www.huntress.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Submission: On October 04 via api (October 4th 2023, 1:48:02 pm UTC) from DE — Scanned from DE

Summary HTTP 182 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 60 IPs in 4 countries across 47 domains to perform 182 HTTP transactions. The main IP is 2606:2c40::c73c:671c, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 444204.
TLS certificate: Issued by E1 on August 31st 2023. Valid for: 3 months.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:2c40::c7... 2606:2c40::c73c:671c	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:70d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.45.238.53 23.45.238.53	16625 (AKAMAI-AS) (AKAMAI-AS)
3	140.82.121.3 140.82.121.3	36459 (GITHUB) (GITHUB)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:4ffd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6811:4341	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.66.112.118 18.66.112.118	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.159.227.151 34.159.227.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223c:8400:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:880f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:90e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
4	35.158.228.32 35.158.228.32	16509 (AMAZON-02) (AMAZON-02)
9	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.204.74.70 52.204.74.70	14618 (AMAZON-AES) (AMAZON-AES)
4	54.147.237.138 54.147.237.138	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.97.49 18.66.97.49	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e3a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7d0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:579a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	54.226.219.252 54.226.219.252	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:20e... 2600:9000:20eb:5c00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:bdf::44 2620:1ec:bdf::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	52.31.99.6 52.31.99.6	16509 (AMAZON-02) (AMAZON-02)
1	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
3	104.211.35.148 104.211.35.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
40	18.66.147.49 18.66.147.49	16509 (AMAZON-02) (AMAZON-02)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
182	60

31 2606:2c40::c73c:671c (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:70d1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.238.53 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-238-53.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 140.82.121.3 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4ffd (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4341 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.112.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-118.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

3911692.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.159.227.151 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.227.159.34.bc.googleusercontent.com

webhooks.fivetran.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:8400:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:880f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.158.228.32 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-228-32.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.74.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-74-70.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.147.237.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-237-138.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7d0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:579a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.219.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-219-252.compute-1.amazonaws.com

bidagent.xad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:5c00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.99.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-99-6.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.211.35.148 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

y.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 18.66.147.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-49.fra60.r.cloudfront.net

rc-widget-frame.js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
customer.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	driftt.com js.driftt.com — Cisco Umbrella Rank: 13932 rc-widget-frame.js.driftt.com — Cisco Umbrella Rank: 298847	494 KB
31	huntress.com www.huntress.com — Cisco Umbrella Rank: 444204	699 KB
9	6sc.co j.6sc.co — Cisco Umbrella Rank: 14010 c.6sc.co — Cisco Umbrella Rank: 19472 b.6sc.co — Cisco Umbrella Rank: 7792	14 KB
8	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 17567 customer.api.drift.com — Cisco Umbrella Rank: 21298 metrics.api.drift.com — Cisco Umbrella Rank: 17251 event.api.drift.com — Cisco Umbrella Rank: 19002	6 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1290 y.clarity.ms — Cisco Umbrella Rank: 9447 c.clarity.ms — Cisco Umbrella Rank: 2092	28 KB
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 7471 px.ads.linkedin.com — Cisco Umbrella Rank: 830 www.linkedin.com — Cisco Umbrella Rank: 951 px4.ads.linkedin.com — Cisco Umbrella Rank: 7048	165 KB
5	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 25762 scout.salesloft.com — Cisco Umbrella Rank: 30841	4 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1600 analytics.twitter.com — Cisco Umbrella Rank: 1065 syndication.twitter.com — Cisco Umbrella Rank: 1900	133 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4568	9 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	176 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 691 c.bing.com — Cisco Umbrella Rank: 481	16 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 8688 forms-na1.hsforms.com — Cisco Umbrella Rank: 15083	3 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 10205 track.hubspot.com — Cisco Umbrella Rank: 4798	2 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 4608	16 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 43359 ibc-flow.techtarget.com — Cisco Umbrella Rank: 52165	2 KB
3	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1878 www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	25 KB
3	github.com gist.github.com — Cisco Umbrella Rank: 62183
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	278 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 2079	710 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9369 forms.hscollectedforms.net — Cisco Umbrella Rank: 9513	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1261 script.hotjar.com — Cisco Umbrella Rank: 1629	59 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 8079 q.quora.com — Cisco Umbrella Rank: 5327	15 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1593	9 KB
2	fivetran.com webhooks.fivetran.com — Cisco Umbrella Rank: 45891	325 B
2	hubspotusercontent-na1.net 3911692.fs1.hubspotusercontent-na1.net	61 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5551	2 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 558	35 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 1243	35 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 806	576 B
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 8895	161 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	185 B
1	xad.com bidagent.xad.com — Cisco Umbrella Rank: 19602	341 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 2076	637 B
1	t.co t.co — Cisco Umbrella Rank: 707	377 B
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 8779	86 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 4629	22 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 6573	4 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1759	8 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 21889	1 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10820	2 KB
1	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 64392	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1078	15 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	455 B
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12088	6 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 4286	361 B
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 20014	2 KB
182	47

	Domain	Requested by
40	rc-widget-frame.js.driftt.com	js.driftt.com rc-widget-frame.js.driftt.com
31	www.huntress.com	www.huntress.com
6	b.6sc.co	www.huntress.com
4	scout.salesloft.com	scout-cdn.salesloft.com
4	tags.srv.stackadapt.com	www.huntress.com tags.srv.stackadapt.com
4	connect.facebook.net	www.huntress.com connect.facebook.net
3	y.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	3 redirects
3	js.hs-banner.com	www.huntress.com js.hs-banner.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.huntress.com
3	js.driftt.com	www.huntress.com rc-widget-frame.js.driftt.com
3	cdnjs.cloudflare.com	www.huntress.com
3	gist.github.com	www.huntress.com
3	www.googletagmanager.com	www.huntress.com www.googletagmanager.com
2	event.api.drift.com	rc-widget-frame.js.driftt.com
2	metrics.api.drift.com	rc-widget-frame.js.driftt.com
2	customer.api.drift.com	rc-widget-frame.js.driftt.com
2	bootstrap.api.drift.com	rc-widget-frame.js.driftt.com
2	c.clarity.ms	1 redirects
2	track.hubspot.com
2	forms.hsforms.com	www.huntress.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	cdn.linkedin.oribi.io	snap.licdn.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	platform.twitter.com	www.huntress.com platform.twitter.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com www.huntress.com
2	webhooks.fivetran.com	cdn.jsdelivr.net
2	3911692.fs1.hubspotusercontent-na1.net	www.huntress.com
2	dev.visualwebsiteoptimizer.com	www.huntress.com
2	cdn.jsdelivr.net	www.huntress.com
2	code.jquery.com	www.huntress.com
1	c.bing.com	1 redirects
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	content.hotjar.io	script.hotjar.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	syndication.twitter.com	platform.twitter.com
1	www.facebook.com	www.huntress.com
1	script.hotjar.com	static.hotjar.com
1	forms-na1.hsforms.com	www.huntress.com
1	px4.ads.linkedin.com	www.huntress.com
1	www.linkedin.com	1 redirects
1	bidagent.xad.com	www.huntress.com
1	alb.reddit.com	www.huntress.com
1	app.hubspot.com	www.huntress.com
1	analytics.twitter.com	www.huntress.com
1	t.co	www.huntress.com
1	js.hscollectedforms.net	www.huntress.com
1	js.hsleadflows.net	www.huntress.com
1	js.hs-analytics.net	www.huntress.com
1	js.hsadspixel.net	www.huntress.com
1	static.hotjar.com	www.huntress.com
1	q.quora.com	www.huntress.com
1	www.redditstatic.com	www.huntress.com
1	tracking.g2crowd.com	www.huntress.com
1	trk.techtarget.com	www.huntress.com
1	ws.zoominfo.com	www.huntress.com
1	cdn.metadata.io	www.huntress.com
1	a.quora.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	scout-cdn.salesloft.com	www.huntress.com
1	static.hsappstatic.net	www.huntress.com
1	s7.addthis.com	www.huntress.com
1	cdn2.hubspot.net	www.huntress.com
1	platform.linkedin.com	www.huntress.com
182	69

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
blog.nviso.eu
decoded.avast.io
github.com
www.boozallen.com
www.youtube.com
www.linkedin.com
twitter.com
www.facebook.com
www.bizratings.com

Subject Issuer	Validity	Valid
www.huntress.com E1	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-16` - `2024-03-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
webhooks.fivetran.com R3	`2023-09-30` - `2023-12-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
quora.com R3	`2023-08-08` - `2023-11-06`	3 months	crt.sh
*.metadata.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-18` - `2024-01-07`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-13` - `2023-10-11`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.quora.com R3	`2023-09-24` - `2023-12-23`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-09-21` - `2023-12-20`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
bidagent.xad.com Amazon RSA 2048 M01	`2023-05-03` - `2024-05-31`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
*.drift.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Frame ID: 9C46ED4F018A1B5B32E24546242E53D4
Requests: 127 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Frame ID: A9D5E3F1B5EBC28AC5FC3151BD237202
Requests: 2 HTTP requests in this frame

Frame: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Frame ID: AE3BB2F87AE4C40BDDF9092674AB2727
Requests: 48 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

182
Requests

98 %
HTTPS

57 %
IPv6

47
Domains

69
Subdomains

60
IPs

4
Countries

2478 kB
Transfer

7271 kB
Size

64
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login Access Your Huntress Dashboard

Search URL Search Domain Scan URL

URL: https://support.huntress.io/
Title: Support Documentation Technical Product Support, FAQs & More

Search URL Search Domain Scan URL

URL: https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shellcode/
Title: Nviso

Search URL Search Domain Scan URL

URL: https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/
Title: Avast

Search URL Search Domain Scan URL

URL: https://github.com/avast/ioc/tree/master/CobaltStrike
Title: Avast YARA

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/speakeasy
Title: Speakeasy tool from FireEye.

Search URL Search Domain Scan URL

URL: https://github.com/OALabs/BlobRunner
Title: BlobRunner tool from OAlabs

Search URL Search Domain Scan URL

URL: https://github.com/matthewB-huntress/APIHashReplace
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/hash.py
Title: https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/hash.py

Search URL Search Domain Scan URL

URL: https://www.boozallen.com/insights/cyber/shellcode/shikata-ga-nai-encoder.html
Title: https://www.boozallen.com/insights/cyber/shellcode/shikata-ga-nai-encoder.html

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Tk3RWuqzvII
Title: https://www.youtube.com/watch?v=Tk3RWuqzvII

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/matthew-brennan-69b96bb9/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntress-labs/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/huntresslabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/huntresslabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Huntress/featured
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.bizratings.com/Huntress-Labs-Incorporated
Title: BizRatings

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1696427275728%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fblog%252Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cookiesTest=true&liSync=true&e_ipv6=AQJiBVv1-QaplgAAAYr68fka30Jdmoo88jIYjPT-1l5Y3q5sQVhyPRL_2pppjQrzbjDdS_wp5jmlLg

Request Chain 124

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&RedC=c.clarity.ms&MXFR=033BEDF9479D62DC32C8FE59439D6CF3 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&MUID=2BFFFDA3D91B68A4327DEE03D8B16960

182 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection Show response
www.huntress.com/blog/ 182 KB
32 KB 306ms
150ms Document
text/html 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d80315d0a8333bdf7577d73e5bbd4cbef33296faa538c8f238d72a8b91a8482

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 810de122cf7403e0-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 13:47:54 GMT
edge-cache-tag: CT-134943384135,CT-66424554568,CT-79726081300,CT-84459847216,CG-39343107504,P-3911692,L-37647219354,L-38940492861,L-97832688913,CW-37647184945,CW-37647219358,CW-37648091485,CW-37648262592,CW-72308060713,CW-97827380338,E-37640723000,E-37647164007,E-37647184944,E-67886983812,MENU-38395296852,MENU-38397117900,PGS-ALL,SW-4,B-39343107504,GC-38395296829,GC-97827380396
etag: W/"49201cb0526a1ee3034cf0936ec965c5"
last-modified: Wed, 04 Oct 2023 01:04:24 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
permissions-policy: microphone=(), geolocation=(), camera=()
referrer-policy: strict-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSM7LxcFLo%2BXIUxmfwMbIoZMvsjpXIGaThFH2H4lMzC3s%2FgehEJyn2lodmEtr9flOfaHMmIj7sL8JoM6YsKGNXs1gQzkG0fsfyzrvCIdK2tTBBgw9xMu6zNowxEbOjuTDs3y1EppyzBR2yuhngs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 66424554568
x-hs-https-only: worker
x-hs-hub-id: 3911692
x-hs-prerendered: Wed, 04 Oct 2023 01:04:24 GMT

GET
H2 200 module_97827380338_POWER_Header_V2c.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1695650287044/ 9 KB
4 KB 55ms
51ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1695650287044/module_97827380338_POWER_Header_V2c.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9376df9b8822a7f057796704e3cb466577faa32f94b2460a2429944cc16c9489

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: MYAY72GJQPVGWEYA
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"9e5756eb6d9de94905780a4ca74a859a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1695650287044
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 d0e0fdfe87d75193de6278b5eca393f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YZ6SA15lDspFe0biCmo8ROFrpQybskTv
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 11c0f6f5-509e-4733-9cc6-fbb79c1a0a32
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5/O6tFY6b+IGEglJ7u8+RMF0JaDfEz3ljxgpKBMaZhcvYWgpWU3WBCoVXsE3ynNrvx4HWTe9JWM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 11c0f6f5-509e-4733-9cc6-fbb79c1a0a32
last-modified: Mon, 25 Sep 2023 13:58:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zobeEhh9iHcm3g0AoEfVHxQBvXy2hd5fXVoMIn1dL16fjeGuyp2Tqzh%2BjL18h0UhmD2r9q62UeUuPGJ%2FgeBRYCrEh%2BunOcfOqwF9q98NliWmtEmf7lWtWqgHGxIf4uPi3WEfam%2Bcb5jw4XZO0Ss%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-64d7c958d4-ptvwt
access-control-allow-credentials: false
cf-ray: 810de123c85e03e0-FRA
x-amz-cf-id: vfj1WGEU7WMF2CHRVrsYU1ni18DgLQoz4PJqd7Nf_f760gTauGolmQ==

GET
H2 200 module_37647219358_POWER_Blog_Post_Header.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/ 74 B
967 B 55ms
52ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/module_37647219358_POWER_Blog_Post_Header.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: TXTWNYN5A2MAME0J
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"69dec35879b2f3061c26e9b58f93b109"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1639032908209
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 49upZA48BAIxdOk80QHxcPVW7u781vZq
x-amz-cf-pop: IAD12-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 114
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j6cke6u+K9ftBD4JgD9bS9gkFeHOn1zbDGu0kJtCVSBf4d7xoO7YASABCBoCFNWavrAQirEo0zw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b6de1fe2-7949-4580-9225-d9877259b35e
last-modified: Thu, 09 Dec 2021 06:55:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBkmF0%2FH5QuEXflrbzZTTgCypZgYAUix0gabwYxYlVGs5UT2j3mFEY8AHLK0SzXpW6XWPE9XaB3UjFUhcK8btusCt56OUa7DIzt%2BE96tHs8HtkimpIsw26iVtjukmOtwJYoSCSEyBl5ER5uM5ZU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 810de123c86003e0-FRA
x-amz-cf-id: Blm0b3qBh3iN12Cc4mK57ww7U2ncajK05AkYKQ2hfCHrpHS__wXreA==

