, 29 Apr 2024 04:06:44 GMT

GET
H2 200 8645105.js Show response
js.hs-analytics.net/analytics/1714363200000/ 67 KB
21 KB 135ms
54ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1714363200000/8645105.js
Requested by: Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 802d6c8bcc4f4034264b5a56c314adbe4aa038bc553115c4b58a9188af497247

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: R6XF5ASKPTPDSHMS
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 60a4ce0c-6092-4f73-9ca4-c28e3b0c302b
age: 45
x-envoy-upstream-service-time: 19
x-amz-id-2: k37x1w2lv3ykEX1eyPUKfffSuyWf6VX9Fsir34XoqTurg1o4wyv4xAllesbv8aiMfw45UB6yYpo=
x-evy-trace-listener: listener_https
x-request-id: 60a4ce0c-6092-4f73-9ca4-c28e3b0c302b
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 18:30:55 GMT
server: cloudflare
etag: W/"4aabbfc115a19ff5efd245848b7b4099"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-mnr7x
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 87bc65975cab18cb-FRA
expires: Mon, 29 Apr 2024 04:06:44 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 133ms
50ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-version-id: H75lIw.llLd5LbqLQfJpi4qQ6NOhCtlN
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 555
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.551/bundles/pixels-release.js&cfRay=87bc5806dc4a3a96-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 30bc50e0-1194-4443-8d34-cce4387a59e1
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 30bc50e0-1194-4443-8d34-cce4387a59e1
last-modified: Fri, 19 Apr 2024 14:01:51 UTC
server: cloudflare
etag: W/"65a4cdf8f8c613ea8f766101eea8e667"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-n7dww
cf-ray: 87bc65975876bb77-FRA
x-amz-cf-id: zc-tkFJaqFtjmqVI1eWMLVvjaaSw2aAbSykdOZlDI5MlsADjbW3hjw==
x-hs-target-asset: adsscriptloaderstatic/static-1.551/bundles/pixels-release.js

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 195ms
39ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 29 Apr 2024 04:02:29 GMT
Content-Encoding: gzip
Age: 1097
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/668C)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 33c784e7-4393-41da-aeec-41573dd7de87.js Show response
j.6sc.co/j/ 4 KB
2 KB 212ms
73ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: L7CnBffRvnniVROlOlph3rFOEGQEIfLn
content-encoding: gzip
date: Mon, 29 Apr 2024 04:02:29 GMT
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 1451
pragma: no-cache
last-modified: Thu, 21 Mar 2024 21:21:00 GMT
server: AmazonS3
etag: "cd1c533c0bed7058ef640f979dfa0df0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 9MGZET_i38l-HmdcxP3uRKLG9vUAFHK-UC9FBvcWp652qLCim7tDTg==
expires: Mon, 29 Apr 2024 04:02:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 318 KB
104 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a4dbcc243b1f0952364b5a44fb1cdd92b5af55b0f0ec917e4dd4093abb2bf245

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105975
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 Apr 2024 04:02:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 131ms
40ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Apr 2024 03:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1286
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 29 Apr 2024 05:41:03 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 133ms
43ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Apr 2024 07:42:51 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=13797
accept-ranges: bytes
content-length: 17238

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 135ms
38ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220150-FRA

GET
H2 200 loader.js Show response
www.gstatic.com/wcm/ 6 KB
3 KB 126ms
40ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/wcm/loader.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 03:09:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3162
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2133
x-xss-protection: 0
last-modified: Wed, 20 Mar 2024 23:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 29 Apr 2024 04:09:47 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
57 KB 40ms
40ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Apr 2024 04:02:29 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57850
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=20, mss=1294, tbw=6447, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: oz9OJD0HSQ3kjmqVMsi4q0egdyQbSA7zMNTYZxvdVCnq7NX9ugc0u6A52Q174IV4e9Y6jBeCDUgbwu08f9vyig==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracker Show response
www.influ2.com/ 6 KB
2 KB 240ms
153ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

57e9acd2b55f6203e1b1893a043a37416568bfaa83ef988b241117963485d3a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Apr 2024 04:02:29 GMT
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H3 200 63bc49c2df7944a70685d2a6 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 441ms
404ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/63bc49c2df7944a70685d2a6

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7eed319f55a93af9c5272053d6625464f966306068befc1929049f78f0772052

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 87bc6597ed792675-TXL

GET
H2 200 2971.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 247ms
148ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/2971.js?p=https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected&e=

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: deb0d96f-0dea-4ff3-a005-ce2c7ba208e2
x-runtime: 0.003755
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 87bc65985cee9bbf-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 267ms
177ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?contentIds=164927528298&portalId=8645105&currentUrl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&contentId=114262621716

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68f8d5c8773eebae79eb8da5a26077390902e6b781e8bc0ec7610b071034fc1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9438a243-d307-496b-8920-a426164dad99
content-encoding: br
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9438a243-d307-496b-8920-a426164dad99
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nRM2BRX%2FFEYcqp2XCScqfu0CneKMnSMBr7SRJFSWzcCG6KYKQffiPAzzD%2BrEQgm5Auo1i%2BRpXyA%2FK4sZPq1bXXxNVtIVoHFmj7jiTSyqfPi%2FS7wUt%2F0ehEwwPSh%2FO2ziRakGjvFO5YpTlj5S%2F2Yy1NzQo3dL4u4lWco%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 87bc65978a648edb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-q69vr

GET
H2 200 html Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/render/ 964 B
1 KB 301ms
211ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/render/html?contentIds=164927528298&portalId=8645105&currentUrl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&contentId=114262621716&isHubspotPage=true

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba4e63d1e8186aaa83e17925876db897aa8a22b61a0ea53d5cba3518b768993

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d7cd3125-148a-4947-a042-dcac5f2b79d8
content-encoding: br
x-envoy-upstream-service-time: 62
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d7cd3125-148a-4947-a042-dcac5f2b79d8
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gB3LeL7TbbrlKzdS%2FTxx2mgZ%2FFIJJl28y%2Bg88stLbj94CcKoZEh9fs1FKF5mHp72EBR7kpj6kPi6y%2FEMtqm4WlmSxYsqaMpWMYvEbCPYP4SgSW%2FS7f9H4UPeD4Q4TuU8KsH4Xz8MWz1PKSA97ToFNe5sVs926fWQf8s%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 87bc65978a658edb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
679 B 231ms
222ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=8645105

Requested by

Host: corelight.com
URL: https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 854b9dea-fa34-4bb9-81e7-b567b7d9040e
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=87bc65970d5965b5&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 854b9dea-fa34-4bb9-81e7-b567b7d9040e
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://corelight.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-6zsl2
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 87bc65970d5965b5-FRA

GET
H3 200 postlisting Show response
corelight.com/_hcms/ 4 KB
2 KB 238ms
238ms XHR
application/json 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/_hcms/postlisting?blogId=48251609225&maxLinks=5&listingType=recent&orderByViews=false&hs-expires=1745899348&hs-version=2&hs-signature=AJ2IBuFyf81hPH_l_6vRyXexnlR79djpvg&currentUrl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected

Requested by

Host: corelight.com
URL: https://corelight.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1ca5f84df461ff35281a377ce81fe9115558d342841f804fb19a6bd383eb780

