www.recordedfuture.com Open in urlscan Pro
104.18.13.124 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.recordedfuture.com/cobalt-strike-servers/
Submission: On October 29 via manual (October 29th 2021, 7:33:02 am UTC) from ES — Scanned from DE

Summary HTTP 216 Redirects Links 61 Behaviour Indicators

Summary

This website contacted 39 IPs in 7 countries across 34 domains to perform 216 HTTP transactions. The main IP is 104.18.13.124, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.recordedfuture.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 23rd 2021. Valid for: a year.

This is the only time www.recordedfuture.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
70	104.18.13.124 104.18.13.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:dfcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	89.187.169.39 89.187.169.39	60068 (CDN77 ^_^) (CDN77 ^_^)
1 3	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:50c0:800... 2606:50c0:8003::153	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:223... 2600:9000:223f:ae00:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
62	18.66.112.39 18.66.112.39	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
5	52.223.61.136 52.223.61.136	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c09::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
3	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.247.242.19 162.247.242.19	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
3	2606:2c40::c7... 2606:2c40::c73c:6702	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
2	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
1	13.32.99.26 13.32.99.26	16509 (AMAZON-02) (AMAZON-02)
216	39

70 104.18.13.124 (United States)

ASN13335 (CLOUDFLARENET, US)

www.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:dfcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7baf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.187.169.39 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-39.cdn77.com

cdn.materialdesignicons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5814 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8003::153 (None, )

ASN54113 (FASTLY, US)

kenwheeler.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.233.140 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:ae00:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 18.66.112.39 (United States)

ASN16509 (AMAZON-02, US)

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.223.61.136 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a8b6f710f441cdbc2.awsglobalaccelerator.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba18 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.87 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.19 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-7.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2c40::c73c:6702 (None, )

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

go.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.26 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-26.fra60.r.cloudfront.net

embeds.driftcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	recordedfuture.com www.recordedfuture.com go.recordedfuture.com	2 MB
62	driftt.com js.driftt.com	735 KB
9	6sc.co j.6sc.co b.6sc.co c.6sc.co	15 KB
9	hubspot.com no-cache.hubspot.com cta-service-cms2.hubspot.com track.hubspot.com	135 KB
8	drift.com metrics.api.drift.com bootstrap.api.drift.com	539 B
7	matomo.cloud cdn.matomo.cloud recordedfuture.matomo.cloud	178 KB
6	google-analytics.com ssl.google-analytics.com www.google-analytics.com	72 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
3	hsforms.com perf.hsforms.com	936 B
3	google.de www.google.de	762 B
3	google.com www.google.com	733 B
3	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	2 KB
3	googletagmanager.com www.googletagmanager.com	140 KB
3	jsdelivr.net 1 redirects cdn.jsdelivr.net	212 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	facebook.com www.facebook.com	425 B
2	facebook.net connect.facebook.net	113 KB
2	cloudflare.com cdnjs.cloudflare.com	5 KB
2	unpkg.com 1 redirects unpkg.com	5 KB
1	driftcdn.com embeds.driftcdn.com	12 KB
1	nr-data.net bam.nr-data.net	321 B
1	newrelic.com js-agent.newrelic.com	13 KB
1	adnxs.com secure.adnxs.com	696 B
1	googleadservices.com www.googleadservices.com	15 KB
1	t.co t.co	470 B
1	twitter.com analytics.twitter.com	676 B
1	hs-banner.com js.hs-banner.com	16 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
1	hs-scripts.com js.hs-scripts.com	913 B
1	github.io kenwheeler.github.io	1 KB
1	materialdesignicons.com 1 redirects cdn.materialdesignicons.com	746 B
1	hscta.net js.hscta.net	6 KB
216	34