GET
H2 200 module_37648262592_POWER_Blog_Post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897767095/ 3 KB
2 KB 61ms
59ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897767095/module_37648262592_POWER_Blog_Post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: SRZYA51K2AWBZD9P
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"32d40d380ad9ef9fa7e8201229f3af48"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684897767095
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2N_OvH8qkRvBOxJfx8AC8YDbr.hUy2zf
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 148
alt-svc: h3=":443"; ma=86400
x-amz-id-2: b6z509ah5i55HvTFgy3BtgWvHAqfOSM6RBn0XXcGr6NSFx1sNbDrv+G5pbQsO7MnAbP9phga/Qk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a6b4ac2a-88fd-4d8f-aff2-8c3bfbeba0bd
last-modified: Wed, 24 May 2023 03:09:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36MFLFKTpAFpK2YoLM9s%2F5mApG102XfoMy19dL%2BA4PbnamvKNk9nDnXidISpTfEQ399agDTk8PfwOah%2FRFyLw7R9wJZQ355JqRgtJcBx1D54E%2BOufzZZIMYO%2F2TpL1FzWbf73qWNfX%2Fny1c9gZ8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 810de123c86103e0-FRA
x-amz-cf-id: W-daEw5KzpnXYgLT9qKy-YECCMPkOM5ADQe_2i2_feBcMyP1EmyCLA==

GET
H2 200 module_72308060713_Blog_Related_post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/ 980 B
1 KB 59ms
56ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/module_72308060713_Blog_Related_post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: 10V13YW1RGWRM2ZK
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"367408b281056af8212339a4673151f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943698
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 98b2021a1a69853671ec2390cb8757f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PvcH1mnBAoQZmMyjaqQqh_SH9bmBXz5d
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9b9pXyJB3MjFKREWo+lDGEpgFvtPkmzsAFIBaicBiNdOyTOJXTNpPnrW4waDDZM2woerQeI6htqqDo0OniMI3A==
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DEsNLzQSK0Rdk9f%2F7UsoJ4QKV%2Fl6Ie5vehZ8%2Fe%2FNd3MJlVGhyabvlp7%2FeblVQw95S8u0O8RCi%2FfwkfayZW8nvIkXOIEtWzjfmEvedBld6ZhrBMBYZoS7Qoe79SplugeazcgWPbClgaqkqhMnl7I%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 810de123c86203e0-FRA
x-amz-cf-id: rkBz9JTuVWvU9JMXLq3V-GxzmTXJ3fxXxfX13OoEgDP3800sGjcq7Q==

GET
H2 200 module_37648091485_POWER_Footer_Full.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1684898810500/ 576 B
1 KB 66ms
64ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1684898810500/module_37648091485_POWER_Footer_Full.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b5765cdf7d4f072406ef5bfeecee9b32bff67188fd51806fdb3e33dd947d083

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: GYAPQ5AA20E9ME84
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"9a99157071cde4851612764968f3d978"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684898810500
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: R.csxy8CglfZBKioFoVylJ7B89DN_Gka
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6E+DYBmtrRhwgvNq1ZV+sX17kiaVjvKA/4LqcfnplNNkf0/bbbDYvB9WtnZ7YbswdSTRzvKs5Fw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7037ee43-2785-40a2-a28e-9d22c3f605e2
last-modified: Wed, 24 May 2023 03:26:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yoB8BeAN8ZjHMH%2BAv1RaHhFl3fDTx0UloFY7GzXpznriClhk95WHQrl26C3fROSSSbz0dLK%2BvGmhcbO5VI8LyE%2BkOjrXa1tWTpOn55ICbqztS4AAqEYo10ZTKIwRYCWPW%2BRganXtHduHpT%2Fd%2FYA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-ph7zk
access-control-allow-credentials: false
cf-ray: 810de123c86303e0-FRA
x-amz-cf-id: 84onbyULirEew67nNSVhlmukUo461wnh4QiS-wuoedjAPO8tvl2miQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 297 KB
96 KB 119ms
46ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

651e27cd0b2fd48c7031178d8211942aedda19cb9c72c5d5e2dcd06e7adb8416

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97865
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 04 Oct 2023 13:47:55 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 92ms
22ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:54 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1189175
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-eddf8230067-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1696427275.916331,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 11, 1037251

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
code.jquery.com/ 11 KB
4 KB 98ms
28ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.3.2.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:54 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1626654
x-cache: HIT, HIT
content-length: 4165
x-served-by: cache-lga21924-LGA, cache-fra-eddf8230067-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1696427275.916483,VS0,VE0
etag: W/"28feccc0-2bd8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 49, 36231

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 148ms
27ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6722) /

Resource Hash

5c6f31160a0f55d0638e50cce257a2de05f2c500e0ae1a95a0a898a87a36c232

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 3006
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163637
x-li-uuid: AAYG443xjnilS7xfjXRK0A==
last-modified: Wed, 04 Oct 2023 12:57:49 GMT
server: ECAcc (frb/6722)
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Wed, 4 Oct 2023 13:57:49 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696354098456/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 120ms
51ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1696354098456/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 73114
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696354099171
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 13:47:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b4aa0f58-b813-4c98-8c50-b99479c9a73f
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b4aa0f58-b813-4c98-8c50-b99479c9a73f
last-modified: Tue, 03 Oct 2023 17:28:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhm6poA5SnUzy2S0yhuQ9ywB%2BNJjoiS75xp%2BmBQBGrdulH5JWfOk%2BKGfQof2VLM2H90UWrV6OrBFLFirLbyKWsZipPwarwbNiQmm2dKY0E7mI0zLSVOFEyMu%2Fymoe%2BQtE66Dd%2ByIOXUzrxA4%2BZE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 810de124389d9b6e-FRA

GET
H2 200 pwr.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1695646648695/HL_Theme_2021/Coded_Files/ 249 KB
43 KB 57ms
56ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1695646648695/HL_Theme_2021/Coded_Files/pwr.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73ab1048c20bc0aae0f9e67722f61248df8c8d36db65ba0389c857c44bff44da

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: BPVWB2TE9K5R899P
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"0bd6e8d397d6f831ece5f00ca9dbd1d1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1695646650179
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 8917feb7a0623473126b94dc50f359fa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xqo6ukzYnDz8fhMe.hH8T7SHonEec0XN
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: eaae3ffb-542e-49d1-a62a-d5281b65c635
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 337
alt-svc: h3=":443"; ma=86400
x-amz-id-2: evER21dmq/kxN4nVlJVznw3eWp2a7yt0KIPF5dEn356Vf5AY/M/3b8+OmWlFTnAKtQ6j6aXJkVY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: eaae3ffb-542e-49d1-a62a-d5281b65c635
last-modified: Mon, 25 Sep 2023 12:57:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Ba6cPSYP2qHoyIrwf6MU3cu6uDzZsjmzt%2BWlwavz%2Fo%2BxhwNpTqG3spNjcgtwnFUCfhRQbTI29X6DEEGXi5CEr6u3qcZzdVlZDozdzd54Hm%2B1liJfF0ETposCbiRKdA2p8%2FFzUpb9otzDIt7C%2FTE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-64d7c958d4-2l6hj
access-control-allow-credentials: false
cf-ray: 810de123d86403e0-FRA
x-amz-cf-id: tXLfNzuqZxw3mePiTJZsPolYv0y6PpchOifRbOLxuM1e5AxKUPXvGw==

GET
H2 200 custom-styles.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1690918134429/HL_Theme_2021/Coded_Files/ 5 KB
2 KB 62ms
61ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1690918134429/HL_Theme_2021/Coded_Files/custom-styles.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55162e9b494d9fc1831ba6a83f207a1ff6d85c052d821ad30d78baf212930cf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 135
x-amz-request-id: E5Q683G03XKD7989
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"0766f87b64791941ba79fc2350fc97a7"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1690918135054
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 13:47:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ecjJqSeY7kgiYSTjpULMHWneSGBFK75O
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5ce0dab8-90a5-4912-872f-a953c2324695
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 131
alt-svc: h3=":443"; ma=86400
x-amz-id-2: eLOlVwypbUAjHBn9NYm6wXFNs/RKf3dRYHM1XReWR3TF2CSsvw2kjTHR6hmBintRlcgeVz5cBUM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5ce0dab8-90a5-4912-872f-a953c2324695
last-modified: Tue, 01 Aug 2023 19:28:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EAfbnCLENS9WvxteTU1jQaOXYyk%2FZs16GKqOKaGmJ3UFUIehRecVG2CffEv%2FUsz10BxpRSfjUDc4TOafNaqCPgf4cdk1BP%2Bq1d5lAB%2BH%2B13JUEyNTVBXUowp%2B84B%2BFEM2aAJbhHpkC9K3W8yo5I%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 810de123d86703e0-FRA
x-amz-cf-id: 32uz-uPHmQ50UXu6-imfWY7wInQcG4JsVyt7PlnVNRAk-8L5QcwRzQ==

GET
H3 200 Huntress-1-1.svg
www.huntress.com/hubfs/ 17 KB
14 KB 157ms
154ms Image
image/svg+xml 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Huntress-1-1.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-83639587659,P-3911692,FLS-ALL
age: 1157706
x-amz-request-id: 3KKR2BHT9097AZCV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662015849971
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 a4a80ac7ffee78c042728f52e3f729e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CV3yu1lUsNjBX07SDUAQdESVyZxYlca4
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hWAjZHI+0cgRTPx2nGtQBliIIxbXNM3ZD0Aqy/YM281NQyEmWlT0fcJNPWHTINsGuIz2+QvA5JI=
last-modified: Thu, 01 Sep 2022 07:04:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7c2d%2BFLuETaiDpwEMNJqShCvzyOHd3e28q3nFZcNPAHYWsO%2BRh%2BODV%2FSJfJoBSMPcmJTFfvd2pJwC0BIcFeU7HIsLVQxThFURy%2FNjq9gN%2FNNUR5HOLho7EHeSdo6njcAUe59x7AEJ9tF44nCuc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810de1254f933638-FRA
x-amz-cf-id: QzS3eBWepoL0Dc5vtxd5kPA9ww-TUilAyYt6mknPfS0E69vwahQz2A==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
361 B 221ms
47ms Script
text/javascript 23.45.238.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.45.238.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-238-53.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:47:55 GMT
server: Oracle API Gateway
opc-request-id: /FA5B0F65F3DE0F3DB6F07D1D38D43943/DE07C9935152810C0B6B8EA81E540388
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 404 d43b621182c890293ba39fb530d8e20b.js
gist.github.com/matthewB-huntress/ 0
0 257ms
152ms Script
application/json 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL: https://gist.github.com/matthewB-huntress/d43b621182c890293ba39fb530d8e20b.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS: lb-140-82-121-3-fra.github.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H2 404 a3979cd837f5b3dfa94c32ea95aef028.js
gist.github.com/matthewB-huntress/ 0
0 232ms
156ms Script
application/json 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL: https://gist.github.com/matthewB-huntress/a3979cd837f5b3dfa94c32ea95aef028.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS: lb-140-82-121-3-fra.github.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H2 200 magnific-popup.min.css
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 5 KB
2 KB 102ms
26ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5003911
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1283
last-modified: Thu, 22 Jun 2023 11:06:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942b45-503"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YPj0B3543F5VHH9SpYEpwiveueJrTAp8MTFpxIKeIECAv2LfWy6qcYbBmtcDe3ikG4qQGhpD3W69jXYSw9ocJ4kih2%2F0847FBhfAjIqAWS5%2Bk8A9GO0wNLClgsO01YpPcnXOCKCWQv%2FqvL2w%2FF5cEXTS"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810de125be0836e0-FRA
expires: Mon, 23 Sep 2024 13:47:55 GMT

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 105ms
32ms Script
application/javascript 2606:4700::6812:4ffd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:4ffd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 1812884
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z0StKTcakwXLeoe6LsmOtT9C5rMpnt12Shqg%2FGmQR3xp3%2B0JBdRzOLPBsOVUqgkbMayFRZlp5PBU%2FpbBkW%2BRjAn5CGB3Oc5K9KB6QSBa0iKdbmwmsCCZ5kNFKX2mY1Ly0cjfNx9aVCRpA%2Bcx1AE6EdLkwJw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810de125bbb330c9-FRA
x-amz-cf-id: wPYzpULuaMj49HnhSq9DCGfPKS4cOxbh-bH_kUMQKu9WYEdB65lO-Q==
expires: Thu, 03 Oct 2024 13:47:55 GMT

GET
H3 200 pwr.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1687185407986/HL_Theme_2021/Coded_Files/ 153 KB
39 KB 73ms
69ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1687185407986/HL_Theme_2021/Coded_Files/pwr.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5a421dbd597a94360622aa975ff3c27809a08e5ddaada7832a692c3b51c5eeb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1717
x-amz-request-id: WS685CTTK3FY23QV
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"8e806318ee2a202f50bd8cb20fd2a402"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1687185408717
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rRKXCqkyBDcRwPX3bFJeQzRBVXD92P5D
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 130
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VMnllWY7QTJoNw8ac8LuT9j6adTeKqkxz0zRkzQnypF6EMFRHs5D9+tj81rBAac75Y9WtspnUiMw8vJ3S22DsbprX+ChlnWAUmXc9SbA1BM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5e18933d-dc2c-4879-84e2-bb7ee568e748
last-modified: Mon, 19 Jun 2023 14:36:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axGXtn1St56jCVzbR0B3XYPd0yv4paoT%2Fdb3TxbRin9PCPcN8MCqOe9i1F2xkzB1q2LEcpAxNZfobLutumyyCKp1wTfvdnhJA8bB8mjXwUFSyaZc%2BRDmiArwEQak%2Fzk8aaDlsYCyMaoWBZrvFSY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials: false
cf-ray: 810de1254f893638-FRA
x-amz-cf-id: 7hMKVPCKIBSjNofagciOvM919pKypq1I49SuopSHuu6dGRRHWVBxXg==

GET
H3 200 project.js Show response
www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 111ms
107ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 21198333
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mwdwgu8sjI4VZCQYNzsVzZCI1nxWNpB%2Fj%2BmPI5izAprsO6ykJW5nxbkjwgiRVOfcv6g03HC0RPUFav6JSGCqzfuFoEHsxBCuizeUgdkRKiZvLAcysExFn3At9aba%2Bo7P0LeqQ2Rzr5NLmXN7rU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810de1254f8c3638-FRA
x-amz-cf-id: ZmuEZCCdZrm5xyAia8nJAfKJsHaYaoSZxaKdSs-yqLaOz8YTH1JBVw==
expires: Thu, 03 Oct 2024 13:47:55 GMT

GET
H3 200 module_97827380338_POWER_Header_V2c.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1695650286213/ 490 B
2 KB 70ms
66ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1695650286213/module_97827380338_POWER_Header_V2c.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db6b123f97b64be2a35c607c2d290818cea4f045f157b7499d1e57797b52f66

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1717
x-amz-request-id: MYAG7FFE2DER4SEY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"15ca550d80a1ae79be0e037f4d84d584"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1695650286213
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 c8621b8fc24efa8fdb4d4763ad6a7e38.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rLRUZYgiIMgW29KlzTk6qgxSiRIzaq_N
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c7463205-c9b7-4eb9-b592-039606bdbd82
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 181
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UzP73vmMYgkK+L7R8ivyEc2ppKtNPU/B26e1iUuga5ZhHbL4qYtBBZ1xV26cidVqC47jnn16QaEeBLSwZ/OB6c/S1LJeuHr+iMRD4QBcYlo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c7463205-c9b7-4eb9-b592-039606bdbd82
last-modified: Mon, 25 Sep 2023 13:58:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rd4nl1dyKNu10vzKkvuu850vLN9QvZsYnx41pheLNxOnSJrFcI3UYIIwfAf8iyIahHt5i5Hz5e4fcj%2F4oDwAmczH5eBeGiHLwkwq9Q1aI3dxv7njTTR%2BOSWypuqSpdQI3P4%2FPKKrf%2FR8AKkdNK8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-64d7c958d4-ptvwt
access-control-allow-credentials: false
cf-ray: 810de1254f8e3638-FRA
x-amz-cf-id: r3pHB2dQMUWwe9tigO0djaG5sI0dqKx3k1D8gXSmafl3gxHD8bLS1g==