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ee705455-a9bd-47b1-b03b-afc3701cbc63
content-encoding: br
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ee705455-a9bd-47b1-b03b-afc3701cbc63
last-modified: Mon, 29 Apr 2024 04:02:29 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZbhwK2tclyROXAr3GfDr8TTFT2dbqWPr9DaIEtVPl82VPHSFMcY%2BuMNklIho%2BvhOKlq0hUsRoI9sz9JmLZ6PwAjz4vCC9DA9NH8kCW2a7HE7hFUc1YZ%2BNwRZG7QVXM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-0-9-td/envoy-proxy-6c6c8c97b6-nfhgj
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 87bc6596e91b4504-TXL
x-robots-tag: none

GET
H3 200 free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 76 KB
77 KB 48ms
48ms Font
font/woff2 172.67.139.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Requested by: Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 44
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 78168
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
server: cloudflare
etag: "a9fd1225fb2cd32320e2b931dca01089"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwvoW5CDcdcBddsK%2BgYvXFArWKqogymslekUfFrgoUTZKkAbAQCNPb7HL2r3lu6TIMt4s0WVVUOBvCzKZJ6pYr65fpfUMY8qXLa4rujmJv16k2ZyTMqyV6uW80qjFEpWEYSPJBAHTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 87bc65970a03996f-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: atzKIFLmI9uv467z6xfihOa9K1g_gBJhAUiuu8lZA2eFfJq6MW0N9g==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 29 KB
6 KB 260ms
260ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageId=114262621716&pid=8645105&sv=cta-embed-js-static-1.273&rdy=1&cos=1&df=t&pg=5ac55411-1d8c-4ad9-b3e1-811fed6bdd22&pg=5ac55411-1d8c-4ad9-b3e1-811fed6bdd22&pg=c67f32d6-5f7d-4882-b9a4-84581070b432&pg=746a67fc-e664-42e8-8186-3095e7f251db&pg=4e06ae17-4f1b-4406-8595-cf8d8f926938&pg=3c3fe76f-b1f9-438f-8b6e-0037b6b464af&pg=b103bb72-7fdd-4d47-804a-2a2dae7c17af&pg=59624fba-bb17-44bb-ae4c-9f2b95e57077&pg=0828571a-213e-454d-af18-3755eaeb5334&pg=e9e336a9-c35c-4f6d-8147-41fcc20838b1&pg=d5ae4142-40ca-4950-89fb-258f5a4d6e30&pg=e2d17c15-4cbd-4184-8a4c-d49d230ee94b

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04a31dc279df7080fe3905c5e30e7d33a9589139a3498d84fe29f0c72db97f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: de31b607-a5c6-45ad-a6fd-a6bfe9136f31
content-encoding: br
x-envoy-upstream-service-time: 107
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: de31b607-a5c6-45ad-a6fd-a6bfe9136f31
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-db9bv
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r4sqk267a%2B5pP%2BMmSVELAS1dmoOvvJJPdeswCGDXwwQEa%2BU9iuRHyQZJGsH1aP8sbGCemuMKA5MAP1Ttq3aCs7xdDPo%2F99TqeP1e9mKIEaYU66ChwWYW%2FeWyTH8wpwVZDni%2BgDa1m%2FrOm%2BIB%2BYmJHzNofuMWKzWaTrY%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 87bc65970d5765b5-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
252 B 134ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MGJ29KWT26&gtm=45je44o0v895714547z878906126za200&_p=1714363349230&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1060882470.1714363350&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714363349&sct=1&seg=0&dl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&dt=New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1595
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 145ms
49ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MGJ29KWT26&cid=1060882470.1714363350&gtm=45je44o0v895714547z878906126za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 98ms
49ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MGJ29KWT26&cid=1060882470.1714363350&gtm=45je44o0v895714547z878906126za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=2023708273

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 304 KB
87 KB 82ms
40ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=0838d676076a6c20831157e18ee55ded

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

e2d716f407840add269aa75757784fe041246edd9ce6e528dece7d65bbc81129

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Apr 2024 04:02:29 GMT
content-md5: SShgjEYga2eIE5RTzo449A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89034
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4290, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: p823Es+GQ1EIbI7ansGlX3+GQ7p9k1sd3IFFOFNVw1HouBnqVxQ1puwSC9HQA03AsoZCysxhhiFsE0ppz8pMGQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: ca479a4b0da9dfa9aefff1ee8a8a9bfc
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "2b0135b1cb368ec22675930e4aa43841"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 29 Apr 2025 02:49:45 GMT

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
145 B 128ms
47ms Fetch
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1500
cf-ray: 87bc65983ecd2bf8-FRA
content-length: 2

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1714363349707%26li_adsId%3D36ded3fd-aeae-4011-9209-3e7cabd36369%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released...

0
483 B

266ms
167ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cookiesTest=true&liSync=true&e_ipv6=AQJLDoqu4NPpFAAAAY8oBL08IfYqccFhsxTlwIDkHhwUWnjebRGD60f0q5UPK0HoghMj5AA
Requested by: Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3E5C850E11D24BFFAE8D73766CEAE85A Ref B: DUS30EDGE0308 Ref C: 2024-04-29T04:02:30Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYXNFKGutR+dwdFg3/p7Q==

Redirect headers

date: Mon, 29 Apr 2024 04:02:29 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F55255D8834D4589A51824BB7BCC7ABE Ref B: FRAEDGE1213 Ref C: 2024-04-29T04:02:30Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1714363349707&li_adsId=36ded3fd-aeae-4011-9209-3e7cabd36369&url=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cookiesTest=true&liSync=true&e_ipv6=AQJLDoqu4NPpFAAAAY8oBL08IfYqccFhsxTlwIDkHhwUWnjebRGD60f0q5UPK0HoghMj5AA
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYXNFKDDkOvdDJqD1QNJg==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
207 B 47ms
47ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1692512688&t=pageview&_s=1&dl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&ul=de-de&de=UTF-8&dt=New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAGK~&jid=745687833&gjid=1188388380&cid=1060882470.1714363350&tid=UA-86222136-1&_gid=1078357678.1714363350&_r=1&_slc=1&gtm=45He44o0n81PVV5SJDv78906126za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=1254418109

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
886 B 188ms
156ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d18336c0-968f-46bc-ba0e-ac9254217202
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d18336c0-968f-46bc-ba0e-ac9254217202
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 87bc65982c7358f6-TXL

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
884 B 192ms
151ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dbd3984d-8fea-4c26-9eec-2163b50a5f48
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dbd3984d-8fea-4c26-9eec-2163b50a5f48
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-844hl
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 87bc659868f058de-TXL

GET
H2 200 adsct
t.co/i/ 43 B
376 B 307ms
223ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=6ab157e8-66a3-4812-a9ce-6b940c80e531&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6b7bd60b-d417-40e8-85c8-a019e2952443&tw_document_href=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 184
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 45780a548c42726b
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 27c3cfa8b57ce503fdabdecea21473608badd0362fd46041269d0563710e3105
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 319ms
229ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=6ab157e8-66a3-4812-a9ce-6b940c80e531&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6b7bd60b-d417-40e8-85c8-a019e2952443&tw_document_href=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 189
date: Mon, 29 Apr 2024 04:02:29 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 39512a4cdf9a8551
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: abfc98ba7cf0b282df9fdb2e9b52a0dce6abd1c8dc354c5eb8563aa39afb353a
content-length: 43

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 6685 0
0 153ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcorelight.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C0) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3024107
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Apr 2024 04:02:29 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67C0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
347 B 116ms
48ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-86222136-1&cid=1060882470.1714363350&jid=745687833&gjid=1188388380&_gid=1078357678.1714363350&npa=1&_u=YADAAEAAAAAAACAGK~&z=1093903191