	Domain	Requested by
70	www.recordedfuture.com	www.recordedfuture.com
62	js.driftt.com	www.recordedfuture.com js.driftt.com
7	b.6sc.co	www.recordedfuture.com
6	metrics.api.drift.com	js.driftt.com
5	recordedfuture.matomo.cloud	cdn.matomo.cloud www.recordedfuture.com
4	cta-service-cms2.hubspot.com	js.hscta.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	go.recordedfuture.com
3	track.hubspot.com
3	perf.hsforms.com	js.hscta.net
3	www.google.de	www.recordedfuture.com
3	www.google.com	www.recordedfuture.com
3	www.googletagmanager.com	www.recordedfuture.com www.googletagmanager.com
3	cdn.jsdelivr.net	1 redirects www.recordedfuture.com cdn.jsdelivr.net
3	fonts.googleapis.com	www.recordedfuture.com
2	bootstrap.api.drift.com	js.driftt.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	www.facebook.com	www.recordedfuture.com
2	px.ads.linkedin.com	2 redirects
2	ssl.google-analytics.com	www.recordedfuture.com
2	cdn.matomo.cloud	www.recordedfuture.com
2	connect.facebook.net	www.recordedfuture.com connect.facebook.net
2	cdnjs.cloudflare.com	www.recordedfuture.com
2	unpkg.com	1 redirects www.recordedfuture.com
2	no-cache.hubspot.com	www.recordedfuture.com
1	embeds.driftcdn.com	js.driftt.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.recordedfuture.com
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.recordedfuture.com
1	www.linkedin.com	1 redirects
1	t.co	www.recordedfuture.com
1	analytics.twitter.com	static.ads-twitter.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	snap.licdn.com	www.recordedfuture.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	www.recordedfuture.com
1	js.hs-scripts.com	www.recordedfuture.com
1	kenwheeler.github.io	www.recordedfuture.com
1	cdn.materialdesignicons.com	1 redirects
1	js.hscta.net	www.recordedfuture.com
216	45

This site contains links to these domains. Also see Links.

Domain
go.recordedfuture.com
support.recordedfuture.com
app.recordedfuture.com
aws.amazon.com
recfut.force.com
therecord.media
www.fireeye.com
news.sophos.com
cobaltstrike.com
www.blackhillsinfosec.com
www.proofpoint.com
attack.mitre.org
blog.cobaltstrike.com
2016.eicar.org
www.shodan.io
blog.fox-it.com
www.cobaltstrike.com
opendata.rapid7.com
medium.com
github.com
engineering.salesforce.com
sslbl.abuse.ch
twitter.com
blog.morphisec.com
talosintelligence.com
otx.alienvault.com
www.clearskysec.com
www.virustotal.com
www.abuseipdb.com
censys.io
theintelligencefund.com
id.recordedfuture.com
www.facebook.com
www.instagram.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
*.recordedfuture.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-23` - `2022-02-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-07` - `2021-11-05`	3 months	crt.sh
cdn.matomo.cloud Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
drift.com Amazon	`2021-09-08` - `2022-10-07`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.matomo.cloud Amazon	`2021-08-20` - `2022-09-18`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
go.recordedfuture.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.driftcdn.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.recordedfuture.com/cobalt-strike-servers/
Frame ID: 288635C4E68C701CDA3C33E2091F76B0
Requests: 151 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8DB45DC9CC37CBD93DCAA89C0BC3C1A7
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
Frame ID: 34282A459D18B72E6E020AA4B6A9F474
Requests: 34 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
Frame ID: C50A388EF312CE4BF8EC7F0106D0BBD7
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers

Page Statistics

216
Requests

99 %
HTTPS

61 %
IPv6

34
Domains

45
Subdomains

39
IPs

7
Countries

4213 kB
Transfer

10314 kB
Size

46
Cookies

61 Outgoing links

These are links going to different origins than the main page.