GET
H3 200 module_37648262592_POWER_Blog_Post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897766490/ 933 B
2 KB 111ms
107ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897766490/module_37648262592_POWER_Blog_Post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1717
x-amz-request-id: F43T57KCXSAC1BH6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"005ba15488b184ae927f2bb08fa5a345"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684897766490
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 21H43FXQjaJWBvLJlB0WIq6ue3j9mZAD
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 126
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YdhiJqpvMVbKeejZdx0SsxKxG35kiNfGaSze5Q7x9hxXP8LGP5upBo+m+UAdATsCwUaXr/ZlGWw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9303b042-6302-44f8-b27d-223b83b8fbab
last-modified: Wed, 24 May 2023 03:09:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTMdq07mQwxjXjgJ2L2V9bLfxGp0giBytAdnwr3p%2BNLyaSCCr3FQmzN2EmmwkL7csIuDC452LpZnurnCOP41w5L6Cbo4m5KpwRRfy7wYssvyFAWVwR79MC8sAKnGAkv%2BcwrxXtDi1wjkPyn%2FPz0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-qbhrx
access-control-allow-credentials: false
cf-ray: 810de1254f8f3638-FRA
x-amz-cf-id: _LJLCdiiFXxwMel2650dgTfc4ppV8R_QPphuQ08iNdw59tX99hhPpw==

GET
H2 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 105ms
31ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2316886
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6547
last-modified: Thu, 22 Jun 2023 11:06:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942b45-1993"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hhiUOrhICXS25ZdAsN2IFmxGdm4%2FSigPwgquNOtEUkRJkT%2FAbBwJzanepLVpu94qQT4BS9CoGceo4GLOp%2B7Gk1G5RBc3rP8XdyFDD30JRRRKLXttEeKmjyR4yV%2BVSLO8MRPWEQrUIXpFuOXdZEEV3ke2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810de125be0c36e0-FRA
expires: Mon, 23 Sep 2024 13:47:55 GMT

GET
H3 200 sticky.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/ 3 KB
3 KB 64ms
61ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/sticky.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 8bf94e29f889f8d0076c4502ae008b58.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: IAD55-P1
x-amz-request-id: 8KNPJ3ENXMKYT4R4
x-amz-server-side-encryption: AES256
x-amz-version-id: oIU6rHYsVQSZOhrGoqvW7sFAXkwuMMSC
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Z5MNfVmOLZe7YtHotnCH2JF32pIqtdj3a6mKC9nK2d6np9GX0NAS+ycMYUjNpZTGwYvnG0qZwi8=
last-modified: Mon, 07 Mar 2022 07:07:33 GMT
server: cloudflare
etag: W/"55ae62a2138b0ac2dad2cd6f3fc3decb"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1646636852583
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0UFma5oasRkFipAzttuBxAyD94g9aq6HWa55i8KRR7u9CFnkXjf5O1xq0jKIg2Y8qMuGwV9gLR9QFncvGh3HERoPJ1HP0aZdsg8lJnaVMi21ejmfaqs2AK0wkGvwPQQ2uH4tHQAiyEu38jjQII%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 810de1254f903638-FRA
x-amz-cf-id: -pKJTQF_O7sLVRtj5n9tb1qGm-GvZU3IIRB5AbAMO5n8v5e92mVO7w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_72308060713_Blog_Related_post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/ 365 B
2 KB 71ms
68ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/module_72308060713_Blog_Related_post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: X0F01EFP63T8AP9V
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"136cb371b82e4f0a84d11b654e92bb11"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943002
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SBG.fyduSO9gOy.FmtNERc3Ncw_1ixXc
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 104
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OIxHDs7GidxTzTdvPu1mliV9+caxIeFzCrLTXemwlocAiaHXaUeZtlcZ7nFcdeQmTri6RyY/RtY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 59ac5843-71e1-4ff9-afeb-25a331e8f60f
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6j4oOQ6Px1rnTS1Gq8n3u3SRsyWojPxpJeKayxVao8iAaLSWSx7%2B9kUu7jBxvrCltN2mnMfnpH0TwvtG0mm3rBuwKlbpd76mh40xgbnO5WEDemzePfWgGeeMlPATM7qOjx4MGUCwaAtqmEJtgMg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-bfv6p
access-control-allow-credentials: false
cf-ray: 810de1254f913638-FRA
x-amz-cf-id: Zum8AzxQT7HHRrSRAO9nfgkeJcB33_VMtV82uChrWjdgeLVkzxWu_w==

GET
H3 200 v2.js Show response
www.huntress.com/_hcms/forms/ 549 KB
181 KB 70ms
66ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/v2.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 434
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3812/bundles/project-v2.js&cfRay=810dd68fd5f918bd-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"84d6c03b19ba72ee08ca8c27dee147c2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3812/bundles/project-v2.js
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 4b09e6_AhU37WJHx62r2StyRWH0KMlOF
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 32f8999c-5f51-4317-b2c6-396ecadddc3a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 32f8999c-5f51-4317-b2c6-396ecadddc3a
last-modified: Fri, 22 Sep 2023 08:13:06 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAp6WS1ENrxaMDxQlZZe0vxtVRdJUqguDJUTmf0eB3UHnGGh2cJz%2F6drbls%2FavtZ2uF%2FIZ0RKMhceDAsskIFBoovOwP6Xv3VfaYtwGdHgTMVCcLJGmSKrrfpCS9HDujzPrOxgrJx74cbN44su38%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-cq5v7
cf-ray: 810de1254f923638-FRA
x-amz-cf-id: VcQr0Vrupi7bnGYBCSukpJ42NCEupABFm7rSXwB1927U3WoDuqK7XA==

GET
H3 200 3911692.js Show response
www.huntress.com/hs/scriptloader/ 2 KB
1 KB 442ms
439ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc80f8a5a029891c055caa5004004155f2124a66b80ad39ab2b11bcdf80c1162

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 62154ee2-6de8-443e-b1ec-5ac79055ed5d
content-encoding: br
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 62154ee2-6de8-443e-b1ec-5ac79055ed5d
last-modified: Wed, 04 Oct 2023 13:43:01 GMT
server: cloudflare
x-trace: 2BC249BE351DF08FBCD90BBC84D745A070728C3BC8000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-2mvs8
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHrxI9wDiz8%2F9Vi%2Fg6xvZwcXR0vMJ4Xi0YJqHiyRdkGQeg3PF4Tb26b66pFiE3pxDaZEJOSKPfsjhIUeYiHbxPDVp5CT%2BYlRsAE9s6vKkLiB%2Bv7NndZ30I0GBJ96I4SsIrWcmUtWPh%2FeO5JQgSs%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810de1254f943638-FRA
expires: Wed, 04 Oct 2023 13:48:55 GMT

GET
H3 200 index.js Show response
www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 160ms
157ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 60e71fe7e3db53eea86ce8b59ae62a6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13894717
x-amz-cf-pop: BRU50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vi8YmiOkUCuJxp48RyfG3fQhx8Rj9lbuOCScHNyaZuXOgFn%2BhY0bLuXXmf9R5LReIp7ujyYW%2FvmCxAuWMW8JCGDveuKCMMP6mO1x6Hu0Stnh53Znmh7rmLp5msITX0OPZAOnvJRmffJzi6a%2F%2BbA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810de1254f953638-FRA
x-amz-cf-id: yxA09aq9s4B6PmpV6dl_-DYEUIs917gb4fJZ2aDCFGxwJJcp2hpepQ==
expires: Thu, 03 Oct 2024 13:47:55 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/ 69 KB
16 KB 103ms
30ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1633004
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15998
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-11405"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9YlaNoF1bn9%2BzGIC0qHGz9eabmFQkySZGv1k%2FK8uCxyXtaa9keojhN6EEZcBZhqDJm3VLkFSu6j78zKRwo1LxkZsrWlRUraxGTZY8sep%2F2p6lZ%2BiUCLA8pZeWeHwSkWTtWlBYJ3nm5%2BiCDcsYp8128G"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810de125be0e36e0-FRA
expires: Mon, 23 Sep 2024 13:47:55 GMT

GET
H2 200 lozad.min.js Show response
cdn.jsdelivr.net/npm/lozad/dist/ 3 KB
2 KB 102ms
29ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 40975
x-jsd-version: 1.16.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230052-FRA, cache-yyz4556-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"c17-/CtD5WDEW7iHrdmPF7CEBoqSMss"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUEb54VOwVcF5CzhGSXvrxqy9aHWCCy7HlYYwcLWVTN9SCy%2FaK5%2FsePavnpWNIC7RwmhQo%2BQJxIcOUbDHCrW7%2B4UTRfcqh%2FaG791PX48WiYeEpUIipi8iJDZGMeYtu%2FxKhzL5zBY49uEmRI5qUI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 810de125b9649000-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 323 KB
103 KB 149ms
76ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96a765fde6451cc7ceae63b9a3f59b40a7212b3eda0fd117d6ccea41d7e66405

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 105409
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Oct 2023 13:47:55 GMT

GET
H2 200 sp.js Show response
cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/ 111 KB
33 KB 39ms
38ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1189649
x-jsd-version: 2.15.0
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230073-FRA, cache-yyz4538-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"1bcc9-Fvi1pHLpkqezVQp0uCr6MtFyy4s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spATAjPY06XvQAwJnOSn6DwHs1bMpHGEYuQFLmwDzaxEnFcj6m4eojMqQP7iUb5lBSO%2BEMNwr4IkMEL2%2FYUqOhmQvo8JIMr277ku6%2BXYJSq%2BLn3znk5JsL%2F2sRG2M6xufUuepXXQ%2FfEvjFi%2BUHI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 810de125b9659000-FRA

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 87ms
25ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&f=1&r=0.32535953479287505
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 87a1c80c3e6169816a4e0d799ff9747f5d165f06c2b9fc33ca40c6124a040c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 123ms
33ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 5YYTHJRBB1PJWM24
age: 2712
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4uz2INy8q50sLd+/ireJhh3/emj5VxaoGQJuJ2NuYZKWTVe4CJVaf/ohvH5EuvOAeBBg1bE0UGMVGfceRCpo4g==
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 810de1267e311e3e-FRA
expires: Wed, 04 Oct 2023 17:47:55 GMT

GET
H2 200 5d3cypit2iz8.js Show response
js.driftt.com/include/1696427400000/ 212 KB
60 KB 259ms
177ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1696427400000/5d3cypit2iz8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
via: 1.1 8bc02eb70fbe9b20b0505e49467df014.cloudfront.net (CloudFront), 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
x-amz-cf-pop: IAD66-C2, FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Mon, 21 Aug 2023 14:57:31 GMT
server: istio-envoy
etag: W/"576cdc1c0941a520c47b54aef3b463f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=10
access-control-allow-credentials: true,true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: q0xwiMeWw7OLISiTksmdrw0aJZpveV2iZQIer6tC6C_ssFerJO3ayQ==

GET
H2 200 HKNova-Regular.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 32 KB
33 KB 411ms
347ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Regular.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1695646648695/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
age: 432368
x-amz-request-id: 6BXK0ZH7JEV1BGEK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "5a3239585a66868a9109bab6273f0a26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607406808501
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: y1_7cBbebzu1P55qghtsCfIzqKHObY4N
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 32892
x-amz-id-2: KPmrj7nSNVaM4QJlr8u/HV6p8CM1K5+xENuIAefloe0mA/NvPQbE9Dzkbej9AcvID4ryBmPLlWE=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810de125b96018ff-FRA
x-amz-cf-id: 2x-rpwgv_F12cispMCPhhIJ9e-nZ9e9jQYc8-GGyFKh2EABr6gvg7Q==

GET
H3 200 Blog-ThreatAnalysis_HackersNoHashing.jpg
www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 18 KB
20 KB 127ms
126ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/Blog-ThreatAnalysis_HackersNoHashing.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ee60ae8b8945b25992a944c5f94f47ea6d7b4a26c4f6b8b83249670a3af6bae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-94524596738,FD-65276690465,P-3911692,FLS-ALL
x-amz-request-id: DW9BMZ4RP8ZSDNYT
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94524596738,FD-65276690465,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog-ThreatAnalysis_HackersNoHashing.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "b234ba9dfc1a3705ba7759da94456dc8"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1670443244541
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4_eI7ATBpPHBfoD9fpp2eHYw7KZrvRKd
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=37708
x-cache: RefreshHit from cloudfront
cache-tag: F-94524596738,FD-65276690465,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 18712
x-amz-id-2: xTNna0p/JvZlIDQrVfDlJtKheBNWzzmYehg3Td8c9CGPTyy5EiinQqag0t0ctflmRDm6ZfMU0ac=
last-modified: Wed, 07 Dec 2022 20:00:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWv4oyYBBIBUyNnNEXGtHATATqmUvstE3GJA8LlkGfYrrfKvDiAhp4WOM3UaVvqALJI1eAeGVw3HB8GVhY5Bi1DHOctdETo07x%2BdybtJbk2fBsLEsh39AESuQCJk5hOj8ZxnG2MCHaITpsOVaLU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 810de1257fca3638-FRA
x-amz-cf-id: g2r1MjqDHkIRv57IV2SIL-R_FALLAFJWAPYZcCURAmZzYEKeVf5UEg==

GET
H2 200 visuelt-black.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/ 28 KB
29 KB 258ms
220ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/visuelt-black.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1695646648695/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
age: 1211788
x-amz-request-id: QZV0DPHVRR5E1T0X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "80407703322249fe13bbef5596e9e414"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607408610505
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: zgv.hEhHVdSF2XuwUP4L0JY36hLML11L
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 28504
x-amz-id-2: lm8CbBDwP8z1isVxgP9pDqI9IIlXhKlUkcxbHSH0/wttc3nIRifjS4jgHhgDMIhsoi661T06hms=
last-modified: Tue, 08 Dec 2020 06:23:31 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810de125b96218ff-FRA
x-amz-cf-id: vS_rrPM8ZMK8qVBonSYwknQUEodcs4mLbz-ulIquKBzxe3Y8J5L0Ow==

GET
H3 200 image1.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 16 KB
16 KB 1007ms
997ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image1.png?width=800&name=image1.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d229dd80d4ddbe230f234b51e64fb677242faac4dec50fa20c12ad447fe4746

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424679964,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 16070
cf-resized: internal=ok/m q=0 n=884+0 c=8+54 v=2023.9.8 l=16070
last-modified: Thu, 17 Nov 2022 16:18:36 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf0kk5xmBZEFJgbH_lMFlvMEV8ytWsYEZZA3AtoWVXDQ:fafd24e345bb530a1fdb5afa85cf39d9"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDANUcF50C6oH9SInnjODgLHYKdYxvkSE%2Beoc4EyHfJtkB5I%2FEcw%2FpjxLiq4pGzPvCxcfE8g14yKGBYYZh7mfiJxRalo5hNk%2FfpzCUhbt8HqbgIKWXDFn55m7BHwXiTjyVCQgDqM8anN3Z%2BcvE0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648d03638-FRA