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 29 Apr 2024 04:02:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 471244410413852 Show response
connect.facebook.net/signals/config/ 56 KB
12 KB 40ms
40ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/471244410413852?v=2.9.154&r=stable&domain=corelight.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

945d882f4df521a38228e412db2f2984a99bb9764f122d51c5113489c58bda17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Apr 2024 04:02:29 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11833
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=23, mss=1232, tbw=4318, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: hEb1EOLMWaN5nPxFVw6jftPwa1cEIxJtU8B4rwHOBwV9LZfzSgHSOsapvqCpl33omUrubxV6jOceIUARobKsoA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 65 KB
18 KB 41ms
40ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Apr 2024 23:17:01 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "662ae46d-10585"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17942
expires: Mon, 29 Apr 2024 04:02:29 GMT

GET
H2 200 call-tracking_9.js Show response
www.gstatic.com/call-tracking/ 62 KB
21 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/call-tracking/call-tracking_9.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 27 Apr 2024 13:53:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 137322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20777
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 22:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-telephony"
vary: Accept-Encoding
report-to: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 27 Apr 2025 13:53:47 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
409 B 143ms
143ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=8645105&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afb347dcdac6e7e97980a4122b941ebbfdd2bd50ce88834eb78b13944b868dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6bdd3ac3-223a-4a73-a25f-1c3ab1d6beaa
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6bdd3ac3-223a-4a73-a25f-1c3ab1d6beaa
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-275zq
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 87bc65986d6d367e-FRA

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 132ms
132ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://corelight.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://corelight.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 87bc65989ef32bf8-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 29 Apr 2024 04:02:29 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-mnr7x
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6451b33d-7d49-413e-80be-27e96b757d8f
x-request-id: 6451b33d-7d49-413e-80be-27e96b757d8f

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
865 B 133ms
48ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Apr 2024 02:44:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Apr 2024 04:02:29 GMT

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 156ms
155ms Fetch 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: 3fba2fc2-39cd-4b4c-bd79-4ab1204a7b78
x-envoy-upstream-service-time: 22
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: 3fba2fc2-39cd-4b4c-bd79-4ab1204a7b78
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-5f998ff6dc-q2n75, iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-fjl8n
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 87bc65996f602bf8-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 118ms
39ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=471244410413852&ev=PageView&dl=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&rl=&if=false&ts=1714363349842&sw=1600&sh=1200&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1714363349841.1949204538&ler=empty&cdl=API_unavailable&it=1714363349788&coo=false&rqm=GET

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=2766, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 29 Apr 2024 04:02:29 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 206ms
206ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=c67f32d6-5f7d-4882-b9a4-84581070b432&lt=1714363349271&dt=1714363349271&at=1714363349850&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8d27115a-3430-421b-ba80-d378f7e2bb70
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8d27115a-3430-421b-ba80-d378f7e2bb70
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJuRo8rj2MrlgWFXqJk1%2BJfhBG2cCXDtXeF7AQuoh%2FYXqRyVFd7Uu4PqUOUYy95Uu3wPUgxN7yNme1XxptG9oDITmv70TuzWjmUe6af2c5HVyROAEoM8aFleoMkJyC0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4nf5n
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abed4504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 202ms
202ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=59624fba-bb17-44bb-ae4c-9f2b95e57077&lt=1714363349285&dt=1714363349285&at=1714363349851&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e224437b-53ee-48c6-b319-b0a398b8d0b7
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e224437b-53ee-48c6-b319-b0a398b8d0b7
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PzlHPVwkjskjvrtSaDZLNqgPnk19jQSNwBkAU7HhbbWLhmJA7o2Nc3Xr%2FdQebxP5uqj%2Bv0ZD9%2F48obzvFpIC4rdEPw0zgXVQAemcb%2Fltwu9PMSfVXBE4W58FQWQeCqE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cq4g8
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abef4504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 196ms
196ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=e2d17c15-4cbd-4184-8a4c-d49d230ee94b&lt=1714363349541&dt=1714363349541&at=1714363349851&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0702eceb-5370-4dd6-ab6e-b08955432ec2
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0702eceb-5370-4dd6-ab6e-b08955432ec2
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7tNE1eUAEnGr%2FKkTWTwzCYbTNiwF56L4CZYm%2FJLxrOiMxnpGr7Ic6WuD4gS3VwWWBS6eVd7vwvqi9v1yIP17c%2FxzXBDqKvGaB369BWZDw%2Bob8eMfJimV5d9Ad2Uqtw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf14504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 218ms
217ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=d5ae4142-40ca-4950-89fb-258f5a4d6e30&lt=1714363349287&dt=1714363349287&at=1714363349851&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5b89ffc0-1e31-46cf-9f95-3d181d51c14e
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5b89ffc0-1e31-46cf-9f95-3d181d51c14e
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q4ANDBM4gfGI0CsTlKwtPpmpDQ9cbGD%2FS8k%2F7LbUKL14fz5775tBlqeX%2BvxknxZBL9zXVP1UFOeeb9X%2BoW7alPEWY2I4zGeM6JwVwhLeuUdpRVZcYTgfHxxsen5IKyM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf24504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 215ms
215ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=3c3fe76f-b1f9-438f-8b6e-0037b6b464af&lt=1714363349283&dt=1714363349283&at=1714363349852&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 40e1caa8-df7e-4408-87c7-ed4d9106a147
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 40e1caa8-df7e-4408-87c7-ed4d9106a147
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BH80ISSq%2FDCCh3%2FGUEjrE6ex0D0ihMT4nnBogygC6ZUsn4AQ5F18NzwLZX3Bs4b%2B2uev1x3DYKA7bKZpuWJfsHRFL%2Ff99%2Fw0EOw6zzfMy2LEg%2B7Dwn9a%2BezwFFylZKM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lxf57
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf44504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 205ms
205ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=5ac55411-1d8c-4ad9-b3e1-811fed6bdd22&lt=1714363349266&dt=1714363349269&at=1714363349852&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 899f134f-0b7d-4f8a-9f75-6307d33c93f7
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 899f134f-0b7d-4f8a-9f75-6307d33c93f7
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PzBsrHCoCDnsZcQXhCOl8t7CiKjgeptTExZuojCYQL5H3ufVQV1XIbUvQ%2F6WMc6cLf8BymUG0i7esPw4ETnlHzh6aGW0fJlhhfwDRHtCqvHR4uiBW2KOkLNaMFQwM08%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-db9bv
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf54504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 197ms
197ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=746a67fc-e664-42e8-8186-3095e7f251db&lt=1714363349271&dt=1714363349271&at=1714363349852&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b64cfdb2-38f7-47d4-b362-22226261cb7a
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b64cfdb2-38f7-47d4-b362-22226261cb7a
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WpiQpy5iSpoQGzCRDMmKbVW50va4xrlgKZpgzGNK9VSg%2F%2BT35dhG79RJXYn9no%2F89790%2Fki922S40y%2F4TtqFtUHs7IUxSYfy3QoJJstXAu9MsERHNZ04iCiaemnxek8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-db9bv
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf74504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 189ms
189ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=4e06ae17-4f1b-4406-8595-cf8d8f926938&lt=1714363349282&dt=1714363349282&at=1714363349853&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5078fefd-be43-42bd-a286-46b6bbe31f70
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5078fefd-be43-42bd-a286-46b6bbe31f70
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFsAy%2BCdQh6Hzgp04nm%2BchQN4nYQLUyuObtI7jXSj%2FSp5zTSTINe%2Bg0jHJj9aFgM4Q%2BI6xBSfoVtQLunoSvno%2BQ56H9aybw3r7kG1Oi%2BuCGymT8SfJ6mpxn96IuLidQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abf84504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 208ms
208ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=b103bb72-7fdd-4d47-804a-2a2dae7c17af&lt=1714363349284&dt=1714363349284&at=1714363349853&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 49049221-3257-496a-9b58-a4b554c5c4d4
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 49049221-3257-496a-9b58-a4b554c5c4d4
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=064nmtW%2BdPsYgfLLd5ByvJxkIj0HmrGwulN2DZIfqoczzBodfsWXlOMaQPbWNEINY71wyQNV7cfgCmjyz5P67gyWOXK51DFVS0tU6AMqxpiZxjyY%2BiZMN1rABZWQhyI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abfc4504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 202ms
201ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=0828571a-213e-454d-af18-3755eaeb5334&lt=1714363349286&dt=1714363349286&at=1714363349853&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e8a8c6ce-eed4-4b3f-8d58-a7ad7b7fd66c
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e8a8c6ce-eed4-4b3f-8d58-a7ad7b7fd66c
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TzApkWfmptzQTH7am8ULVPYN3jPjzlrVdJqGqs%2F9DC%2FwVkDoMtRUIxf7aD2zyUYR10EY1wV07rpEXbdO9LyxjCc31Tjv9hntv6E4hGfylnOBAFlJDctQdGvOptxY9bQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-db9bv
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598abfe4504-TXL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
corelight.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 202ms
202ms Script
application/javascript 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=8645105&pg=e9e336a9-c35c-4f6d-8147-41fcc20838b1&lt=1714363349286&dt=1714363349287&at=1714363349853&ae=1&an=1