URL: https://go.recordedfuture.com/cyber-daily
Title: Subscribe Today

Search URL Search Domain Scan URL

URL: http://support.recordedfuture.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://app.recordedfuture.com/live/login/
Title: Sign In

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=0e798044-1f43-48fa-8621-cf2207e7e204
Title: Learn More

Search URL Search Domain Scan URL

URL: https://recfut.force.com/partnerportal
Title: Partner Portal Log In

Search URL Search Domain Scan URL

URL: https://therecord.media/?__hstc=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&__hssc=57501621.1.1635492776614&__hsfp=2427650321
Title: The Record

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/hubfs/reports/cta-2019-0618.pdf
Title: Click here

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
Title: APT32

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/
Title: Sophos

Search URL Search Domain Scan URL

URL: https://cobaltstrike.com/downloads/csmanual38.pdf
Title: Cobalt Strike

Search URL Search Domain Scan URL

URL: https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/
Title: security professionals

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html
Title: criminal

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
Title: nation-state

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0154/
Title: MITRE

Search URL Search Domain Scan URL

URL: https://blog.cobaltstrike.com/2013/09/05/how-to-crack-cobalt-strike-and-backdoor-it/
Title: pirated versions

Search URL Search Domain Scan URL

URL: http://2016.eicar.org/86-0-Intended-use.html
Title: EICAR

Search URL Search Domain Scan URL

URL: https://www.shodan.io/search?query=ssl.cert.serial%3A146473198
Title: security certificate

Search URL Search Domain Scan URL

URL: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
Title: findings

Search URL Search Domain Scan URL

URL: https://blog.cobaltstrike.com/2019/02/19/cobalt-strike-team-server-population-study/
Title: Cobalt Strike Team Server Population Study

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/releasenotes.txt
Title: Cobalt Strike release notes

Search URL Search Domain Scan URL

URL: https://opendata.rapid7.com/
Title: Rapid7

Search URL Search Domain Scan URL

URL: https://medium.com/@80vul/identifying-cobalt-strike-team-servers-in-the-wild-by-using-zoomeye-debf995b6798
Title: blog

Search URL Search Domain Scan URL

URL: https://github.com/salesforce/ja3
Title: JA3 project

Search URL Search Domain Scan URL

URL: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
Title: fingerprints

Search URL Search Domain Scan URL

URL: https://github.com/OISF/suricata/blob/master/src/util-ja3.c
Title: Suricata

Search URL Search Domain Scan URL

URL: https://github.com/salesforce/ja3/tree/master/lists
Title: Salesforce’s Github account

Search URL Search Domain Scan URL

URL: https://sslbl.abuse.ch/ja3-fingerprints/
Title: sources

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/cobaltstrike-extraneous-space
Title: detection methodology

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1096073797688545280
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1109450986530181122
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://www.shodan.io/search?query=31.220.43.11
Title: data

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
Title: ransomware

Search URL Search Domain Scan URL

URL: https://blog.morphisec.com/new-global-attack-on-point-of-sale-systems
Title: malware

Search URL Search Domain Scan URL

URL: https://talosintelligence.com/reputation_center/lookup?search=mail.sexlove24.com
Title: data

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/indicator/ip/185.80.233.166
Title: activity

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
Title: observed

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
Title: TEMP.Periscope

Search URL Search Domain Scan URL

URL: https://www.clearskysec.com/tulip/
Title: Wilted Tulip

Search URL Search Domain Scan URL

URL: https://twitter.com/ScumBots/statuses/1109458537850261504
Title: @Scumbots

Search URL Search Domain Scan URL

URL: https://www.shodan.io/host/89.105.198.18
Title: corroborated

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3a143d038aae9e4253ed6656beaaae298795a3df20e874544c0122435ef79bc0/detection
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/relations
Title: delivering

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/analysis/
Title: Cobalt Strike beacon

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/99d51f599e52988e92e5a6c124c252e203cabc41aecf4dab9c4ed72012b4aed2/community
Title: detected

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/06f8004835c5851529403f73ad23168b1127315d02c68e0153e362a73f915c72/behavior/Tencent%20HABO
Title: detected

Search URL Search Domain Scan URL

URL: https://www.abuseipdb.com/check/72.14.184.90
Title: implicated

Search URL Search Domain Scan URL

URL: https://censys.io/certificates/25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
Title: certificates

Search URL Search Domain Scan URL

URL: https://censys.io/certificates/e86b77b36a18ae3142d662d7a21a83993ecd487814649030449915e5d212e5aa
Title: linked

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/57b44bc1e2eca1b246b528db281d101532479b5688d743021cb7add7c08fd253/detection
Title: command and control