GET
H3 200 API%20Hashing%20Blog%20-%20VirusTotal%20Detections.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 20 KB
20 KB 1026ms
1016ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/API%20Hashing%20Blog%20-%20VirusTotal%20Detections.png?width=800&name=API%20Hashing%20Blog%20-%20VirusTotal%20Detections.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b444fa240d1f7857dc19bee50a31922582f7b01c994cda341be2db1103aa72c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424627114,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 20146
cf-resized: internal=ok/m q=0 n=908+0 c=4+58 v=2023.9.8 l=20146
last-modified: Thu, 17 Nov 2022 16:13:09 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfdVq0h-GWX06EyBiy2U6zDM3QytWsYEZZA3AtoWVXDQ:2c73550dc4d8146cfef1259b1ae29bd1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ks98V0Ql8ED5H1TJ7L42mgbNlfvhzX6cEmO5OkFudxmrnmWeCe7BUlYXs0lDDkf5UItWdXIdpFflUeN%2FNOYBqCHmMccV0s4tA%2BCel8nzbtPHKFPWre4Y2IBo54ZBuUzZ0sht%2BXg6okUKacHgy%2B4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648d23638-FRA

GET
H3 200 image11.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 20 KB
21 KB 1046ms
1036ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image11.png?width=800&name=image11.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

568f26116adf4d86030f23a096e43618cc0c532c7d06ef5f39f165acc9cf8561

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424731825,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 20628
cf-resized: internal=ok/m q=0 n=907+0 c=5+30 v=2023.9.8 l=20628
last-modified: Thu, 17 Nov 2022 16:15:32 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf8_ElRrq9aXwbw3Ve7bvQTiwKytWsYEZZA3AtoWVXDQ:b74fa3b8172fbc0dc301b16ddd576149"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHxpaYfUGpV%2FPz%2B0UWC8R9OrtlGKwSuCno7gQIdFuW0o9od77ZbxEoVGc0%2FaeIhrQzDUaxJW3X07Tmr5cVht8NpP%2BKYGQmJGuvX3B%2FvvSZZoK3HurhSRg12YY0jTQTDV45tllX1fYbD%2BkYA1JK0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648d53638-FRA

GET
H3 200 image24.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 28 KB
29 KB 1239ms
1229ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image24.png?width=800&name=image24.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a0b937d13964e8573313ffab825b014a989867962759f7492cf416b24a474a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424626590,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 28822
cf-resized: internal=ok/m q=0 n=1110+0 c=4+50 v=2023.9.8 l=28822
last-modified: Wed, 16 Feb 2022 15:29:53 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfgx-scKUcp8-qufcvUxg0WXN6ytWsYEZZA3AtoWVXDQ:ec701aa9643e5aa09bf48d099c486917"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpgViIz8JtiGn7ICkzI1C0CIqM8dS5ycrrVovMVfLSwQGjb7zHYH%2Br6go9qD3gpXrhS%2BEPo8EqkkmejZ64QCzWzRRhp9V9uAEpyiNBC1jjVHxdqdcsssZj6B79SekjpBXRHbfiB3A9aiWwcLPg8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648d73638-FRA

GET
H3 200 image23.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 47 KB
48 KB 1083ms
1073ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image23.png?width=800&name=image23.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

751274a74c3ed3deb3a7b3142c3efc2e0ea2a434f3db9aca33df645c568a0aed

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 d34cf2ddbdf9774517330fee6a26e4b2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424679963,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 48386
cf-resized: internal=ok/m q=0 n=939+0 c=3+76 v=2023.9.8 l=48386
last-modified: Wed, 16 Feb 2022 15:29:52 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cffXakyCf-FT2tIXkuZbprv3WaytWsYEZZA3AtoWVXDQ:7253a28c051d55f5fb6d707631cdc672"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDBC08hSLV6i2J5l1owKcKIEMcvzo%2BVXZMHbDwG0PeeYfDobCi506fo%2Fy5m0h1Ug3V5%2FyMErRlbMDb1IyQAsYQ28vHkpa7x9oRsKn0T72al8q4EXtIHJLLYcKeaHRjbKWFerhLWqYBcAt6KolIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648da3638-FRA

GET
H3 200 image18.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 32 KB
33 KB 772ms
762ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image18.png?width=800&name=image18.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e802bfed48e0bddeec02edc41ba74ca00f520d0405ecbe8a25db6b978dd86fba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424737357,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 33230
cf-resized: internal=ok/m q=0 n=641+0 c=2+60 v=2023.9.8 l=33230
last-modified: Wed, 16 Feb 2022 15:29:52 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfpvFLZEAYoEn915eiXQctbETqytWsYEZZA3AtoWVXDQ:dd5dc76c8920f03e2b068d0b1afd0b01"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4Swvjv2IUIvsmaexrOKBZWRb1RkpAKOuVdM83ZmN5DViko6ChWyEBzrW3ViTO3xwoPyFF0kB7p%2FQPprXj3NdGuvjBoWvBpk%2FuQjUX%2BSbVbZg12QY4wf2eQZn8BXu8B0%2FgIIGKbczXle62EbB1s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648db3638-FRA

GET
H3 200 image4.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 34 KB
35 KB 1112ms
1103ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image4.png?width=800&name=image4.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6e802a287f60eac57e9c526768ac91202a7104003040836954ba3067987318b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424731826,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 34716
cf-resized: internal=ok/m q=0 n=994+0 c=2+45 v=2023.9.8 l=34716
last-modified: Wed, 16 Feb 2022 15:29:52 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfnKC16GUjGLTrJr-mGEXYJarTytWsYEZZA3AtoWVXDQ:997a9c6eec89bb94f59434529efa3466"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=simXcEx1E4ZCZlQdh5MjeYGzYqPemR2bBcgJaGUDH4wRgPd55qDgoYUlT1MujXumuvDoxsP51UZ2LvdLZbbVZG7UkIhej2ZnbxcMNRiHDRWVlsWixJVr23IlPBA2a62eQLGdOZQacXNRyDRqpoo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648dd3638-FRA

GET
H3 200 image8.png
www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/ 15 KB
16 KB 810ms
801ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Hackers%20No%20Hashing%20Blog/image8.png?width=800&name=image8.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8b54889515e3b6568115810c8d5d0a68edb0d8ec6e1306f0416b2cbabed9885

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-66424372621,FD-66424731798,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 15306
cf-resized: internal=ok/m q=0 n=696+0 c=2+39 v=2023.9.8 l=15306
last-modified: Wed, 16 Feb 2022 15:29:52 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfq_khvtBS-ixwsu_m_877VJHhytWsYEZZA3AtoWVXDQ:be46d15c4ae19e12a7d02d07c4dbedb9"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xdANMan8kUXCHDx0D%2F9oaqM6uD%2BVnDBkJv2B5e%2BcQkDag%2BU3nBaPKR8OPc1Q%2FgxQcqZnwfZw6XWEju%2B5%2FJXyd2W8lhuK4YZb1y2QhLZG4BUtx1TUuH1gRuyP9eefxao65R4Twj%2BMYu%2B128KRHCE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de12648de3638-FRA

POST
H2 200 tp2 Show response
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ 53 B
325 B 198ms
151ms XHR
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-methods: GET, POST, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 53

OPTIONS
H2 200 tp2
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ Frame 0
0 88ms
23ms Preflight
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: https://www.huntress.com
content-length: 0
content-type: application/json
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
151 B 112ms
111ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=620982&d=huntress.com&u=D3D534F9310226C4B55E2592251BE6814&h=a299b98f5472e19c2b0133964c2125fd&t=false

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 404 d43b621182c890293ba39fb530d8e20b.js
gist.github.com/matthewB-huntress/ 0
0 157ms
156ms Script
application/json 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL: https://gist.github.com/matthewB-huntress/d43b621182c890293ba39fb530d8e20b.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS: lb-140-82-121-3-fra.github.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
79 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-429191348&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e6ff2465e3587a17de2fec67fedb7892da3deb07d10610dcb9cdc481bcd3e9ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80557
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Oct 2023 13:47:55 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
246 B 80ms
30ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je3a20&_p=2133349947&gcs=G100&gdid=dZTQ1Zm&cid=149812717.1696427275&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1696427275&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&dt=Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
455 B 119ms
66ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=1696421669.1696427275&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&gtm=45He3a20n81WVGPJJ5

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 126ms
33ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220021-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 72ms
20ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 11:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 7092
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 04 Oct 2023 13:49:43 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 131ms
36ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Sep 2023 13:41:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=77292
accept-ranges: bytes
content-length: 3822

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 147ms
60ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 04 Oct 2023 13:47:55 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E8031D8599684F0EA5B6FEE951965331 Ref B: DUS30EDGE0906 Ref C: 2023-10-04T13:47:55Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 qevents.js Show response
a.quora.com/ 40 KB
14 KB 94ms
32ms Script
text/plain 162.159.152.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 004b8e51f135d2301a2f4a3095bff25c1e513cfcbfc262b2619044c013ad3fbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: JkV8DxJFOm6bAd.FN2cCEZGaprkpf4SX
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: E0AVW7RMT631ZGYM
age: 3178100
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xdT9nHBL+qwJSThTotqIkbukGUAOPSdU0lyvyol7yri+8vHTk9E6KNUZi3wwa6uZ5gQGFWiuzYjVaXswPk9hJ5igVwkld8zZ68nJlJIXo7k=
last-modified: Mon, 28 Aug 2023 18:47:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:f9b3de4bccf9cbb848acf8a33500ffd3
etag: W/"f9b3de4bccf9cbb848acf8a33500ffd3"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 810de127bd4e30fa-FRA
expires: Wed, 04 Oct 2023 17:47:55 GMT

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 6 KB
2 KB 97ms
22ms Script
application/javascript 2600:9000:223c:8400:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:8400:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id: FA0kpUmjH6379n6SM2OzYViu4FNXSGFq
content-encoding: gzip
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
date: Wed, 04 Oct 2023 07:37:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 26722
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 04 Aug 2023 00:07:57 GMT
server: AmazonS3
etag: W/"2963b0a1258588f130235cbdfe809b88"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: 6nzGxCx_7Ljsfx7dPNpVnnCHDu6dLK41KzXMXT05TLfRPAujLEDQJg==

GET
H2 200 62f67a71a4cf97008ef6d460 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 431ms
374ms Script
text/javascript 2606:4700::6810:880f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e1dbd1d972ca88ba630f39b8a0ffbea85c7d96c80f63179df534dcf112696894

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 810de127ba729b95-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 117ms
45ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 73712
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 810de1282ce99c10-FRA
expires: Wed, 04 Oct 2023 14:07:55 GMT

GET
H2 200 1006267.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 205ms
146ms Script
text/javascript 2606:4700:4400::ac40:90e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&e=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 3e84a764-1f03-41d3-8845-de94e3a8bffe
x-runtime: 0.002980
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 810de1281ba74d50-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 198 KB
53 KB 110ms
28ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 04 Oct 2023 13:47:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53356
x-xss-protection: 0
pragma: public
x-fb-debug: VW4EB3ZCCCk4ADcITquRxzjQRUzL7h/LFavuE467O0Rdb3S/bykbNw8isVlLjvdsth+fFYkbX0Rc9c4tpuodaw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 97ms
25ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 218ms
143ms Script
text/javascript 35.158.228.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.228.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-228-32.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b32a3de0fde40944e655cc5b42507b2feae6a6f02ee53ec579af91abebfe70cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:47:55 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 e666a54d-ff29-48f9-9baa-2be6ac05412e.js Show response
j.6sc.co/j/ 837 B
1 KB 628ms
470ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id: iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
date: Wed, 04 Oct 2023 13:47:56 GMT
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 837
pragma: no-cache
last-modified: Fri, 18 Aug 2023 17:22:32 GMT
server: AmazonS3
etag: "29df5bb770be8e518fe2206581f712a6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: aTPoNWY2kTgGIuUbgTPbGmRSzxhqJNgdFo1p77r7jsKexWkNTMMxLg==
expires: Wed, 04 Oct 2023 13:47:56 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/ 43 B
424 B 498ms
118ms Image
image/gif 52.204.74.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.204.74.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-74-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 13:47:55 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,80d3cf4208c1c839b5209f7124e91450,10.0.0.238,32510,217.114.218.20,,160462387915,1,1696427275.972,0.002,,.,0,0,0.004,0.004,-,0,0,197,245,122,10,34729,,,,,,-,
Content-Type: image/gif

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
357 B 411ms
145ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDc1MzJ9.cEH1s6yztON1Ehgx-719N-kMH0OD6S-0URMdFL8pAP0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 150478b3e872a9f5d733e1fb6bd469af

GET
H3 200 Netscaler%20%20-%20Blog%20Thumbnail.jpg
www.huntress.com/hs-fs/hubfs/ 5 KB
6 KB 74ms
73ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Netscaler%20%20-%20Blog%20Thumbnail.jpg?width=600&name=Netscaler%20%20-%20Blog%20Thumbnail.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

44698204afe11b45bdaf5990e948f12b41765c2f747d5130dea7d6a857f3161e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 86e0eb6c8f3eea90e0cc2d99e58af96e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-136495678820,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 5292
cf-resized: internal=ok/m q=0 n=837+0 c=1+8 v=2023.9.8 l=5292
last-modified: Mon, 25 Sep 2023 20:46:54 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfYcjANLJvKLCE9yNeiUdhmmnpe_YPQ8NgyooicLtuDQ:ac9ee51da1306d6440c58ee4857bf107"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1JqMDoAO2EfMTvy1fd%2FswKOqcQ3TH1fMH4Lrf0ndBpgHwYsSNPmMdcsvIVGjGaThOW1nkYW0EuYYFeeksKklp%2B%2Fpj8CFsOZLr%2Bh%2Fp3vWq02IAlGibnFOgOCA9YS7R0MD8wKJ1KwsE2Et3Xejos%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de1287aee3638-FRA

GET
H3 200 Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg
www.huntress.com/hs-fs/hubfs/ 13 KB
14 KB 80ms
80ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg?width=600&name=Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

70e4523c4042427c12a9c72ce6c27695bf6d13c0065819eac9468f636e2ed54b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-134956064052,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 13354
cf-resized: internal=ok/m q=0 n=834+0 c=1+10 v=2023.9.3 l=13354
last-modified: Thu, 14 Sep 2023 17:53:25 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfXqeOnU8Rlp1QQOdCSdWT_0cfe_YPQ8NgyooicLtuDQ:f90f2dc4c37dccd51fc846e60aa624ba"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8Bo%2FLEPDsP7J2aeVsdzoHomgv4kqnyKIWewZ7rmCynTnDOTTO1%2FfAs3GOM4nzUdGir0GH6KpvRp3j7s%2BnKlSkvcy6hmYTOe5WAoinjpoX6d%2F1FrUf%2FeWqCAa%2FG%2B3xC6MOw9YFPOm3%2BqLEeT0xU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de1287aef3638-FRA

GET
H3 200 Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png
www.huntress.com/hs-fs/hubfs/ 100 KB
101 KB 82ms
82ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png?width=600&name=Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

015f37ba3efc7959978d0b6c056cf021ef168e67da1b6c4edcde03958c3783cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-133663167744,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 102776
cf-resized: internal=ok/m q=0 n=838+0 c=2+148 v=2023.9.3 l=102776
last-modified: Wed, 06 Sep 2023 21:37:18 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf4Q_IkHhelTFxxx1T3nBmpnrne_YPQ8NgyooicLtuDQ:410ddb8c4eaac25a62a35f13ae67ba07"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXztyYjOEw50Nizw2x8QeG%2BURZ3XxVdZioRppHhT8dW41ypEIGCa0T1Jobssg9Ey8UUz8MOBlrukQ7R3kwvsXpyokkX%2BQ3OvufUSyrt4bVr9cmWXKvYCx5ealsEA66iKB4br8cgNU1FXkVcSaQo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 810de1287af13638-FRA