Requested by

Host: corelight.com
URL: https://corelight.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1f6e9472-3913-475e-93f6-1c5c5209168f
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1f6e9472-3913-475e-93f6-1c5c5209168f
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=15jSsSRVred95FYWCI%2F6W4ZK20fCujRHBBr4%2FHSXLfAQOwSBEmXY5Z%2Ber3yc5F4R43JQl7QMyz4xbmMQohp2gO4e1LP9zYVnnM3KNtB4YUTuKhVydQCjakMj6BAsZaw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-6hhpr
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 87bc6598ac014504-TXL
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
890 B 172ms
163ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5fde42dd-63c0-45e0-8d29-9284d0f1ee49
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5fde42dd-63c0-45e0-8d29-9284d0f1ee49
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cq4g8
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87bc6598d9b558de-TXL

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
891 B 166ms
166ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f8cf6f25-5b71-41f7-8322-bfc9e0c5c2a8
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f8cf6f25-5b71-41f7-8322-bfc9e0c5c2a8
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-l7wvp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87bc6598e9cc58de-TXL

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
889 B 194ms
185ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c96a8fe7-7e89-4780-83f9-1a2658f1ccdb
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c96a8fe7-7e89-4780-83f9-1a2658f1ccdb
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-844hl
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87bc65993a4058de-TXL

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
697 B 131ms
45ms XHR
application/json 37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
an-x-request-uuid: 277aed23-da4d-4b16-9f35-a94af6830f9e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://corelight.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.108; 80.255.7.108; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
191 B 47ms
39ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
306 B 172ms
40ms XHR
text/html 2a02:26f0:ab00::214:8e41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://corelight.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714363349929_34901565_210826404_25_774_38_78_219";dur=1
content-length: 19
expires: Mon, 29 Apr 2024 04:02:30 GMT

GET
H3

200

wcm Show response
www.google.de/pagead/attribution/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham&npa=1&ct_eid=2
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

80 B
111 B

47ms
47ms

XHR
application/json

142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: null
content-type: application/json; charset=UTF-8
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87
x-xss-protection: 0

Redirect headers

date: Mon, 29 Apr 2024 04:02:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham
access-control-allow-origin: https://corelight.com
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
580 B 165ms
164ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=inline-interactive-render-success&value=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9afe0452-e378-4299-b170-c20d426c514f
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9afe0452-e378-4299-b170-c20d426c514f
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-db9bv
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87bc65993a5858de-TXL

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 130ms
50ms Image
image/gif 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-86222136-1&cid=1060882470.1714363350&jid=745687833&npa=1&_u=YADAAEAAAAAAACAGK~&z=122348289

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 50ms
50ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-86222136-1&cid=1060882470.1714363350&jid=745687833&npa=1&_u=YADAAEAAAAAAACAGK~&z=122348289

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
340 B 246ms
160ms XHR
text/plain 34.117.110.211
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1714363349936
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.110.211 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 211.110.117.34.bc.googleusercontent.com
Software: nginx/1.25.4 /
Resource Hash: cba01fb7eb3d8729d3e56309290d2e0f0293e39616df8ed6b1bd182dda2d0ad6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
via: 1.1 google
server: nginx/1.25.4
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
540 B 145ms
144ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 75983f86-6784-48ba-8480-0dd16191de8b
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75983f86-6784-48ba-8480-0dd16191de8b
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lxf57
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 87bc65994e6a58f6-TXL

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
24 KB 129ms
38ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 02:38:45 GMT
x-content-type-options: nosniff
age: 523425
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Apr 2025 02:38:45 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 167ms
77ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 27 Apr 2024 19:07:30 GMT
x-content-type-options: nosniff
age: 118500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Apr 2025 19:07:30 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 145ms
136ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:30 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 138ms
138ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e13725f521f4b7b8b185e2f10ffe13a5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%229ff21f9713e91318ec2c279ceb7110eeb77aabe5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2233c784e7-4393-41da-aeec-41573dd7de87%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:30 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 725 B
705 B 230ms
162ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 9ff21f9713e91318ec2c279ceb7110eeb77aabe5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 33c784e7-4393-41da-aeec-41573dd7de87
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 7782398169853901692
date: Mon, 29 Apr 2024 04:02:30 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://corelight.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 387

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 115ms
41ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://corelight.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://corelight.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Mon, 29 Apr 2024 04:02:30 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 9116506896786385633

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 136ms
136ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:30 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
278 B 141ms
140ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:29 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8BFB2D54524141C180D712F324B932A9 Ref B: FRAEDGE1213 Ref C: 2024-04-29T04:02:30Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://corelight.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYXNFKJWUV564wsfjkoOg==

GET
H2 200 insent Show response
corelight.widget.insent.ai/ 80 KB
23 KB 152ms
44ms Script
binary/octet-stream 2600:9000:225e:3600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://corelight.widget.insent.ai/insent
Requested by: Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:3600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 6b25d4ce9efa3f2699980e1915129606.cloudfront.net (CloudFront)
date: Mon, 29 Apr 2024 01:15:55 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 9996
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: UUqthoHneQ7cInbz8PiDYeZQer71fUSDtzZkn1OQnGEDENvODOQmRA==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
597 B 162ms
161ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350678&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2c2e5fe1-69b4-4d97-b482-617d77c31d75
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2c2e5fe1-69b4-4d97-b482-617d77c31d75
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VmZXkQ%2Frw%2BqsizHEjbRsvEmHqzk1DIzC37zyGNfnTQ83ccNhyFB4O5DebVzHMlWzp9mvdV8%2FJIvbfhcvyMN3wSAU8Ft1BGOIIlm9yhDkManc36N3wf4vfPY4M0a8eLDIFzxdQMO%2FkP6TaR61Lj3"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zs6tk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dea4665b5-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
578 B 158ms
158ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2925ddbb-fa2a-4901-be80-6b0a536c8580
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2925ddbb-fa2a-4901-be80-6b0a536c8580
last-modified: Mon, 29 Apr 2024 04:02:30 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-47s2n
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87bc659ddaad58de-TXL