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/cs/c/?cta_guid=bfb042c4-2edc-4f3e-b748-d104f601ac33&signature=AAH58kHpuEB08pJ75FTnhkewfaJq3ecMUw&placement_guid=9210833d-34a7-4597-ade0-03e16dcbc24c&click=c68090db-3c0a-47eb-9b2d-5544e337053b&hsutk=60e108089cdefe4d82c69e9de9fdb5b7&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&portal_id=252628&redirect_url=APefjpHKt4p6WSKvNmQvt4nkIgJSjgg608A5yHSLHG2WQDODaFMaSCV6IaJ4ZcNG-d7cT2GvviNkpUsa_QQ-x_FYIOMgIzN_i4znhfK_mIUyGHneeHAAj5P27FAL3umOrmZZGhwAD9o98E7ZLq_xrWCi6jGcfBm5c-a3_hDNE9TziVxOAp4390eIwaaX-kT5WAZCZOgEiI8lKLUgBmd1kDCUhc6auqKrDLWpaJ_kdDB_Ct5aCP7-YqQbfBTVxaszNl0JlZGNbd53fxyh8Hc4xGES4u5yTUAPgg&__hstc=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&__hssc=57501621.1.1635492776614&__hsfp=2427650321

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/cs/c/?cta_guid=9d9a2f2d-7a5e-4b33-9cfa-4f7e5e866275&signature=AAH58kGCy1KaoNhUuK3tAJI0xKMI6xItzw&placement_guid=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&click=61d8eaff-2b4b-48b7-a47e-08b000d8bedf&hsutk=60e108089cdefe4d82c69e9de9fdb5b7&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&portal_id=252628&redirect_url=APefjpGNcbMt0EBsbKcZeaxNw3PHZUkYytk0QBfHmJ2AdTO-guuTSZXTam2dbPqHObSvBEqd3T_Be91T3VxMzOLSBI8awhh5N5_EPpiA3RwU1mY0ce40nQ5QbeDNCQ3xw6-lHxlOSHRTaiT3jet_fwqA5UNtv-HpMZEbNR2HpZZNgbpB_iR0SjEHPbhp3_BcO5A6TOsOcaHT0WpfxSS3ItKpHzmKzPq3Kdg-pXnOUCrJ7JNpGdAbJdHdpRICVae4jjRrl52C4_Fk4mD8VqBPUh_hm9MbyVXo5A&__hstc=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&__hssc=57501621.1.1635492776614&__hsfp=2427650321

Search URL Search Domain Scan URL

URL: https://theintelligencefund.com/
Title: The Intelligence Fund

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/book-3
Title: Handbook

Search URL Search Domain Scan URL

URL: https://id.recordedfuture.com/login?request_id=eyJpZCI6IjI3OTY0N2RhLWRmNDctNDJmNC1hM2FjLTM5MTM3NTQ1MmQ1NiIsImNsaWVudF9pZCI6InBvcnRhbCIsInJlc3BvbnNlX3R5cGUiOlsiY29kZSJdLCJzdGF0ZSI6IjZ3MUszdFlwNEhaNSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYXBwLnJlY29yZGVkZnV0dXJlLmNvbS9yZi9hcGkvdjEvbG9naW5fY2FsbGJhY2siLCJzY29wZSI6WyJlbWFpbCIsIm9wZW5pZCJdfQ==
Title: Sign In

Search URL Search Domain Scan URL

URL: https://support.recordedfuture.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://twitter.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.instagram.com/recordedfuture/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/recorded-future/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/RecordedFuture

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://unpkg.com/aos@2.3.1/dist/aos.js?ver=3.8.5 HTTP 302
https://unpkg.com/aos@2.3.1/dist/aos.js

Request Chain 58

https://cdn.materialdesignicons.com/3.5.95/css/materialdesignicons.min.css HTTP 301
https://cdn.jsdelivr.net/mdi/3.5.95/css/materialdesignicons.min.css HTTP 301
https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Request Chain 109

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26800%26time%3D1635492775547%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com%252Fcobalt-strike-servers%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true&e_ipv6=AQK17Iwy4v3hHAAAAXzK90kQGRfxSqxBrD4I5Dkjy61aF_aTwHBkdGg-nW0AWBsACpOmeO-J