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 51ms
50ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=2133349947&t=pageview&_s=1&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&ul=en-us&de=UTF-8&dt=Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAgAAAABAAAAAAAAIk~&cid=149812717.1696427275&tid=UA-67431920-1&_gid=1152967378.1696427276&gtm=45He3a20n81WVGPJJ5&gcs=G100&z=1735854787

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 02:39:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 40121
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 json Show response
www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/ 9 KB
4 KB 192ms
192ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/json?hs_static_app=forms-embed&hs_static_app_version=1.3812&X-HubSpot-Static-App-Info=forms-embed-1.3812

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e54bb1c4b708def9c2936ea8d5afe9b9963bb0fd8fbe677d28e4a9ca0005b3d2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c4617df8-74fc-4e2f-a695-573aa3e16b30
content-encoding: br
x-envoy-upstream-service-time: 18
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c4617df8-74fc-4e2f-a695-573aa3e16b30
server: cloudflare
x-trace: 2B67DBCB2C0CD14F967239C30B0431C846E88262B5000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-swd7n
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4FfN5wf43RH9w0gZwu%2B8OoacZf%2B4JCJu5lJkdI61lvzv2WtGqeacH5dtFMf5D0mocnPsfMp2%2BG3%2FXriJgAbPCnPhJuz5kJlFkcgVFmI0mdKPgIzZIYOz12EwRS2ciT2P9WbeYkBrk3Zi3Va1ce8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810de128bb2c3638-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 10 KB
4 KB 220ms
118ms Script
application/javascript 18.66.97.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-49.fra56.r.cloudfront.net

Software

Resource Hash

ddaea1c7426af983cc6d9198b72a97db6278c76fd44a2d3b738247c26f7bd58a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 33
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/3499f6f66baf901e81ae13ecb0a4a2a0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: ytFIUhXmhG7mxDDkO2iI67URVNpyyUdqvnlmxVx6bm3Xgxn1PdpoWw==

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 60 KB
16 KB 260ms
167ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b5018e12454c16a3fc8ed8943845042f295636863515c4d480578ef9fc0bb0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: VWYROBw8TcuCN_h5gtyTlReTgciW2CGg
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: S4EWHHJZ0SS8M96H
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 5b844a2d-c032-4612-a9bf-42f70a81aabc
x-envoy-upstream-service-time: 29
x-amz-id-2: 4rHzTAVlY/g+pSL3qGn3H6yB02AQ0SGnf6JAa0/VC9qjjGGEqnGUNRLIcK5TLHj9ciP2ybwvv0g=
x-evy-trace-listener: listener_https
x-request-id: 5b844a2d-c032-4612-a9bf-42f70a81aabc
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 13 Sep 2023 19:55:30 GMT
server: cloudflare
etag: W/"a37a19201f04be22e0db30406af42a17"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-xs8lj
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 810de12968a53830-FRA
expires: Wed, 04 Oct 2023 13:52:55 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 188ms
95ms Script
application/javascript 2606:4700::6811:e3a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: MiORZOji2P27E5f3usS102mv5dcg0lYn
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 530
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.485/bundles/pixels-release.js&cfRay=810dd434ea573650-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: c80ac854-c201-46fc-ad23-941a5de47f84
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 3
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c80ac854-c201-46fc-ad23-941a5de47f84
last-modified: Tue, 19 Sep 2023 08:21:28 UTC
server: cloudflare
etag: W/"1bce211846e6a6691aa314979e0a21fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-s4jft
cf-ray: 810de1296d753687-FRA
x-amz-cf-id: wAI-tRGbsBL4UW8Nwu09YkkiAZfyEqJCWQA9hovkGfDHl0Rj4nwlSw==
x-hs-target-asset: adsscriptloaderstatic/static-1.485/bundles/pixels-release.js

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1696427100000/ 68 KB
22 KB 278ms
185ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1696427100000/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a39f397a578fab590d3c22622caee469a713bfd40fae24504ca280157fe53f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: H4VA504XBC44FRQ9
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3d798908-e5a4-415c-b068-8394f600a90f
x-envoy-upstream-service-time: 37
x-amz-id-2: ROJJyp58bzxCmPUOaq6TaI+xj4/WuAUYNcfELoriL1UaTFGkTtXDbtpyAyU4NwZIci2jodYwBAI=
x-evy-trace-listener: listener_https
x-request-id: 3d798908-e5a4-415c-b068-8394f600a90f
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 15 Sep 2023 17:56:44 GMT
server: cloudflare
etag: W/"09b5e22a27b7a1244770925937eb9756"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-snk2v
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 810de129691c4da6-FRA
expires: Wed, 04 Oct 2023 13:52:55 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 163ms
52ms Script
application/javascript 2606:4700::6812:7d0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7d0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 28647
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=810b25c63cba8fee-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b41828c438dcec976b93ddee1edebd6d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date: Wed, 04 Oct 2023 13:47:55 GMT
x-amz-version-id: w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 50a50f10-9ce9-40b2-8a9b-d9ecc1267e64
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: 50a50f10-9ce9-40b2-8a9b-d9ecc1267e64
last-modified: Mon, 04 Sep 2023 12:55:59 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-cq5v7
cf-ray: 810de129bfb5bb9d-FRA
x-amz-cf-id: xwQGPaP83EoRGjz6GlWdmas-ZakNOGnwG3nAV6fCSnrMHG_qneMy9Q==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 262ms
173ms Script
application/javascript 2606:4700::6811:579a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1b5aca028dd8447199f3c06601e38f5b8aba3b29be5ccd2de504a561fed2558

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
x-amz-version-id: 99Y.E0UsJAdqqpubte3vKq3r2MOVQh4K
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 90a15397-18e1-4c12-a7fd-c25b87eb048a
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.425/bundles/project.js&cfRay=810de12a7c752be8-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 90a15397-18e1-4c12-a7fd-c25b87eb048a
last-modified: Fri, 22 Sep 2023 08:42:59 UTC
server: cloudflare
etag: W/"526bb173ed1384afadfc2b0eb6b0846e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-q9rvq
cf-ray: 810de12a7c752be8-FRA
x-amz-cf-id: pHI5VLfbegCa7HsVmFNdhiSk5dfgXwFwazXgt_VIwXLR4ygoKsKBvA==
x-hs-target-asset: collected-forms-embed-js/static-1.425/bundles/project.js

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 128ms
128ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e55e6c4592032b9b7dd5b11e3ee6a56b7b71d9d8667aa56c34d43cc7339808b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:47:55 GMT
content-md5: 2CqD30X0hv4pxCsTAYct1A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-debug: IrXnNJNCwF3TxQCmTSkRBIESEVcmmG/TlEHaHUGmr0bOv/t3n8bHJfAGJTpr0oLtGKmDGxzV0FRff4eCKimHDA==
x-fb-content-md5: 09a72dfc42e603302a90e11b45f89313
cross-origin-opener-policy: same-origin-allow-popups
etag: "b8e8f5ba1e1706b3877487c72301b744"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:55:14 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 117ms
23ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BD) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 13:47:55 GMT
Content-Encoding: gzip
Age: 223
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (frb/67BD)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 275ms
204ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1267825e-e5bc-4c3f-986c-45a39c8afdea&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=d954e3a0-9c1a-4856-9030-9610b4c54d72&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 184
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 42d90cdc2d4387d1
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: b278773808ead7f12754006a1eef5c0b2f85a7c63f83e74a5a820a1576085def
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
725 B 198ms
134ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1267825e-e5bc-4c3f-986c-45a39c8afdea&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=d954e3a0-9c1a-4856-9030-9610b4c54d72&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 109
date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: edb1b48c4f4ee10b
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f13b4211d03d4047cfe489bd5812dfe5a67e13e9e4fa04b72376c9aec45a491e
content-length: 43

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 72ms
72ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Aug 2023 12:14:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=23201
accept-ranges: bytes
content-length: 4862

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
358 B 174ms
143ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDc1MzJ9.cEH1s6yztON1Ehgx-719N-kMH0OD6S-0URMdFL8pAP0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 5cff99c1a3412ab5df1e661e8c23d6bc

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
977 B 274ms
227ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3911692&callback=jsonpHandler

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 65b3f56e-ed29-4d27-b708-ffaa77a7f4d8
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=810de12abcde916a&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 65b3f56e-ed29-4d27-b708-ffaa77a7f4d8
server: cloudflare
x-trace: 2B965E1F2BE8C90AD0B74B09BEE6B44E32839A9147000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-mqbv2
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 810de12abcde916a-FRA

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
471 B 137ms
135ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1696427275659&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17715818
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 google
x-guploader-uploadid: ADPycduK18JXyJktOoQps1KuHClBTRFk0bsBd-MuRS4bGjgVu7pCl5D7Ge9tKzQCnpnwDNH0TZlzZrtpkxCxGJEMaRj6kQsfsgMD
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 04 Oct 2023 14:47:55 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 250ms
127ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1696427275659&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 13:47:55 GMT
expires: Wed, 04 Oct 2023 13:47:55 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdsp2mdg73MCrPz3nWJvDjvmwKveuqqAwBFirDJFj4rTxmXP8_2CTmwNYK0N2gDzXQdBH2Sj3Hm6zyAqB9Duqrrn1oRcKXsR

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 80ms
20ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1696427275664&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=5613e0e1-f786-414e-a56d-e70e12fa6f5a&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 187059084.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 57ms
55ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187059084.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 04 Oct 2023 13:47:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E016E525432F4EE8866765017E433F96 Ref B: DUS30EDGE0906 Ref C: 2023-10-04T13:47:55Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
289 B 107ms
107ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=073ebd51-7cfe-4397-ba90-8338290a6eb3&sid=9f0adcb062bc11ee818793f645264f32&vid=9f0b072062bc11ee81a00dda12fd4549&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&r=&lt=1132&pt=1696427274527,,,,,1,2,103,103,157,125,157,307,312,310,1124,1127,1132,,,&pn=0,0&evt=pageLoad&sv=1&rn=34181

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Oct 2023 13:47:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA9C59FA157C48C382DCBBFE6CC6CDBA Ref B: DUS30EDGE0906 Ref C: 2023-10-04T13:47:55Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 256149
bidagent.xad.com/conv/ 42 B
341 B 507ms
121ms Image
image/gif 54.226.219.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidagent.xad.com/conv/256149?ts=1696427275677
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.226.219.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-219-252.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 13:47:55 GMT
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/ 36 B
354 B 181ms
31ms XHR
application/json 2600:9000:20eb:5c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 10:51:59 GMT
via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
server: awselb/2.0
x-amz-cf-pop: FRA2-C1
age: 183356
x-cache: Hit from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=86400
content-length: 36
x-amz-cf-id: HWLx0HfKdM1hczJ3T7qWw0mV8gKwy6q9FQjae1ygnshj5KbeH0wJcA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1696427275728%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode...

0
265 B

203ms
135ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cookiesTest=true&liSync=true&e_ipv6=AQJiBVv1-QaplgAAAYr68fka30Jdmoo88jIYjPT-1l5Y3q5sQVhyPRL_2pppjQrzbjDdS_wp5jmlLg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B81AF246F12B406598BAFB5BA4E1A9D6 Ref B: FRAEDGE1707 Ref C: 2023-10-04T13:47:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG5EE3/2OkTFViCn+1Sw==

Redirect headers

date: Wed, 04 Oct 2023 13:47:55 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 625BA42ED03A4BF08271469D6F1F07A4 Ref B: FRAEDGE1810 Ref C: 2023-10-04T13:47:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1696427275728&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cookiesTest=true&liSync=true&e_ipv6=AQJiBVv1-QaplgAAAYr68fka30Jdmoo88jIYjPT-1l5Y3q5sQVhyPRL_2pppjQrzbjDdS_wp5jmlLg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG5EE09RAL3mM7SJV+Zg==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/ 36 B
356 B 178ms
29ms XHR
application/json 2600:9000:20eb:5c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 10:51:59 GMT
via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
server: awselb/2.0
x-amz-cf-pop: FRA2-C1
age: 183356
x-cache: Hit from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=86400
content-length: 36
x-amz-cf-id: lWLPmINRE4u8pMb6JFgJHgFgTdloP4idct-e8JqwmtjEojg9-jb3GQ==

GET
H2 200 187059084 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 183ms
116ms Script
application/x-javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187059084
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/187059084.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ba251e719871ef46dd68003555fb6187821d0df2053e469e070f4e685163d26b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

expires: -1
date: Wed, 04 Oct 2023 13:47:56 GMT
x-azure-ref: 20231004T134756Z-05smcf2sfx5ehacfqbwzfbv078000000075g00000000gr2h
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 2182
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 306 KB
86 KB 75ms
25ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=8cdb412f0bf17710437e919f8170092f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d6d916d35f42035ca3f9561da42c3313daafacd17e7121aa338ae96fb47a8e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:47:55 GMT
content-md5: 1xQUBcm9A2sbZTqBgpwvLQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87643
x-fb-debug: POPo1LznvVXw6s6ffgAGMj1jvtD+D5YzMBE7QGVCreOJO6Aqjlbb6atJdOblwT8jv869U/ZY9e5vKgokZt4vRQ==
x-fb-content-md5: c57bc2ef4d4fe9492acb2bed82ea2d3b
cross-origin-opener-policy: same-origin-allow-popups
etag: "d07fd22524da1e380f98742de0ae7627"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 03 Oct 2024 12:10:47 GMT

GET
H3 200 403957864408442 Show response
connect.facebook.net/signals/config/ 137 KB
35 KB 170ms
170ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/403957864408442?v=2.9.132&r=stable&domain=www.huntress.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

72de69b28d48aca1318538105071e04b854472828aea5bd7eb3e7b83e4ffa221

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 04 Oct 2023 13:47:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: DIhPBHxGoDREEASU0kzcRjITSC1r5Sn8piKoaw2l+6+uQAmgjjjj4TpxsGGxP4Fiz7+oSnqdOf7tKRzE2zhO3w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1017 B 313ms
244ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 13:47:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: f8d68ebd-4fe3-484a-888d-0833188d92f2
x-envoy-upstream-service-time: 103
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f8d68ebd-4fe3-484a-888d-0833188d92f2
Server: cloudflare
X-Trace: 2BDD76B6CC34379454FBB1392490A10AE9E902FEEB000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-w68n2
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 810de12b58904d44-FRA

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
466 B 124ms
123ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

802ef5cdf09c62ecb0c724e95eea381a9a760d11f4fefb17d8567b3a6ae0602e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: d059e74812808c8f7ef83f340b570e41

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
466 B 601ms
601ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

ae124fc031e47ed5266f1bcb14d408cc303e438ced8aa4ad55371e32845b742c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 7fbce4d44d20b6955963f58170ecf4f3

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 207ms
141ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 13:47:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: c30170fa-a70e-4300-86f9-99fbb5b74657
x-envoy-upstream-service-time: 4
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c30170fa-a70e-4300-86f9-99fbb5b74657
Server: cloudflare
X-Trace: 2B21463BAACF6354F7530F0A2F1085875496578777000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-48whc
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 810de12bacbe3838-FRA

GET
H2 200 modules.b16e4d57f3928457df7a.js Show response
script.hotjar.com/ 224 KB
55 KB 71ms
22ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b16e4d57f3928457df7a.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

8326289128837c1f6dd5b2c360d01e735e115aae8732b67dad87e864d9c8d271

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 11:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 8930
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55778
last-modified: Wed, 04 Oct 2023 11:18:56 GMT
etag: "b380ae54452b4d14c7cbccb2aa14c902"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Mo5frUe4-8mkVS4ZMs8CG1pnh2UImHgiP2uJcrmutpfDU26_N7Sb2g==