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
490 B 159ms
158ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=640fff37-8a4e-4e98-8786-9e101fe2b937&fci=b5d9183b-c120-4b15-b5d9-7c64b60836d4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350680&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ffc08ec3-645a-4bcf-8594-45219e78def9
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ffc08ec3-645a-4bcf-8594-45219e78def9
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGpc0ONmFb5X8cRLx4fTAFFxaNaMqMymsSB5cwhpsp3xL%2Bqg9UrUC7AtvX%2F%2B1aeqX3udK6zic%2Bv4tQJr0QDuAmF4wuxz0pXQeSmy1S2Gw4QHvbWnkPwTzdT7ScyTwrV%2BHrTCV18KVbzW%2FK%2Fv0icN"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-z56nz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dfa4d65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
630 B 250ms
249ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c67f32d6-5f7d-4882-b9a4-84581070b432%22%2C%22d47640f6-f8cc-4fa5-b919-da8b893dd678%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350682&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2e95e077-d70f-4b27-8f9e-129b98b4c282
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2e95e077-d70f-4b27-8f9e-129b98b4c282
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXkh4%2F%2BhCWiCPaLNUDEQxVSBgQURQeAOxVe7fJITSk%2FoTBoQvPDFCPG%2FJESew4w9oN8R10PEpIMLKd3vjLcTVKoFyM1mESGsMQa39YVi5T8BpNWUENypWLVRXJhhAKIkbPn95Y5Ib7gl43zQL5zf"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-q9j5k
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dfa4e65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
417 B 172ms
171ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2259624fba-bb17-44bb-ae4c-9f2b95e57077%22%2C%22b17eb461-cd65-4d27-bc96-81f24e7c4cc3%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350682&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3957c5ed-9c65-42b4-8f62-adb10e3a3884
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 16
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3957c5ed-9c65-42b4-8f62-adb10e3a3884
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpIGRb7avKH4%2Ffy%2Fbb3XKdmSj%2BIFJzz5TnXaloqQGy5LYZEKbvD8P1X8uDIP%2FIPgrz8oysVPZjlqUcvqg4b8SxG8luX0os1n%2BJ2NRydDW8pZUIczN6ceMjTL0Y8IKomsS4KTDv0DlDuVddtYS9w1"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-z56nz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dfa4f65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
411 B 165ms
165ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e2d17c15-4cbd-4184-8a4c-d49d230ee94b%22%2C%22613de047-0f45-408c-bbf3-538cac95e5ef%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350683&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 707b5b48-d0dd-4afe-85f5-c6244339e973
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 707b5b48-d0dd-4afe-85f5-c6244339e973
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoUDAH%2BghRVM37J1bJP3JOpy0jPPcRahRrK2qAs00P5esI4CU0tY4BaKt4i4vfilM2CUncAxpEQNu9BRSgU7iV9qK5B6rhr5VjFsDSNRJP09dyq9u8bD0wlL8Uydk5Go35P0b9dJdOHoj2Flp5Sx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-dg8jc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dfa5065b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
573 B 159ms
159ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d5ae4142-40ca-4950-89fb-258f5a4d6e30%22%2C%2290e6fb43-8281-4205-b008-55479b1c19df%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350684&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c75d84f3-1ede-4987-ba70-e216647a2435
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c75d84f3-1ede-4987-ba70-e216647a2435
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e5Gq5pFxq6M1%2FcZFSkwMu7UhF4Rx8wiVTo31F1b5jBv%2Fhe98j93Mp5e%2BaZkIi3GHj%2BvRoEjHpmlk3FEiBGKmogTvtEVw0qa4Tj7uNmqWHpom9aWUQPWOGJd5VNNzW4Zh%2FkcyUvCwHljjdbfyiJAq"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-dg8jc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659dfa5165b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
487 B 157ms
157ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c3fe76f-b1f9-438f-8b6e-0037b6b464af%22%2C%22b532b31c-b756-4487-a003-c0f09982660c%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350684&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 57a05e44-df72-4d29-b1de-72fda941524c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 57a05e44-df72-4d29-b1de-72fda941524c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uAKTivF6P7cabWYPGerC2JPi%2BoClS%2Fu6CsEU87Mi13kveGNH03lCRlw21CaWtUNFIqXYW311GqFcEaBJG05dh8%2FeCR5ScHI%2BNr3VsP6j3BwTrQ3W%2Bv2P7jOYPSu2BgwCyDu5R7LUwCj6hdPt0sz7"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-rvp98
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659eeb1265b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
609 B 206ms
206ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%225ac55411-1d8c-4ad9-b3e1-811fed6bdd22%22%2C%22342049df-71c2-46e0-b967-fd4ad362f2e3%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350685&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: afd8fe5c-8471-4cd2-af82-186ee3706ec4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: afd8fe5c-8471-4cd2-af82-186ee3706ec4
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfYBvAdA0zTwRZ%2FJxKFuYNqxVfqiLXWqLnwUDlcIlwr%2B9c0dNcnjvAfGnLo8vzg%2BnXcSYsne6BEgPZFyUw6xCYPSuC0tA4STKw2PCZe%2BE%2B%2BSeMCPuSg237mk0aQBobFLbbVQcu64QgfXGWL1TbFy"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-flgsj
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659eeb1565b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
573 B 168ms
168ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22746a67fc-e664-42e8-8186-3095e7f251db%22%2C%22dbf5bd42-6020-479d-b6d9-c6d43d7af927%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350685&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ad997a9-ed47-43b7-aade-544d9b4d5347
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ad997a9-ed47-43b7-aade-544d9b4d5347
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GV0ZgJMAvgQN%2FYGfTIaW8UxB00io9h73aJkbM2hJvrp9raXueLXKDU1DtqQJ7XwsMXcCrXskGX%2FNev544AEawSNkC41k2aOg1xmf%2FvI2oWY4D9%2BAkS6Vepu2N88UJQAIdbRooJAgkNbfMNaAWBtk"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zcmkp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659efb1665b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
459 B 166ms
166ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%224e06ae17-4f1b-4406-8595-cf8d8f926938%22%2C%227bd27423-0484-406a-a6a4-564771ca9b6a%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350686&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3ec9aefb-da43-498a-bdc0-d6553a378766
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3ec9aefb-da43-498a-bdc0-d6553a378766
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnHP3pGJD9TPatOL4bB8E2Dbt%2FqpPpaBNX9IaUpso9SHSmuFfnFnRN2N2DqG0c%2FeffcUXdBsr7tyMgfogmZBDtGVwaSq4W2K0H7GbS0tDXkMCSDLRyPKqOIogtp218QjZSBHx%2FM2X8gY68U%2B%2F%2FNA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-rk2jf
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659efb1b65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
486 B 158ms
158ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22b103bb72-7fdd-4d47-804a-2a2dae7c17af%22%2C%22c01c16d0-3ab6-4b41-aec2-e39ac2a008c7%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350687&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 615b4724-8b8b-498e-b7a7-244278a1f697
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 615b4724-8b8b-498e-b7a7-244278a1f697
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sM%2FKATt8dLfgLYLFlQwDxZT0IlhBUvOq46EmKK3QlPozy%2BrDuVprciqCItihDfg%2BRUTs5GL0yNZtjTvSj42Qmbm0hXjjE%2BQfs2mYqYVSz6Qle5Ji49WZgH4ug%2F2ZCVjCRdcQwXIKOVnG45d6iqI"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-gfblb
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659f0b1f65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
492 B 163ms
163ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%220828571a-213e-454d-af18-3755eaeb5334%22%2C%22a3c258bd-173c-41ec-a0c1-96f70a8aa9b1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350687&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0b5b988a-a5b4-427e-9236-a1c98f767ae1
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0b5b988a-a5b4-427e-9236-a1c98f767ae1
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uIniTIoIKJp5aVrNF34WFnrnU8PwNNxgLdd0cLpkAsvMiNZF2x1k7dnipqbIieDqi8sTKpj0nycz9YB9jV1dT%2FRbJ7ytYg7EPjTKlE9bM%2Fh7IMuH342UoiXExGTeqwmzaGytPipI%2FjmV0KrfI%2F%2B%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-sc7d7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659f8b7b65b5-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
573 B 158ms
158ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e9e336a9-c35c-4f6d-8147-41fcc20838b1%22%2C%228b88a6bd-2031-47ff-b0a4-1242e0964aa1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=114262621716&ct=blog-post&ccu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&cpi=114262621716&cgi=48251609225&lpi=114262621716&lvi=114262621716&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&t=New+Sliver+C2+Detection+Released+-+Redteam+detected+%7C+Corelight&cts=1714363350687&rv=1&vi=dcba15bbf93355518512f204a2f4c2b9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f20c1100-fe34-49c9-9294-eb71b3b39efc
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f20c1100-fe34-49c9-9294-eb71b3b39efc
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPtduBta5dLGObNOBCWQSghuALo%2FmEIU%2BqPsQSFOPC5glCLDKSuYCi5pUHztFvBEJS4OMPOMCHPcQTXN9MRl5fWAUDnBc4p76zUWwrUS4cyD7rMV3Gy%2FATbY6vc%2FdeJfMskWy6qa7sp7NDAzwY32"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-drvpc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87bc659febc165b5-FRA
x-robots-tag: none