216 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.recordedfuture.com/cobalt-strike-servers/ 129 KB
36 KB 81ms
30ms Document
text/html 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f62973e506cd3fa10b2afc34ca1b974a6bb77f39e018690d767beb48481c9db8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 29 Oct 2021 07:32:54 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=60
cf-edge-cache: cache,platform=wordpress
content-security-policy: frame-ancestors 'none'
link: <https://www.recordedfuture.com/?p=37827>; rel=shortlink
referrer-policy: strict-origin
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-styx-req-id: 31ad3a46-3836-11ec-8aba-3a45c8ccc7dd
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17367-MDW, cache-wdc5565-WDC
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1635456595.427222,VS0,VE741
vary: Accept-Encoding, Cookie, Cookie
age: 36178
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 21:29:56 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a5ab673982a3afb-CDG
content-encoding: gzip

GET
H2 200 materialize.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/ 146 KB
29 KB 28ms
28ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/materialize.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c142f741438550d5cad8e88b6b2952f8f256efda416f35e5a84dd2f6066144d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 29052
x-served-by: cache-mdw17354-MDW, cache-wdc5524-WDC
last-modified: Tue, 26 Oct 2021 19:46:47 GMT
server: cloudflare
x-timer: S1635450197.997331,VS0,VE1
etag: W/"61785b27-2491e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 09:05:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e88b3afb-CDG
x-styx-req-id: 361bbdd1-37ce-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 200 style.min.css
www.recordedfuture.com/wp-includes/css/dist/block-library/ 57 KB
11 KB 40ms
39ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 10961
x-served-by: cache-mdw17367-MDW, cache-bwi5039-BWI
last-modified: Wed, 13 Oct 2021 16:50:41 GMT
server: cloudflare
x-timer: S1635450197.974965,VS0,VE1
etag: W/"61670e61-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 06:27:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e88d3afb-CDG
x-styx-req-id: e7825872-2d80-11ec-92da-66ca9ee36be7
x-cache-hits: 0, 2

GET
H2 200 blocks.style.build.css
www.recordedfuture.com/wp-content/plugins/cool-timeline-pro/includes/gutenberg-instant-builder/dist/ 11 KB
2 KB 31ms
30ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/cool-timeline-pro/includes/gutenberg-instant-builder/dist/blocks.style.build.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c60328c2a2fba270c2fc603e556bb6eb41d10cecac5941dfe54e0c071472cc78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1813
x-served-by: cache-mdw17373-MDW, cache-bwi5057-BWI
last-modified: Wed, 13 Oct 2021 16:50:37 GMT
server: cloudflare
x-timer: S1635450197.014337,VS0,VE0
etag: W/"61670e5d-2d20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:11:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e88e3afb-CDG
x-styx-req-id: 4997c312-2d76-11ec-8013-ce1f3dd47c6f
x-cache-hits: 1, 2

GET
H2 200 dashicons.min.css
www.recordedfuture.com/wp-includes/css/ 58 KB
36 KB 42ms
41ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/css/dashicons.min.css?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 36701
x-served-by: cache-mdw17335-MDW, cache-bwi5055-BWI
last-modified: Sun, 17 Oct 2021 08:09:22 GMT
server: cloudflare
x-timer: S1635450197.994242,VS0,VE0
etag: W/"616bda32-e688"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 05:55:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e88f3afb-CDG
x-styx-req-id: b40d7c19-32fc-11ec-8013-ce1f3dd47c6f
x-cache-hits: 1, 2

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 61ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700&ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 07:10:55 GMT
server: ESF
date: Fri, 29 Oct 2021 07:32:55 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 genericons.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/ 27 KB
17 KB 42ms
41ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/genericons/genericons/genericons.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98726f9632fa3f6359c2d118f2061241729bcfc9a98563ccb6cf87444d32bd88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 16752
x-served-by: cache-mdw17334-MDW, cache-bwi5083-BWI
last-modified: Wed, 13 Oct 2021 16:50:37 GMT
server: cloudflare
x-timer: S1635450197.027628,VS0,VE1
etag: W/"61670e5d-6b84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:45:11 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e8913afb-CDG
x-styx-req-id: 104a1147-2d7b-11ec-8d6c-a6abd588099d
x-cache-hits: 1, 1