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 119ms
113ms Stylesheet
text/css 35.158.228.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.228.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-228-32.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8a0ed8d1c8b934386f2308de7cb5cc165da1f0f5d84cb4a6b3d7f54d64341f09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:47:56 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 165ms
115ms Fetch
image/jpeg 35.158.228.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.228.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-228-32.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:47:56 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 182ms
133ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 810de12ac8ea9b31-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 04 Oct 2023 13:47:56 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-snk2v
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6f0aa001-bfec-4227-a16f-137a6e119d5a
x-request-id: 6f0aa001-bfec-4227-a16f-137a6e119d5a

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
174 B 148ms
148ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 502a8c09-32fa-4a2a-b86e-1641f49fd2e9
x-envoy-upstream-service-time: 19
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 502a8c09-32fa-4a2a-b86e-1641f49fd2e9
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-8ghtd
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 810de12ba9999b31-FRA

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame A9D5 320 KB
104 KB 30ms
28ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 54223
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Wed, 04 Oct 2023 13:47:55 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/675D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 68ms
22ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&rl=&if=false&ts=1696427275990&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696427275987.1961664508&cs_est=true&ler=empty&it=1696427275785&coo=false&exp=a0&rqm=GET

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 04 Oct 2023 13:47:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame A9D5 869 B
659 B 181ms
129ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=1408cf73ce0982294493d277057cf437ec0ae7b4

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 104
date: Wed, 04 Oct 2023 13:47:55 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 04 Oct 2023 13:47:56 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: a8e292da6d6948a8
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 63bddbc1f18c2e48c84c8c706c8baf5068c1437854d905c3b62e4418646336ee
content-length: 337

GET
BLOB 200
OK 73b3c656-358f-439f-858c-17034c068597
https://www.huntress.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.huntress.com/73b3c656-358f-439f-858c-17034c068597
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
436 B 135ms
134ms XHR
application/json 2606:4700::6811:579a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fe2ff61d-6624-45ca-96f4-780b8b4d333d
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fe2ff61d-6624-45ca-96f4-780b8b4d333d
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-s4jft
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 810de12beddc2be8-FRA

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.10/ 57 KB
24 KB 49ms
48ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.10/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187059084
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
content-encoding: br
last-modified: Tue, 03 Oct 2023 10:21:55 GMT
etag: W/"0x8DBC3FA918C2358"
vary: Accept-Encoding
x-azure-ref: 20231004T134756Z-05smcf2sfx5ehacfqbwzfbv078000000075g00000000gr4p
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 847b8b8a-c01e-002b-71e9-f5ae17000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 51ms
50ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

eba72b1c1e3e44d5dabff914f59eb15876ae97cef296ddee4afe4821a54f2633

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 00:01:47 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "623bb4eb-7b41"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 9853
expires: Wed, 04 Oct 2023 13:47:56 GMT

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 246ms
90ms XHR
application/json 52.31.99.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.b16e4d57f3928457df7a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.31.99.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-99-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4db21c091585056a59bd504670bb1929685b37d5970905f69c99183a91ea4d60

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:47:56 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 357ms
326ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9faa2150-4e80-4d02-a573-81a33c6690ed
x-envoy-upstream-service-time: 31
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9faa2150-4e80-4d02-a573-81a33c6690ed
server: cloudflare
x-trace: 2B477524DC3DA6979C01B66EEDB25F798DFA651BF5000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-8ltn4
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 810de12d7e9818d9-FRA

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
311 B 113ms
112ms XHR
text/plain 35.158.228.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&t=Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection&tip=YK7C8k-qyBj4uDWGzcz72rfvNrvhFhW6s044gbr0L7I&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=%270-1dd24f84-2c59-5a90-62df-375aca4d2799%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd91dd24f842c595a9062df375aca4d2799d972da14&sa-user-id-v3=s%253AAQAKIMV6mz3CjQ5QuND-xDD0qURxI_9YIJXZ5YwNvEu35MYWEHwYBCCL2vWoBjABOgRLGKL4QgSm-hYT.aBxeEPI9GfPPSrbnnK%252FqizR9g5ZBKSKbJ8nsaxblk4A&sa-user-id-v2=s%253AHdJPhCxZWpBi3zdayk0nmdly2hQ.YA4Jg%252B6Pq88vhqt0FE7B43GW6%252BTIMOUCglYbsrw5Upc&sa-user-id=s%253A0-1dd24f84-2c59-5a90-62df-375aca4d2799.TIcG1M0WhP1ecRksEcx0st7%252Bzj%252FBeVtWVQs4UMOfU5c
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.228.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-228-32.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a65d5029de63edbd0e5fae2126da85af8557be5af9082adb5e8f1cd3c081f120

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: https://www.huntress.com
date: Wed, 04 Oct 2023 13:47:56 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
576 B 124ms
44ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:56 GMT
an-x-request-uuid: d1538405-ef97-45ff-b466-7d4b8f778417
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.20; 217.114.218.20; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 63ms
53ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
296 B 374ms
119ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Wed, 04 Oct 2023 13:47:56 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 241ms
232ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A56%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
rc-widget-frame.js.driftt.com/ Frame AE3B 2 KB
1 KB 225ms
133ms Document
text/html 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1696427400000/5d3cypit2iz8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Wed, 04 Oct 2023 13:47:57 GMT
etag: W/"6a5cea74d414ec151635bd2880abb1c3"
last-modified: Mon, 21 Aug 2023 14:57:03 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-id: yTZiJvpQhFbpBXWwGf8eAf-vNtXrfoiwsprj2qZVl4Tvd3hM9LGF5A==
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 19

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
617 B 149ms
148ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1666088104&v=1.1&a=3911692&pi=66424554568&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cpi=66424554568&cgi=39343107504&lpi=66424554568&lvi=66424554568&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&t=Hackers+No+Hashing%3A+Randomizing+API+Hashes+to+Evade+Cobalt+Strike+Shellcode+Detection&cts=1696427276873&vi=56b18107339c374c18ddbf164521d6fc&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 500d1924-ea36-4664-bd64-d03d761197bc
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 500d1924-ea36-4664-bd64-d03d761197bc
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2FdifAWT8NzFtgpXBOTRSXvs4tZcEKNpKUz5B5jYOaZCbjWMZPfSrXbx6g%2BFo3g04UJM2Yptm%2F92TT0kHVj%2BdLpxSQLwwG91IQ3SvwJMdbirSWJNeRfrtSR%2B%2B7gUu7YiEJGkBXPNjPTUTKumqD0q"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-9z7ld
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 810de1308b0f916a-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
443 B 143ms
143ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=196be66c-f1bb-4156-af05-2952954526cd&fci=06045364-21c8-4ab8-abef-7ca2b7ba2fe9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1666088104&v=1.1&a=3911692&pi=66424554568&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&cpi=66424554568&cgi=39343107504&lpi=66424554568&lvi=66424554568&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&t=Hackers+No+Hashing%3A+Randomizing+API+Hashes+to+Evade+Cobalt+Strike+Shellcode+Detection&cts=1696427276876&vi=56b18107339c374c18ddbf164521d6fc&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 48015036-bbd8-4640-a414-e5a30c50acf6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 48015036-bbd8-4640-a414-e5a30c50acf6
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvYvtRTJOc6Y9Xi%2FWaRb2JIwxGrOh8yAaMcTydzERMTCVibnx0xJfwxrEry9AFr4BGvTVmqHC1dbN%2BqFm37Bkiw%2FzjyQCycZB9a3HaYxpBpS0%2BPrGEudLaUDaT%2BISQZiE%2FyLQmjC8WmLgGCpzJCi"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-z58mk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 810de1309b16916a-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&RedC=c.clarity.ms&MXFR=033BEDF9479D62DC32C8FE59439D6CF3
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&MUID=2BFFFDA3D91B68A4327DEE03D8B16960

42 B
444 B

56ms
55ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&MUID=2BFFFDA3D91B68A4327DEE03D8B16960
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:56 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:47:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09359B281D0B435D9C00722190210C67 Ref B: DUS30EDGE0906 Ref C: 2023-10-04T13:47:57Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4AA81EADF91E4A79B1BC01A992BEA775&MUID=2BFFFDA3D91B68A4327DEE03D8B16960
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
296 B 513ms
513ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Wed, 04 Oct 2023 13:47:57 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 runtime~main.23dacaf3.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 6 KB
3 KB 137ms
136ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: pIvWjpmnkFEOPFn4Wb5jKsJCJYLlBZpR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
server: istio-envoy
etag: W/"7bebf8444c728503329344c5817cc4e6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KX4qex4wVZWX57H1nru7NeTZV5RXNLSr38vv-DlTM6n04gRHzScykQ==

GET
H2 200 9.4a3e9801.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 35 KB
13 KB 236ms
235ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: yexkJ0G445vnNyiB4SEE9hMI_RYzD_uS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 03 Oct 2023 15:02:57 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ap5qQ38TDh5a8uIZWdcFlo_ieIHVKFGJXo9rDtEAWBgt_XAD51bvKQ==

GET
H2 200 main~493df0b3.91dc5a14.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 7 KB
3 KB 139ms
138ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/main~493df0b3.91dc5a14.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: aQ8O6UMWsN.2o5G5k1LSH1svCMcNLzIM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
server: istio-envoy
etag: W/"c11c9776fa434757756e10e6ded61c75"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zWsvMKDsdUxA8SXPi3NvjLyO1nqrHn8MVLl6_4gGj_AH4tRzXOfc9Q==

GET
H2 200 51.558be3c5.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 23 KB
8 KB 153ms
151ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: Esj.HZA_tbw6gqPOdguyiXaCinsX9owN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: T0wy1fhD7GRxXYbRhmb4BgMOun9ZrS0aIVKCzKVAkFPy9h5QuqWEcQ==

GET
H2 200 33.ae4de0a0.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 36 KB
10 KB 246ms
243ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: PUG2tPuHbg6UXU15H37d6Lifu.5b8Act
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"db0cd5b66c52523e10b87a0c8a2db182"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iXHUgZg_DYGGnBqiTu2zv7CiLq_j3G3iul10sJzBeHqQ9-zGVcnL_w==

GET
H2 200 22.6b9a301a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 32 KB
11 KB 151ms
148ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: y58U6XuNE8vnPoE_ppHCTJ6zDdaJ4ApV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: r-eFPh8utqdY1vbK5nuUF5PIiUyS0-9HypOhYKDXxtrb9u7TX_d6cg==

GET
H2 200 19.6f85b843.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 17 KB
6 KB 144ms
141ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: Q31l93d.3jQ93IJY1YHYckXmeETa7Vkd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LpzHEFNlGklp93d88Hk4lKfatG3flpnmc5e7RTs9LgkwClEsV9Jb0Q==

GET
H2 200 41.b4fc4de2.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 25 KB
8 KB 242ms
239ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: ESbgNWzIRR1AFbSvSMf.KU01SU0FWrST
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tOm2sh1y9eVg8ZcelTf5Re0GsyShFpPDEdQ8rDVga5YFQf-tLuDZbQ==

GET
H2 200 20.8c21ea18.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 74 KB
23 KB 170ms
167ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: ZVggsm8_G_EuiCXlaefNM_wPgO10QdW5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wXXoBIzQv89t8fgWkXwx1zIqwrJxlQ4zrF21tz7vL7mF_6_qr5UiRA==

GET
H2 200 27.3951aad8.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 66 KB
20 KB 236ms
233ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: PLRwkxTy0W_1o8rwzVQG6XR9UyxAvjNh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Sat, 02 Sep 2023 21:37:07 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Fp7EgqZ-fngp3AUfvDC8qBkdNrBCFFZh5Ue1lj4snBd9ZLU7rhvoXA==

GET
H2 200 14.e24a6190.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 91 KB
28 KB 238ms
234ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: ZeSXZ4cIww_MV72yAt6QRBoH7XyCPXoj
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b42r75N6ZKLHHm8MPC38-F7WkmDziDjY2IuIi9HCZPZm6sypiyoqZw==

GET
H2 200 11.639238ba.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 23 KB
7 KB 146ms
143ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: CVQS3YHieEyAnzrgV43a8WGrVZceur09
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HLybJxV-JtyiwWsaT2Bt_b8qkwHquJUZnL8TRBPqWI5R-HSGVtO8aQ==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 62 KB
20 KB 186ms
182ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: RcGLE6gUeMcHE6mNt7sPoPCWaFR5fmXZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: g121QcwHNHvF9_mTw-GFVqvyNmyUZtUPhq7TPfyvmJVaOLAj-J8_NQ==

GET
H2 200 49.f7274268.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 105 KB
34 KB 280ms
277ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: pnrUEDFfwmZgPP8kyAfoUeSCwrzS9Ogv
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cfAdKzau808dvDHueEySdWZaEj8yygzzBmlw9Cbq_YkDay-HIIakFg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 12 KB
4 KB 183ms
181ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: 4vFIc6iMaOHHRPFul3_EyvJfXUuIcmEs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yjn9rjKOK4esxvLi7sQIOXk4Au7js4mvi6uj0NwAHLwibsOql6qH-w==

GET
H2 200 29.31d09948.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 13 KB
6 KB 194ms
191ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: PyawGVolC84hpcWm6OWVT0dG84hVjB6f
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: a36DH2bS9KmnH3N367vRHZ4jFU4WwDi01ol9OiEhbhlMdQTo4Lr_EQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 17 KB
7 KB 182ms
179ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: HuK8ET6KBqHLG0yZj_kQYhyUW.ItK_mX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 03 Oct 2023 15:02:55 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Izv8WDAB-4yo4KOUFolnT-1GSliwC9MzLDhyWGZbzG4ZOPFBf6v_qw==

GET
H2 200 8.98b34517.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 31 KB
5 KB 188ms
186ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: iNKtCZtb69S5Xg2ti_W3KaKTIlBxoqLp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"82429fd1682dcb60e14996ad58a35a4f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qf7fb0ipDxnz6VTO5v8iyPijjVBAlUGYv90HkPkVyVyFJnUFfKDJFw==

GET
H2 200 8.5fdda827.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 81 KB
25 KB 284ms
282ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/8.5fdda827.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: s5Gs7OuwDj2F26kpSyydH_032jxZE3YX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:26 GMT
server: istio-envoy
etag: W/"f78079aaffe016efb8ec35b9fbb9f42f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CMzMDcAWGVwDi6WnjQ71l8SxnHPzcRvquZInc-YwnuVQtfzqbNmZgw==

GET
H2 200 16.22abfce0.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 24 B
695 B 184ms
183ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: pjtmprcQFg.mOl0EbPT4skNitwDCwxc0
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
content-length: 24
last-modified: Tue, 03 Oct 2023 15:02:53 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RzFhZpdEMdzccv4L8OshaN0q2R-E2yPnUO7AxyfRvUjcL39qYfYDjw==

GET
H2 200 16.890a0911.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 91 KB
24 KB 277ms
276ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/16.890a0911.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: 2cJi_0AtsucvWstmkbj3mO1t8SiuDMru
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"52b055a08e59141b8f7b7947c7d7ab69"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -RZrbQozVv3guWb9yAB1fuS0E-0f2Eo95h9Kaa99XkRK4RyTh8Jajw==

GET
H2 200 24.24e43c3b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 50 KB
14 KB 281ms
279ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/24.24e43c3b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: J3Ynz_VL_Xe.kEj4VqPxsio5dIqXBI10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"390d4b78f4c738295b7974aca941d031"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zvOsXkQk9v3V-6ALxZsRddYiI36i09fhB8zIvCtsE-uvE1dpD_Mdvw==