GET
H2 200 lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
2 KB 140ms
47ms Script
application/x-javascript 2606:4700:4400::ac40:911d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: corelight.com
URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:911d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a
age: 390525
x-envoy-upstream-healthchecked-cluster
last-modified: Thu, 22 Sep 2022 17:10:43 GMT
server: cloudflare
etag: W/"9a8767fa98da937fb02cdbbc52a101bb"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/x-javascript
x-do-cdn-uuid: 80b6018b-293e-4962-9bc8-48075e637d03
x-rgw-object-type: Normal
cache-control: max-age=604800
cf-ray: 87bc659e9cc01c05-FRA

GET
H3 200 ig-icon-corelight-favicon-96x96.png
corelight.com/hubfs/ 612 B
2 KB 103ms
103ms Other
image/webp 199.60.103.6
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hubfs/ig-icon-corelight-favicon-96x96.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
age: 2059235
x-amz-request-id: CGSTQAJCJXHVGEYE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="ig-icon-corelight-favicon-96x96.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "524c1f68c5bd490a5cd34585a3b54349"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1647625472405
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 29 Apr 2024 04:02:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 b8f7ec2a292687370773a41cd1bdc97a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Pyq.HqZ2M1EvwhMnZSiI.k5EcIHt8JX3
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1298
x-cache: RefreshHit from cloudfront
cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 612
x-amz-id-2: bfogyIlCqlqmopJXjmUt1XZuapdRcRrzCbrPNCJgKlguz88hupLMhrykwVM6hoBRMz0ZEBNoBnKqyUKEyg/YXA==
last-modified: Tue, 21 Mar 2023 15:14:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gSyS%2BRH4El%2Bf9UQi44Bj0kxeFwVBDQ5iat1d6bTJU8yq09pm20WmxN29DewCJrWFiw9kH7z7SzlB0Bx6b%2BXxrPFuH4g3AFBwDDbCkMjeqJWPSWTfk79bX6ROPhTALg%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 87bc659dfd004504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: dKukALiMQeVRTfjvx8BFWCu8_TW-LEh-09pH0MwNW7x7nhyoPgyaTg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 159ms
158ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A30%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A29%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:30 GMT

GET
H2 200 /
corelight.widget.insent.ai/ Frame A2C8 0
0 116ms
39ms Document
text/html 2600:9000:225e:e600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&event_listener=cMglkknTCUQr0hD&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: corelight.widget.insent.ai
URL: https://corelight.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:e600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 13507132
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 24 Nov 2023 20:03:40 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-id: Ke_swTKbf2pDfj9JwYhJ3FExnNBjnSvbogzfzxZf_u-eZXbu5yUPpw==
x-amz-cf-pop: FRA60-P4
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 136ms
136ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A31%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A30%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:31 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:31 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 158ms
158ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A32%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A31%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:33 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:33 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 137ms
136ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A33%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A32%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 04:02:33 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 04:02:33 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=252f078a-7776-48ed-87e3-476078482c3e&session=7dea8fc3-9ed6-44e8-88bf-9b516961ed39&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2004%3A02%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Corelight%20announces%20the%20release%20of%20a%20new%20detection%20package%20%E2%80%9CSliver%E2%80%9D%2C%20which%20identifies%20and%20raises%20alerts%20related%20to%20the%20Sliver%20C2%20framework.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22New%20Sliver%20C2%20Detection%20Released%20-%20Redteam%20detected%20%7C%20Corelight%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fblog%2Fnew-sliver-c2-detection-released-redteam-detected&pageViewId=47e1111e-7eaa-4095-8ef2-398332a83d3e&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.18