GET
H2 200 font-awesome.min.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/ 30 KB
8 KB 31ms
30ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome/css/font-awesome.min.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 7949
x-served-by: cache-mdw17320-MDW, cache-bwi5029-BWI
last-modified: Wed, 13 Oct 2021 16:50:37 GMT
server: cloudflare
x-timer: S1635450197.052315,VS0,VE1
etag: W/"61670e5d-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:35:20 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e8923afb-CDG
x-styx-req-id: afcb3aef-2d79-11ec-8013-ce1f3dd47c6f
x-cache-hits: 0, 1

GET
H2 200 all.min.css
www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/ 51 KB
12 KB 40ms
40ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/icons/fontawesome5/css/all.min.css?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84decc00a588d65b9c7ae58a79d11fa6eb4a1ae0330a0e78097ef88599482168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 12389
x-served-by: cache-mdw17358-MDW, cache-bwi5072-BWI
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450197.019217,VS0,VE1
etag: W/"61785b26-ca00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:25:40 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e8933afb-CDG
x-styx-req-id: df0d9a22-37b7-11ec-8431-aac19659ab0b
x-cache-hits: 0, 1

GET
H2 200 style.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/ 616 KB
83 KB 42ms
41ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b22a782d08b25024012dd62af1848c8e9fc236b147753ba3b98f03e8034aafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 84229
x-served-by: cache-mdw17371-MDW, cache-wdc5523-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450197.026638,VS0,VE0
etag: W/"616e13a5-9a1a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 07:14:49 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e8943afb-CDG
x-styx-req-id: 940b02f8-323e-11ec-92da-66ca9ee36be7
x-cache-hits: 1, 2

GET
H2 200 cookieconsent.min.css
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/css/ 20 KB
4 KB 42ms
41ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieconsent.min.css?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 4188
x-served-by: cache-mdw17321-MDW, cache-wdc5558-WDC
last-modified: Sun, 17 Oct 2021 08:09:20 GMT
server: cloudflare
x-timer: S1635450197.004792,VS0,VE0
etag: W/"616bda30-519d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:20:14 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab673e8963afb-CDG
x-styx-req-id: 920f34e2-322e-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 1, 2

GET
H2 200 jquery.min.js Show response
www.recordedfuture.com/wp-includes/js/jquery/ 87 KB
36 KB 41ms
35ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-drgj6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 36073
x-served-by: cache-mdw17360-MDW, cache-wdc5565-WDC
last-modified: Mon, 04 Oct 2021 13:09:18 GMT
server: cloudflare
x-timer: S1635450198.716434,VS0,VE1
etag: W/"615afcfe-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 08 Oct 2022 05:30:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674893d3afb-CDG
x-styx-req-id: af8f4780-272f-11ec-b570-325a77174e1b
x-cache-hits: 1, 1

GET
H2 200 jquery-migrate.min.js Show response
www.recordedfuture.com/wp-includes/js/jquery/ 11 KB
5 KB 43ms
38ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-7hfl5
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 4565
x-served-by: cache-mdw17333-MDW, cache-wdc5529-WDC
last-modified: Mon, 04 Oct 2021 19:08:05 GMT
server: cloudflare
x-timer: S1635450198.714912,VS0,VE1
etag: W/"615b5115-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Fri, 07 Oct 2022 11:52:14 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674893e3afb-CDG
x-styx-req-id: d90d1cf8-269b-11ec-a8d7-0e710ff1d229
x-cache-hits: 0, 1