GET
H2 200 17.413337a8.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 40 KB
13 KB 285ms
284ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/17.413337a8.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: Ud1ylpzTdwt3qfnkRXUYob2T_ovQMI1N
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"4aea30e551ee7f04a564c0408c291306"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wUuzDlTqVluIzldgQWPvdH9Ttcctrm4xJ0ZVITT_OrrLrqJBQUgqpQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 228ms
228ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A56%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 9 KB
3 KB 135ms
135ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: Z_XGOMs1QG_6YJdKfZtytHDi8dNBYCWf
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 03 Oct 2023 15:02:54 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 737S3m8PhTTicoqZP3TjYPYCKe715vtSwtd3AGgHeWEF74VuHtxsgg==

GET
H2 200 4.07aa08a5.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 7 KB
2 KB 138ms
137ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/4.07aa08a5.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: wzblrhR8VgaZ91O5gq0aMSI2PU89S5cp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TtlWzqfQhim91J_BL_VgJYcTYJ6e2Qv0cbxpr2pfJE7VEIZH_HkS9A==

GET
H2 200 4.36582b8b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 54 KB
15 KB 232ms
231ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/4.36582b8b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: aXK3nhxEmGQGmcWeEUpmTanxIifnp1mO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"eb4f4fdfa625f5036ae2538950af438e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: m6OIBeOZD4EdhHlHwRxhS4OeI_6W1Yl8puJI1am66Rrt38D4IDQA9g==

GET
H2 200 34.4924e4bf.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 27 KB
8 KB 230ms
230ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/34.4924e4bf.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: T7ywXmlgZ2pn_NjEp3YMDrKgM16OYgwy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"2a9499a40949c70c9c00081b06639cb0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vLGmsdzFgoc1tGJU9pWbi6vs3jWp38Lhysbz6LigP4td5aoitVtugQ==

GET
H2 200 1.12ba17b6.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 44 KB
7 KB 144ms
143ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: VdtOEXgfLulRtQQ6GLm1u0_O5FiiLiv7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Thu, 21 Sep 2023 18:21:33 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: C5YWyHhZNvigELLajhN2vQEyLNTm0tYIdzTzFbrIMTAoQl5rznMakA==

GET
H2 200 1.9d9c8c3b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 54 KB
18 KB 357ms
356ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/1.9d9c8c3b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
x-amz-version-id: TN5uaySIype7BWdOQeU5pFJLqRV.3qiK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 237
last-modified: Mon, 21 Aug 2023 14:57:24 GMT
server: istio-envoy
etag: W/"bc8dde7d353b792cb424661adcff29fb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TjXQfX2XqRDxkBd-HNn04JWm5cIbLdp3c6CTQtFm6opBxBVOYW0sTg==

GET
H2 200 3.bbe0e1fa.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 24 KB
10 KB 143ms
142ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/3.bbe0e1fa.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: pHxDHN0IINa0RNuxMPvQ8pBn4Eg1GWSc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"b394f9cf6fe473cdb6852b332234aa52"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _MpihMpankEN4F-Ng7mmRyfkLbGmbcpAf3bLJtVGiQrWg3ExCbFPFw==

GET
H2 200 26.5208cc6b.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 11 KB
3 KB 145ms
144ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: SrCjVsE3413g5wEL9F8CX8IFIQaqzFVz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"0842e637a23acc114afbb6195c984564"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f3uP4D6qWBNk0pg1v19u9_Fy-79uwRhXy-irWfUFdWbEKVIrL5nZng==

GET
H2 200 26.69219246.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 16 KB
6 KB 252ms
251ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/26.69219246.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: xHgUeRJlJNXFuOCOFJ6VHVB_xDcgAWBV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"c41c7243f45ea540e99a3256f4942432"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -3LLQPpCgtM7QDOjD08Mlqk3Nm20Q79yfDgJZeOqFHr4U8Uvtm2_gw==

GET
H2 200 25.7addeee7.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 9 KB
2 KB 139ms
137ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/25.7addeee7.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: EFJHE_lMh.tvaT0GqPW.1ROLceWNBRoz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"b9011653b355d04d18b2ff93e45e1ecd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bNxrQVSGhUskoyhyyj00rndZ2YSrMdK31aXgY4NYbLVIOuDtVHb79g==

GET
H2 200 25.915ff314.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 47 KB
15 KB 157ms
156ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/25.915ff314.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: qod1m4nnLfUgaMaxljkZuFfY2SywXHfx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"12bceaba2da6c30ab2a0aacbde681b0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RVpkX7VyMIpntO7d89bovp2lXBsfUS7j_kIvk08H2g9veZ3WNb3T2w==

GET
H2 200 28.e29661b2.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 561 B
1 KB 341ms
340ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/28.e29661b2.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
x-amz-version-id: yOY99EI9PDEu6PYQSPkvCce7eoR8ev5W
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 34
content-length: 561
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: "5847d5731c3141aa511411d6c66a193c"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ouBjn9WP2NUyz_1UYOPkprN6_BIAc-3tEzv3NfkDUaCkNXIJONr_0A==

GET
H2 200 28.7257241a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 49 KB
14 KB 250ms
249ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/28.7257241a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:57 GMT
x-amz-version-id: Aw7E9DaiC.0zygWe8D.HQj28dALSaXA6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"e737f53b0791dac4c523770b4992131c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I3xZH7XHICgW-8I10-mtDCf0VHHaQ4PCIoo3i8yk1mMAd7Hq47LX-w==

GET
H2 200 35.3cdf48ae.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame AE3B 16 KB
3 KB 137ms
136ms Stylesheet
text/css 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/35.3cdf48ae.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
x-amz-version-id: V1yopT2bXZUj.CNczvGqS7_vfWAIiP2A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"ac16e52f547ce8f3de32d9d7d591c2c0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XkVVzy8VFJRqvFKXkpmlgbO7orSXLgtgCxZq8ywj_pEYlvLnUtYXXA==

GET
H2 200 35.3969a3d7.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 11 KB
5 KB 141ms
141ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/35.3969a3d7.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
x-amz-version-id: _L8fRFK5jC3YnnGaFitzP.KBJ4MXVS_2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"dcd622adceee29d53432ca3f6e9eb777"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GJK8oeOwKfCmKqS24pPvg7XtXM5xYzoMCLtaj6EkVC5r3gnAhQbm6w==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 252ms
251ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A57%20GMT%22%2C%22timeSpent%22%3A%221023%22%2C%22totalTimeSpent%22%3A%222025%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame AE3B 147 B
587 B 396ms
127ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

3a7b10355308a78d0d91024dd892e2aae37062eec786d837c5cf4951ac903a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 04 Oct 2023 13:47:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 286b241e903e1c20
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 147

POST
H2 200 v2 Show response
customer.api.drift.com/integrations/hubspot/utk/ Frame AE3B 2 B
87 B 176ms
176ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 04 Oct 2023 13:47:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 4676e3e0e749d43
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 54
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2

OPTIONS
H2 200 v2
customer.api.drift.com/integrations/hubspot/utk/ Frame 0
0 130ms
123ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 04 Oct 2023 13:47:58 GMT
requestid: drift7bdcab04ce5a2cc2a078ea4ee2c
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame AE3B 25 B
89 B 140ms
134ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 04 Oct 2023 13:47:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 6a536d1e6e677167
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame AE3B 9 KB
4 KB 267ms
267ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

2f8418770a122e331f4c451071110595c02a61cfb6f361517aa19b1112dc6248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 04 Oct 2023 13:47:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: e2207817c93163ef
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 143
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 226ms
226ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A58%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223026%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:47:59 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track Show response
event.api.drift.com/ Frame AE3B 703 B
763 B 124ms
123ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

ada7937e3e819e28f1eec214b32f7d2ecd505ca90dc5bbfbbfa210df60c408fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTY2MTU0MDM4OCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjUwOTI4MDQiLCJleHAiOjE3MjgwNDk2NzksImlhdCI6MTY5NjQyNzI3OX0.YndVbS9KtazB94vUsUl7TfuKxtxsjhHEnLeVYRn3z0i6LgteAcVEP-7B3jt5CyA1N-7E-E5TOKix_4KsLVRXzQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 04 Oct 2023 13:48:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 536c1193d5ee46bd
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 703

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 130ms
123ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 04 Oct 2023 13:48:00 GMT
requestid: driftf27c80249e185151072a6046da7
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 57.28dde8ce.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame AE3B 19 KB
7 KB 137ms
136ms Script
application/javascript 18.66.147.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-49.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=8a1e9f34-41ce-49d4-8182-f365fdf4a928&sessionStarted=1696427276.838&campaignRefreshToken=34d65b1d-686f-4290-abff-b7f52ac745b2&pageLoadStartTime=1696427274839&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:00 GMT
x-amz-version-id: 0dJM7EM627t.0Rj8M1n.zVYMUlNazQaI
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 21 Sep 2023 18:21:36 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L2qC_9YalFEIYdWa1QzTiGOXcbQxdi6Nla5Op-rOAlcO-R-5EWa1sw==

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame AE3B 11 KB
11 KB 89ms
26ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 14:38:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6995386
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 132
content-length: 11028
last-modified: Fri, 03 Mar 2023 19:55:17 GMT
server: istio-envoy
etag: "1f6d3cf6d38f25d83d95f5a800b8cac3"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6Zm7BGzt3PhY_PWAYm5JCS3L6gFG0wyvhjbPkn7yypUMDHA-6F8IgQ==

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame AE3B 11 KB
11 KB 92ms
30ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 08 Aug 2023 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4972445
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 89
content-length: 11040
last-modified: Fri, 03 Mar 2023 14:31:39 GMT
server: istio-envoy
etag: "5e22a46c04d947a36ea0cad07afcc9e1"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L_h59UpU9ssTidqCs_0w3QCsnKl1mKG_IL-yuTxalpP_aTp4SyVT9Q==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 240ms
239ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A48%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A47%3A59%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224027%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:00 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
296 B 137ms
137ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Wed, 04 Oct 2023 13:48:00 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 234ms
234ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&session=17e9f519-bedb-47db-8011-ac2866bc6687&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A48%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2004%20Oct%202023%2013%3A48%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225028%22%7D&isIframe=false&m=%7B%22description%22%3A%22Hackers%20could%20be%20outsmarting%20preventive%20tools%20by%20making%20trivial%20changes%20to%20default%20settings.%20We%20dive%20into%20our%20research%20in%20this%20blog.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hackers%20No%20Hashing%3A%20Randomizing%20API%20Hashes%20to%20Evade%20Cobalt%20Strike%20Shellcode%20Detection%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fhackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection&pageViewId=a3222d8d-d1ad-42cd-8133-824b03632511&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame AE3B 25 B
112 B 138ms
137ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 04 Oct 2023 13:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 631a869fb4524d04
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