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.corelight.com/	1970-01-20 20:12:45	Name: __cf_bm Value: Aykyu_D7VXx7_1MuYlZIaI1qHdlzxwikrDAjkmkLfaU-1714363348-1.0.1.1-kHUeWjPGwhgeIRY8_bceE3WhDAEtcKMZdpQBhYct2nPxzwtIVV5uB1TchtvvSD0ZZVkY9q.jRSEeT4KuCW5Ing
.corelight.com/	1969-12-31 23:59:59	Name: __cfruid Value: d14a02e9366d60bd65180d8574dfa79702ef4375-1714363348
.hubspot.com/	1970-01-20 20:12:45	Name: __cf_bm Value: LFH1bjK5M6SQSjjxzTnCKQ6lqwz0c2G2uVwjRBfnf2g-1714363349-1.0.1.1-MSA.tO8eOnxFewCDOztlQPREhCMPyAczqMEaFdgiasac3fXmseIdresujVTXc_GYaU4BhtXc7fe4AIfEPbCjag
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: p_nqAFwAxBilCIgfp7K0kWBLnliRux7kCSXJuNfvLCI-1714363349320-0.0.1.1-604800000
.hsforms.net/	1970-01-20 20:12:45	Name: __cf_bm Value: Xx55YGbdfz1WggOqAFP91Am0Vr_pFcyF1ME6whnPl0M-1714363349-1.0.1.1-Y5Q0TTxBBzSspRxRCLJYuR_R7QZ1Lkn0y_l6hyrzAeQXgc9JEuvOJa.EZ9STUdD8U0i.6QWv4mWrR5mo99n0tQ
.corelight.com/	1970-01-20 22:22:19	Name: _gcl_au Value: 1.1.391612327.1714363350
.corelight.com/	1970-01-21 04:58:19	Name: _hjSessionUser_875805 Value: eyJpZCI6IjExNzRiMzM0LTUxYTAtNWVlMS1hMWJiLWFmN2U1YzJjODQ0YyIsImNyZWF0ZWQiOjE3MTQzNjMzNDk2MjcsImV4aXN0aW5nIjp0cnVlfQ==
.corelight.com/	1970-01-20 20:12:45	Name: _hjSession_875805 Value: eyJpZCI6ImQ1OWEwNTc0LTkxYmYtNDNlOC1iNjE2LWVjYjQ5ZWQwOGQ4MSIsImMiOjE3MTQzNjMzNDk2MjcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.corelight.com/	1970-01-21 05:48:43	Name: _ga Value: GA1.2.1060882470.1714363350
.corelight.com/	1970-01-20 20:14:09	Name: _gid Value: GA1.2.1078357678.1714363350
.corelight.com/	1970-01-20 20:12:43	Name: _gat_UA-86222136-1 Value: 1
.corelight.com/	1970-01-20 22:22:19	Name: _fbp Value: fb.1.1714363349841.1949204538
tracking.g2crowd.com/	1970-01-20 20:32:52	Name: _session_id Value: 6e825d094c33f8474a3b195d99ebf6af
.g2crowd.com/	1970-01-20 20:12:45	Name: __cf_bm Value: kObSWcOCXIHaQsRxVEsXkYynPXbU5sp0J6iA65TbSgk-1714363349-1.0.1.1-7mLj8cUshYV.xrq67HPhm4iyxvOXELsPBDRdIdj0btP1Ziyh3WulTw0vH0DxBRw4ek7.X4V2xvR8kmJ_JtO6Ww
.linkedin.com/	1970-01-20 22:22:19	Name: li_sugr Value: 91e9c608-12b1-483c-a0cf-d7c8d513cf54
.linkedin.com/	1970-01-21 04:58:19	Name: bcookie Value: "v=2&2fa35b38-c754-4d13-842a-8a188771f46d"
.linkedin.com/	1970-01-20 20:14:09	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=3066:u=1:x=1:i=1714363349:t=1714449749:v=2:sig=AQE2vtb5uv9X4uK-5jZ6wiJ_gEZ1UZbs"
.adnxs.com/	1970-01-21 05:48:43	Name: receive-cookie-deprecation Value: 1
corelight.com/	1970-01-20 20:22:48	Name: _an_uid Value: 0
corelight.com/	1970-01-21 05:48:43	Name: _gd_visitor Value: 252f078a-7776-48ed-87e3-476078482c3e
corelight.com/	1970-01-20 20:12:57	Name: _gd_session Value: 7dea8fc3-9ed6-44e8-88bf-9b516961ed39
.t.co/	1970-01-21 05:48:43	Name: muc_ads Value: 3c1ee9a3-d314-41dc-8acf-1e95ddd0a06c
.linkedin.com/	1970-01-20 20:55:55	Name: UserMatchHistory Value: AQKjMeRkQhsCWgAAAY8oBLwUHUhL3C_UfVm001AQ48adeXxxOtXSavNgAUnzWr3lwUG5D7PwJ2tRiw
.linkedin.com/	1970-01-20 20:55:55	Name: AnalyticsSyncHistory Value: AQIOZX65JQ_lHQAAAY8oBLwUy4EOlP0CN0Y1jMzCpxnqkVMlAtOWURKHy-qriGFXtlIMPkYPqHgUrC2cYB09Hg
.twitter.com/	1970-01-21 05:48:43	Name: personalization_id Value: "v1_jBYc6QrjeHYUOd+3UHzoUw=="
.hsforms.com/	1970-01-20 20:12:45	Name: __cf_bm Value: SfWsDPiLEeIXMU3BNpIPj0.pWmh7sgB5UzJKa3_GSkw-1714363350-1.0.1.1-CdZEUPR8GSyD8crRAhMElmt31KN11y4ZMV5eQsxCtnzFikLsrZqkcfaLPlh2PwReHb3lr.CrrwzejI3sJGJt.w
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: sveQXylK8r.emSr9noHgOoSYp9.vZdormf5Zj_hPgIg-1714363350110-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 04:58:19	Name: visitorId Value: 70df04b1fb30ef0a0a4217b0c6431923e6e2f3361977598cdff83c0f53751710
.zoominfo.com/	1970-01-20 20:12:45	Name: __cf_bm Value: cla5qXrC82NHFEY74ABJmEysNyTnaskZBWVgTnhhDxg-1714363350-1.0.1.1-xOLn1XziQmxGv4ZuXgZpyt8d3syiSVkQHSdLAc9vxH18BX6Q9p.sRk7N3gjGO3rwKB8mnAeaa8_z2NFdKOE_Ow
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: vuiCf..OEA7u7NjXS_42riNJrVaNY9cnyBk9twOj6TA-1714363350120-0.0.1.1-604800000
.influ2.com/	1970-01-21 04:58:19	Name: R Value: 4c0bf1bf6c26ad5a4ccc9f69
.www.linkedin.com/	1970-01-21 04:58:19	Name: bscookie Value: "v=1&20240429040230f947704b-45b1-438e-8e34-071559d46942AQG1IcrMyOgApcxAAffpXVNWQOBttqwb"
.linkedin.com/	1970-01-21 00:31:55	Name: li_gc Value: MTswOzE3MTQzNjMzNTA7MjswMjGDEBbsviagUAkTRiKWYZSNPCu6EaDBKNKQXu+8KyWZDw==
.corelight.com/	1970-01-21 05:48:43	Name: _ga_MGJ29KWT26 Value: GS1.1.1714363349.1.0.1714363350.59.0.0
.corelight.com/	1970-01-21 05:48:43	Name: insent-user-id Value: m9B6JrjKMxR6AEGX71714363352505