Verdicts & Comments Add Verdict or Comment

180 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

64 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.huntress.com/	1970-01-20 15:13:49	Name: __cf_bm Value: 95vNyImz1LI3zKLAYpPD44sw0Q86wXVtJgbvL4zERsE-1696427274-0-AZ9X2V9lyBEHLo2CSdTuakvNFUbiN5nxIBj+iIaeZNohUk5+NYXuZo+2e/yOGHE2RUIX5gt8j4LDFOmTyLaMFrE=
.www.huntress.com/	1969-12-31 23:59:59	Name: __cfruid Value: 8b42938c53fda4fa86c057c3ccb3428825677d4e-1696427274
.huntress.com/	1970-01-20 15:13:49	Name: _sp_ses.1564 Value: *
.huntress.com/	1970-01-21 00:49:47	Name: _sp_id.1564 Value: 9c3792d8-ea8f-4f5f-aa6f-25a531d6327d.1696427275.1.1696427275.1696427275.b5fdb628-5992-4a63-a6e9-5f7580211189
.huntress.com/	1970-01-21 00:00:49	Name: _vwo_uuid_v2 Value: D3D534F9310226C4B55E2592251BE6814\|a299b98f5472e19c2b0133964c2125fd
.techtarget.com/	1970-01-20 15:13:49	Name: __cf_bm Value: 6J40UcBf7fj1Yo.BZuPHWp_NKH4uW8b0eevvTPNpEzg-1696427275-0-AXJBscZn9vFTmWMixcZEZkCktGsthq2D6Da1PhGmDEeQeHWFwftY/VnWM+3Rv8m2dRPtUYrCEsvgJupnb1pk2fo=
.huntress.com/	1970-01-20 17:23:23	Name: _rdt_uuid Value: 1696427275662.5613e0e1-f786-414e-a56d-e70e12fa6f5a
tracking.g2crowd.com/	1970-01-20 15:33:56	Name: _session_id Value: 0dd7abc3ff19b24a3224e420f0c9a51a
.g2crowd.com/	1970-01-20 15:13:49	Name: __cf_bm Value: P4AOFllXmljPRsZx67o2JGdFzm_9gXgY1D8w_X7Xy88-1696427275-0-AcNHG15Nr3Ao+cpPHkY1mzJNU5Lg62iM8yb01ulj/cjOtrW2P0bUA/3DhBsDXkKNzy74Q/JBMnpsxxTcdii7gRo=
.huntress.com/	1970-01-20 15:15:13	Name: _uetsid Value: 9f0adcb062bc11ee818793f645264f32
.huntress.com/	1970-01-21 00:35:23	Name: _uetvid Value: 9f0b072062bc11ee81a00dda12fd4549
tags.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id Value: s%3A0-1dd24f84-2c59-5a90-62df-375aca4d2799.TIcG1M0WhP1ecRksEcx0st7%2Bzj%2FBeVtWVQs4UMOfU5c
.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id Value: s%3A0-1dd24f84-2c59-5a90-62df-375aca4d2799.TIcG1M0WhP1ecRksEcx0st7%2Bzj%2FBeVtWVQs4UMOfU5c
tags.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id-v2 Value: s%3AHdJPhCxZWpBi3zdayk0nmdly2hQ.YA4Jg%2B6Pq88vhqt0FE7B43GW6%2BTIMOUCglYbsrw5Upc
.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id-v2 Value: s%3AHdJPhCxZWpBi3zdayk0nmdly2hQ.YA4Jg%2B6Pq88vhqt0FE7B43GW6%2BTIMOUCglYbsrw5Upc
tags.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id-v3 Value: s%3AAQAKIMV6mz3CjQ5QuND-xDD0qURxI_9YIJXZ5YwNvEu35MYWEHwYBCCL2vWoBjABOgRLGKL4QgSm-hYT.aBxeEPI9GfPPSrbnnK%2FqizR9g5ZBKSKbJ8nsaxblk4A
.srv.stackadapt.com/	1970-01-20 23:59:23	Name: sa-user-id-v3 Value: s%3AAQAKIMV6mz3CjQ5QuND-xDD0qURxI_9YIJXZ5YwNvEu35MYWEHwYBCCL2vWoBjABOgRLGKL4QgSm-hYT.aBxeEPI9GfPPSrbnnK%2FqizR9g5ZBKSKbJ8nsaxblk4A
.bing.com/	1970-01-21 00:35:23	Name: MUID Value: 2BFFFDA3D91B68A4327DEE03D8B16960
.ws.zoominfo.com/	1970-01-20 23:59:23	Name: visitorId Value: 75ac3ce09aa385fa5c822c6937aba7552c492fe702f41b1a9887e62cc6153158
.zoominfo.com/	1970-01-20 15:13:49	Name: __cf_bm Value: 88ERgI3tzwKpWvFf0FEJ8nBimVLPv3jJoYR5nzMGLok-1696427275-0-AS0IfZC3ioYY/ea203amBrDek+Gs4ZX7H5RF1AnJjrkKmOwRZ2b3imXb4BLXkK4Dq76m8P3PCzObs7duyx6Osmg=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 1KTUmcE1aMj0JAQzgZCY9rr2wTpSkD9.r1aXiK0RNhI-1696427275823-0-604800000
www.huntress.com/	1970-01-20 15:23:52	Name: slireg Value: https://scout.us4.salesloft.com
www.huntress.com/	1970-01-20 23:59:23	Name: sa-user-id Value: s%253A0-1dd24f84-2c59-5a90-62df-375aca4d2799.TIcG1M0WhP1ecRksEcx0st7%252Bzj%252FBeVtWVQs4UMOfU5c
www.huntress.com/	1970-01-20 23:59:23	Name: sa-user-id-v2 Value: s%253AHdJPhCxZWpBi3zdayk0nmdly2hQ.YA4Jg%252B6Pq88vhqt0FE7B43GW6%252BTIMOUCglYbsrw5Upc
www.huntress.com/	1970-01-20 23:59:23	Name: sa-user-id-v3 Value: s%253AAQAKIMV6mz3CjQ5QuND-xDD0qURxI_9YIJXZ5YwNvEu35MYWEHwYBCCL2vWoBjABOgRLGKL4QgSm-hYT.aBxeEPI9GfPPSrbnnK%252FqizR9g5ZBKSKbJ8nsaxblk4A
www.huntress.com/	1970-01-20 15:15:13	Name: ln_or Value: eyIzMjgxNzQ1IjoiZCJ9
www.huntress.com/	1970-01-20 23:59:23	Name: slirequested Value: true
.huntress.com/	1970-01-20 17:23:23	Name: _fbp Value: fb.1.1696427275987.1961664508
.twitter.com/	1970-01-21 00:49:47	Name: guest_id_marketing Value: v1%3A169642727596686290
.twitter.com/	1970-01-21 00:49:47	Name: guest_id_ads Value: v1%3A169642727596686290
.twitter.com/	1970-01-21 00:49:47	Name: personalization_id Value: "v1_HgBMcp14H2LZptXp1lClYA=="
.twitter.com/	1970-01-21 00:49:47	Name: guest_id Value: v1%3A169642727596686290
.linkedin.com/	1970-01-20 17:23:23	Name: li_sugr Value: be1eec2a-109b-4171-8b95-e9b261415054
.linkedin.com/	1970-01-20 23:59:23	Name: bcookie Value: "v=2&8b38677e-ae00-43dc-84d8-733ea058e6c0"
.linkedin.com/	1970-01-20 15:15:13	Name: lidc Value: "b=VGST04:s=V:r=V:a=V:p=V:g=3012:u=1:x=1:i=1696427276:t=1696513676:v=2:sig=AQHkyfeNgx76dcSY-3HCBHeTgOMX6w0p"
.t.co/	1970-01-21 00:49:47	Name: muc_ads Value: fb298ee7-daf1-43a7-9b16-eba325eeee64
www.clarity.ms/	1970-01-20 23:59:23	Name: CLID Value: 9ed86c3403034e03ad1354a78546cd92.20231004.20241003
.hubspot.com/	1970-01-20 15:13:49	Name: __cf_bm Value: IXKp0WHkQ1VcOf7VWLWHiQ.4m.BaOGNi77.3lVEjLDo-1696427276-0-AZ3Aq136GZR82ylFLBIqg6Flt1bsMnITRLeh5fXdN9unyYUC/9HS//nxYBaBEQhx/EKeEfnqSOAnOja2Q3xMbsU=
.huntress.com/	1970-01-20 23:59:23	Name: _hjSessionUser_2159185 Value: eyJpZCI6ImRkMWUyNThlLTNiYzMtNWFkOC1iNDllLWU0MDQ5YzBiMTNlOSIsImNyZWF0ZWQiOjE2OTY0MjcyNzYxODgsImV4aXN0aW5nIjpmYWxzZX0=
.huntress.com/	1970-01-20 15:13:49	Name: _hjFirstSeen Value: 1
.huntress.com/	1970-01-20 15:13:47	Name: _hjIncludedInSessionSample_2159185 Value: 1
.huntress.com/	1970-01-20 15:13:49	Name: _hjSession_2159185 Value: eyJpZCI6IjhlZWU2MWZmLWQ4ODMtNDA4Ni04NjRlLTdjNDZiNTljMjYyYyIsImNyZWF0ZWQiOjE2OTY0MjcyNzYxOTAsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0=
.huntress.com/	1970-01-20 15:13:49	Name: _hjAbsoluteSessionInProgress Value: 0
.linkedin.com/	1970-01-20 15:56:59	Name: UserMatchHistory Value: AQLWlbe4i0hm_AAAAYr68feHyZwSxPnpvnTBwIQNmvPkoM0nmCLtePDsnv9kC9vPMBt9RNKRO0RKFA
.linkedin.com/	1970-01-20 15:56:59	Name: AnalyticsSyncHistory Value: AQKwW865tPU11wAAAYr68feHgiPies-lGaPty5wox_5HMLIitKUzOSqk-_uYWD1gGQjmF3FSNFOcIjJr7gpq-A
.huntress.com/	1970-01-20 23:59:23	Name: _clck Value: qxfndy\|2\|ffk\|0\|1372
.bidagent.xad.com/	1970-01-20 15:56:59	Name: xad-uid Value: YjlmNGIzNWItZjU0Ni00ODk1LWFjZmYtYWY2MzlkNmU3MWRi
www.huntress.com/	1970-01-20 23:59:23	Name: sliguid Value: cbbf8845-4467-4d52-9418-25781da7e301
.www.linkedin.com/	1970-01-20 23:59:23	Name: bscookie Value: "v=1&20231004134756ae1ac23f-155c-4334-8b03-b3df213c4747AQE4QiYxqg4JbM5aZObEI9wSDP3idTpC"
.linkedin.com/	1970-01-20 19:32:59	Name: li_gc Value: MTswOzE2OTY0MjcyNzY7MjswMjE/5D22/7eFqKJvgKlLRR5z+56azOu1jx5Z6SgQLlcy9Q==
www.huntress.com/	1970-01-20 15:23:52	Name: _an_uid Value: 0
www.huntress.com/	1970-01-21 00:49:47	Name: _gd_visitor Value: 7ac35153-79be-40c5-8fb7-536cfc2369f9
www.huntress.com/	1970-01-20 15:14:01	Name: _gd_session Value: 17e9f519-bedb-47db-8011-ac2866bc6687
.6sc.co/	1970-01-21 00:49:47	Name: 6suuid Value: ce6411020bdd02000c6d1d6519030000f4470900
www.huntress.com/	1970-01-20 15:13:49	Name: drift_campaign_refresh Value: 34d65b1d-686f-4290-abff-b7f52ac745b2
.huntress.com/	1970-01-20 15:15:13	Name: _clsk Value: 699ze9\|1696427276905\|1\|1\|y.clarity.ms/collect
.c.bing.com/	1970-01-20 15:23:52	Name: MR Value: 0
.c.bing.com/	1970-01-21 00:35:23	Name: SRM_B Value: 2BFFFDA3D91B68A4327DEE03D8B16960
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 00:35:23	Name: MUID Value: 2BFFFDA3D91B68A4327DEE03D8B16960
.c.clarity.ms/	1970-01-20 15:23:52	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 15:13:47	Name: ANONCHK Value: 0
www.huntress.com/	1970-01-21 00:49:47	Name: drift_aid Value: 7bba6b7d-4d94-4cdb-b6b0-b8979ea1fb6e
www.huntress.com/	1970-01-21 00:49:47	Name: driftt_aid Value: 7bba6b7d-4d94-4cdb-b6b0-b8979ea1fb6e

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://gist.github.com/matthewB-huntress/d43b621182c890293ba39fb530d8e20b.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gist.github.com/matthewB-huntress/a3979cd837f5b3dfa94c32ea95aef028.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gist.github.com/matthewB-huntress/d43b621182c890293ba39fb530d8e20b.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3911692.fs1.hubspotusercontent-na1.net
a.quora.com
alb.reddit.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
bidagent.xad.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.linkedin.oribi.io
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
content.hotjar.io
customer.api.drift.com
dev.visualwebsiteoptimizer.com
event.api.drift.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
gist.github.com
ibc-flow.techtarget.com
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
metrics.api.drift.com
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
rc-widget-frame.js.driftt.com
region1.google-analytics.com
s7.addthis.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
webhooks.fivetran.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.huntress.com
www.linkedin.com
www.redditstatic.com
y.clarity.ms
104.211.35.148
104.244.42.131
104.244.42.133
104.244.42.8
13.107.42.14
13.32.27.54
140.82.121.3
146.75.120.157
151.101.129.140
162.159.152.17
18.66.112.118
18.66.147.49
18.66.97.49
2.17.100.210
2001:4860:4802:34::36
23.45.238.53
2600:9000:20eb:5c00:2:53b2:240:93a1
2600:9000:223c:8400:9:d7d4:1380:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671c
2606:4700:4400::6812:297c
2606:4700:4400::ac40:90e1
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:50ba
2606:4700::6810:5714
2606:4700::6810:70d1
2606:4700::6810:880f
2606:4700::6811:190e
2606:4700::6811:4341
2606:4700::6811:579a
2606:4700::6811:e3a3
2606:4700::6812:4ffd
2606:4700::6812:7d0c
2606:4700::6812:b07d
2606:4700::6812:c07d
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1450:4001:80b::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::2008
2a02:26f0:3500:16::215:148d
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:400::649
2a04:4e42:600::396
34.111.208.231
34.159.227.151
34.96.102.137
35.158.228.32
37.252.173.215
52.204.74.70
52.31.99.6
54.147.21.139
54.147.237.138
54.226.219.252
68.219.88.97
004b8e51f135d2301a2f4a3095bff25c1e513cfcbfc262b2619044c013ad3fbd
015f37ba3efc7959978d0b6c056cf021ef168e67da1b6c4edcde03958c3783cb
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf
0b5018e12454c16a3fc8ed8943845042f295636863515c4d480578ef9fc0bb0a
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508
11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868
14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2
15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65
1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938
1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5
1db6b123f97b64be2a35c607c2d290818cea4f045f157b7499d1e57797b52f66
24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2a0b937d13964e8573313ffab825b014a989867962759f7492cf416b24a474a9
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2d229dd80d4ddbe230f234b51e64fb677242faac4dec50fa20c12ad447fe4746
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f8418770a122e331f4c451071110595c02a61cfb6f361517aa19b1112dc6248
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3a7b10355308a78d0d91024dd892e2aae37062eec786d837c5cf4951ac903a6b
3b5765cdf7d4f072406ef5bfeecee9b32bff67188fd51806fdb3e33dd947d083
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3ee60ae8b8945b25992a944c5f94f47ea6d7b4a26c4f6b8b83249670a3af6bae
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44698204afe11b45bdaf5990e948f12b41765c2f747d5130dea7d6a857f3161e
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4d80315d0a8333bdf7577d73e5bbd4cbef33296faa538c8f238d72a8b91a8482
4db21c091585056a59bd504670bb1929685b37d5970905f69c99183a91ea4d60
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55162e9b494d9fc1831ba6a83f207a1ff6d85c052d821ad30d78baf212930cf0
558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9
568f26116adf4d86030f23a096e43618cc0c532c7d06ef5f39f165acc9cf8561
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5c6f31160a0f55d0638e50cce257a2de05f2c500e0ae1a95a0a898a87a36c232
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735
651e27cd0b2fd48c7031178d8211942aedda19cb9c72c5d5e2dcd06e7adb8416
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
70e4523c4042427c12a9c72ce6c27695bf6d13c0065819eac9468f636e2ed54b
72de69b28d48aca1318538105071e04b854472828aea5bd7eb3e7b83e4ffa221
73ab1048c20bc0aae0f9e67722f61248df8c8d36db65ba0389c857c44bff44da
751274a74c3ed3deb3a7b3142c3efc2e0ea2a434f3db9aca33df645c568a0aed
7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
802ef5cdf09c62ecb0c724e95eea381a9a760d11f4fefb17d8567b3a6ae0602e
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
8326289128837c1f6dd5b2c360d01e735e115aae8732b67dad87e864d9c8d271
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
87a1c80c3e6169816a4e0d799ff9747f5d165f06c2b9fc33ca40c6124a040c23
8a0ed8d1c8b934386f2308de7cb5cc165da1f0f5d84cb4a6b3d7f54d64341f09
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
9376df9b8822a7f057796704e3cb466577faa32f94b2460a2429944cc16c9489
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
96a765fde6451cc7ceae63b9a3f59b40a7212b3eda0fd117d6ccea41d7e66405
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a39f397a578fab590d3c22622caee469a713bfd40fae24504ca280157fe53f3
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a24e66d830ef814bbcc4553b662e0c2afe733f8f30fb4a86be6df577d146bec2
a65d5029de63edbd0e5fae2126da85af8557be5af9082adb5e8f1cd3c081f120
a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff
a8b54889515e3b6568115810c8d5d0a68edb0d8ec6e1306f0416b2cbabed9885
ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ada7937e3e819e28f1eec214b32f7d2ecd505ca90dc5bbfbbfa210df60c408fd
ae124fc031e47ed5266f1bcb14d408cc303e438ced8aa4ad55371e32845b742c
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b32a3de0fde40944e655cc5b42507b2feae6a6f02ee53ec579af91abebfe70cf
b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b444fa240d1f7857dc19bee50a31922582f7b01c994cda341be2db1103aa72c6
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e
ba251e719871ef46dd68003555fb6187821d0df2053e469e070f4e685163d26b
ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bc80f8a5a029891c055caa5004004155f2124a66b80ad39ab2b11bcdf80c1162
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c
ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39
d1b5aca028dd8447199f3c06601e38f5b8aba3b29be5ccd2de504a561fed2558
d5a421dbd597a94360622aa975ff3c27809a08e5ddaada7832a692c3b51c5eeb
d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44
d6d916d35f42035ca3f9561da42c3313daafacd17e7121aa338ae96fb47a8e17
d6e802a287f60eac57e9c526768ac91202a7104003040836954ba3067987318b
d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddaea1c7426af983cc6d9198b72a97db6278c76fd44a2d3b738247c26f7bd58a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
e1dbd1d972ca88ba630f39b8a0ffbea85c7d96c80f63179df534dcf112696894
e1e4e3cba3eeeb3ad74ae67c1f42012ebb51d8497482e5c01d404579d49c6b04
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c
e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430
e54bb1c4b708def9c2936ea8d5afe9b9963bb0fd8fbe677d28e4a9ca0005b3d2
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e55e6c4592032b9b7dd5b11e3ee6a56b7b71d9d8667aa56c34d43cc7339808b9
e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e
e6ff2465e3587a17de2fec67fedb7892da3deb07d10610dcb9cdc481bcd3e9ca
e802bfed48e0bddeec02edc41ba74ca00f520d0405ecbe8a25db6b978dd86fba
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367
eba72b1c1e3e44d5dabff914f59eb15876ae97cef296ddee4afe4821a54f2633
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.huntress.com Open in urlscan Pro 2606:2c40::c73c:671c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

182 Requests

98 %HTTPS

57 %IPv6

47 Domains

69 Subdomains

60 IPs

4 Countries

2478 kBTransfer

7271 kBSize

64 Cookies

17 Outgoing links

Redirected requests

182 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.huntress.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Screenshot
Live screenshot

Full Image

182
Requests

98 %
HTTPS

57 %
IPv6

47
Domains

69
Subdomains

60
IPs

4
Countries

2478 kB
Transfer

7271 kB
Size

64
Cookies

182 HTTP transactions
0 data transactions