117 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected(Line 700) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected(Line 700) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/471244410413852?v=2.9.154&r=stable&domain=corelight.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/blog/new-sliver-c2-detection-released-redteam-detected Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
c.6sc.co
connect.facebook.net
corelight.com
corelight.widget.insent.ai
cta-service-cms2.hubspot.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.hubspot.com
ka-f.fontawesome.com
kit.fontawesome.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
t.co
t.influ2.com
track.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.influ2.com
www.linkedin.com
b.6sc.co
104.16.117.43
104.18.142.119
104.18.80.204
104.19.175.188
104.244.42.197
104.244.42.3
13.107.42.14
13.33.187.19
142.250.186.35
142.250.186.66
142.250.186.68
146.75.120.157
157.240.252.13
172.67.139.119
18.66.102.51
199.60.103.6
2.17.100.193
2001:4860:4802:34::36
2600:9000:225e:3600:f:7ae2:7780:93a1
2600:9000:225e:e600:f:7ae2:7780:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:911d
2606:4700:4400::ac40:93bc
2606:4700:4400::ac40:991b
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6811:b05b
2620:1ec:21::14
2a00:1450:4001:800::200e
2a00:1450:4001:810::200a
2a00:1450:4001:812::2003
2a00:1450:4001:81d::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9d
2a02:26f0:3500:16::215:149b
2a02:26f0:ab00::214:8e41
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.107.254.219
34.117.110.211
37.252.171.53
76.223.9.105
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
03e5a90fecdafc6bc210ac328f0907d2b0dd0c0915ab1182d91ad04efc66d13a
04a31dc279df7080fe3905c5e30e7d33a9589139a3498d84fe29f0c72db97f62
09dba3f65845161538079f794a5282eea5573583ae9659e61586a72fdd09440b
0e4d846b48db6a1963c5ee1004a73f10e8c0b374460cc602b4cb453170e8b46b
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
14553f98ca5e7a72c2df9578326ffa7e256d53718c06f854c6769fc2f3c0b0c6
14727cd82f312ef28e3f2c5b4abb127d372d32b41fb5a08dcdd297e1c3f3e5cd
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224
1e91dc52d0cccd3a463c15e7d25f63d4a36e907150438b57e46a68414c93bd53
1fa02324c8c22f4ef10a3eedde83598446d454f2fb6283a3eb6eefb00ebf959b
23481c6b52ce91d84f1e30499fe8d375edd95a1c032514b2d68fa9e263c91089
23baae74616cd8c58429a7fb4c5ac0694df76614c162129a96b2bd8e71e06e90
25358bb77160d8191367503bb11903319b17d4d93c50bfcaf2d77f77d46c9782
2699e99247cf27ee65aea99e5b995e53949cf4ef7a6d1ac6fb635d549ccf26dc
2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1
2ae7013ffe863140fac13872103ccdc68e1be3ca7f25f2d4628fc98c5570ea64
2c2c4075ecb81753440e4a79ea66ea2f22240253b50d5380b98a0f9619d22980
303e54abc5684f12185aebf4ccf849d25f39f2ed567f292d619a50b37a25a880
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
37c93bac189f71431779aeecb27465e9536e65045ac02b3f8ccd4f214e68e5eb
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
4068a0afe1bc1a747f5998d32ad97d00b5d3a0235b74c88726b361b7b1c098fb
40fd3bd4b40c69854df6b31303a10ee0ae928df767f9d790532608b22dd12077
41fa8d5539a1eab803acd6a0893a67bd12c8cd70bd6caff8a8b05e85d6983777
45d59b6e59333d371da89e42cf92b4624df88cae51ece97c18697d5f8da261e5
4ba4e63d1e8186aaa83e17925876db897aa8a22b61a0ea53d5cba3518b768993
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
558fe5be47283f45ee0e7563753df1e7aa1c4df78f853cb48f32e83dafa6b296
57e9acd2b55f6203e1b1893a043a37416568bfaa83ef988b241117963485d3a2
5c76dd89a767afd512ce6c6370424f39a632ebb736c16ac37952fbfd97575448
5cdabf9c448f9a56ffdfec9cf2dcfbb950b9c98e63646517e60bda92c9e6fe6b
5d8432db5d8bda4576c370ed3902d694f32b57b86d9e2ba5d03285c2d4336672
614164033aacd76ef1b78ef89f065f3fb8367305bfe262ad8bc2ca721755e6d6
62ec87f62b29abc96f6c7ea15665f68e9f7158815573ea1061db9438f9d1a7e2
670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
68f8d5c8773eebae79eb8da5a26077390902e6b781e8bc0ec7610b071034fc1d
694197d3613ba4fb47387a61684cecd92f41393d8178122dc1ef019d537790da
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6be1f196d867b564cb1fc2fabd1e11f56790558e8f2571e5bb0886906fe270cb
6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984
6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
72aede9f66355c4f1713297cc7cc72552c07d1766176a9d874a306849ed7126b
75b750786f34efa5a804f93cc2a5ffc001904476866c1cddba29f977ba22bf8b
7a25f02db852d211ad12b88c0744102bb08c3c196563e46ee9631f872d5b74c9
7bf0f99d4fd072d78144c191d4b7836883fbf2e2a56bfd01acd0aeac2e7a44a8
7eed319f55a93af9c5272053d6625464f966306068befc1929049f78f0772052
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
802d6c8bcc4f4034264b5a56c314adbe4aa038bc553115c4b58a9188af497247
8223c7c43eb70aab59569d668a1dd0ef1fd5b893330aac7a21325dee27cc4f82
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8634b0160bf2a010582a639309b98f4ac332bcd33fd99ccdef3f15d9bcbd48d9
897d1c10fbbd847f5378172416a6d13cf2d98744211aad17421c456c57ff5a05
8ce2dd613301891dad5c3e48cff50a944301886e0ee92f5e8d386fea7f1db52d
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
945d882f4df521a38228e412db2f2984a99bb9764f122d51c5113489c58bda17
95e1b299e52e2bbac71fcc321475f61acd999d88afca042840682d14f2c49b9b
95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
a3822338d1a5fd5e98412c492fe2ca4b5bdf36e4ece4420b17e9652d51d4aec8
a4dbcc243b1f0952364b5a44fb1cdd92b5af55b0f0ec917e4dd4093abb2bf245
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afb347dcdac6e7e97980a4122b941ebbfdd2bd50ce88834eb78b13944b868dc6
b0bf57814a6b2bd6a383a3c9dd5f579845dcc7ba20409682d1ff89899d1573d7
b3f81566d2553746a6f23a1e077cc582575c146763ddb7e62abfd3410d4ecf28
b987d7829d7e4289760ce61fceda8a9b15754f00aa2b6dcbf3600c80493fd4ea
bcce269fe4e329e6aac07bda59f9f10948f0ff09a492146306f16bfc24a99e35
bd1dce8f2e262aa0adafc29048da72397951e8c93075ff9baaedd54f8631b5a7
c04a1dcae520b5479ae6bf78b98c3fde47e3cf35e0a5e67843f4da3a6c6590a9
c065a69b2574e568921a51c6e9378820d9640d1f2b09961b99540ef2af05e1b3
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c1ca5f84df461ff35281a377ce81fe9115558d342841f804fb19a6bd383eb780
c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c5609e0c27694a974a94ef062694dc8bbf6814993a228b22fb277ad33dbf070e
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
c8401b2b8039cc56539f18618bcca1f1cef95b2146f1042fa9646ce3d16a0663
c8806ace940f8f207fa1d6d89b34e0135860751048e12f74bee171034f48ae7d
cba01fb7eb3d8729d3e56309290d2e0f0293e39616df8ed6b1bd182dda2d0ad6
cbc5aa208f0f2846e2a10efe06e75293bd2f05b8b597fcb12a3cd8ba19d4b314
cf14f6caf5c8fe88fe8af9e0a3a074dfd5a5d8260410e27d1c6e2e9d1ed76d9a
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98
d5704e52cfed847d6c72806f975864becfbcdbe144f7e2809c706a1822c34053
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddcb1e5bb52d488ff8b7e878df9d5d8a019f06891e134eb3fc01c9a35db30b8f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dedcafeb898832fb9f1111121a98b723740d84515f1417de4e6c4b21298cb083
e2d716f407840add269aa75757784fe041246edd9ce6e528dece7d65bbc81129
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62574faf308e7dfa7c7ceca7a2ae1eac9a58354ae711db342721fc8cbe1540e
e74dcf15cca4e6d0e153a358b63a5c73a4f392f519622524a6a0c678069e0803
e7b03d579e737cbf19c079bca9aad68908bed4d72467ef7b741552936a194536
e8903e555bd60b3e66725a7316fa1c399c1c330b6f207dfbf294e287857d526c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f344d260103c56826c86212dca64039061c3821c3e7e38478bfb6bcc48f27cb7
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe3d5103952724acb7cfd8ae72224a40906bf9ec91087511412aa376e8d35811

corelight.com Open in urlscan Pro 199.60.103.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

163 Requests

98 %HTTPS

57 %IPv6

34 Domains

55 Subdomains

49 IPs

4 Countries

1771 kBTransfer

4615 kBSize

35 Cookies

23 Outgoing links

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

corelight.com Open in urlscan Pro
199.60.103.6 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

98 %
HTTPS

57 %
IPv6

34
Domains

55
Subdomains

49
IPs

4
Countries

1771 kB
Transfer

4615 kB
Size

35
Cookies

163 HTTP transactions
2 data transactions