GET
H2 200 rf-logo-2020-1.png
www.recordedfuture.com/wp-content/uploads/ 4 KB
4 KB 33ms
28ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/rf-logo-2020-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0940efb55fa2f1deb76f9261931ac680e0fc2429e1073e2bafaadc7a32bab6d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1693
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-8s28k
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4016
x-served-by: cache-mdw17323-MDW, cache-bwi5035-BWI
last-modified: Fri, 03 Jul 2020 11:31:31 GMT
server: cloudflare
x-timer: S1635491083.738227,VS0,VE1
etag: "5eff1713-fb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 3c812bc0-269a-11ec-85ab-0e5e40533d09
expires: Fri, 07 Oct 2022 11:40:42 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489413afb-CDG
x-cache-hits: 0, 1

GET
H2 200 logo-primary-black-2020.svg
www.recordedfuture.com/wp-content/uploads/ 5 KB
2 KB 44ms
38ms Image
image/svg+xml 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/logo-primary-black-2020.svg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40bcd63ab74f4ab4d6976033797595ea693379a4186ba951e8059d8f2b63c7a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 40028
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1879
x-served-by: cache-mdw17353-MDW, cache-wdc5539-WDC
access-control-allow-origin: *
last-modified: Tue, 11 Aug 2020 17:58:16 GMT
server: cloudflare
x-timer: S1635452747.329215,VS0,VE1
etag: W/"5f32dc38-141a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:38:55 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489423afb-CDG
x-styx-req-id: 2ea08547-3231-11ec-8dcb-6ed349c1c73f
x-cache-hits: 1, 1

GET
H2 200 menu-aws-1.png
www.recordedfuture.com/wp-content/uploads/ 7 KB
7 KB 81ms
76ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/menu-aws-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b44433b6d777aed38ed9359c5453bba1fb62c181f99f060b94cc58e457457d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41881
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6793
x-served-by: cache-mdw17323-MDW, cache-wdc5532-WDC
last-modified: Thu, 16 Jul 2020 14:51:53 GMT
server: cloudflare
x-timer: S1635450895.639514,VS0,VE1
etag: "5f106989-1a89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: df167e6d-37b7-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 06:25:40 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489453afb-CDG
x-cache-hits: 1, 1

GET
H2 200 solution-menu-2.png
www.recordedfuture.com/wp-content/uploads/ 42 KB
42 KB 143ms
137ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/solution-menu-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cc82f513588a417cfb181cd5b2329432cc3b2bb9d1f056e432838a036851aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 40028
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 42837
x-served-by: cache-mdw17345-MDW, cache-bwi5033-BWI
last-modified: Wed, 02 Sep 2020 14:38:31 GMT
server: cloudflare
x-timer: S1635452747.360316,VS0,VE113
etag: "5f4fae67-a755"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 2df6326e-37ca-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 08:36:43 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489463afb-CDG
x-cache-hits: 0, 1

GET
H2 200 Live-Demo-Button-min.png
www.recordedfuture.com/wp-content/uploads/ 3 KB
4 KB 48ms
42ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/Live-Demo-Button-min.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaeb4f0f1808f80c63dfe32e104ca7e0d2f34811e935891f591275d14b1a7826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41881
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-2wb7t
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3440
x-served-by: cache-mdw17320-MDW, cache-wdc5535-WDC
last-modified: Wed, 07 Jul 2021 17:28:07 GMT
server: cloudflare
x-timer: S1635450895.663243,VS0,VE1
etag: "60e5e427-d70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: f6bee27c-37b4-11ec-a09e-227203492b43
expires: Sat, 29 Oct 2022 06:04:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489493afb-CDG
x-cache-hits: 1, 1

GET
H2 200 The-Record-Sq.png
www.recordedfuture.com/wp-content/uploads/ 6 KB
6 KB 51ms
44ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/The-Record-Sq.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7f76c0835d3a337c354d936e4797b1453457ab37dadb9f99cbf75bc792daede

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41881
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 6353
x-served-by: cache-mdw17371-MDW, cache-wdc5556-WDC
last-modified: Wed, 01 Sep 2021 15:14:27 GMT
server: cloudflare
x-timer: S1635450895.666500,VS0,VE1
etag: "612f98d3-18d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: b10edd38-2d79-11ec-adb8-669110ad1daa
expires: Sun, 16 Oct 2022 05:35:22 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674894a3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 insikt-group-logo-updated-2.png
www.recordedfuture.com/assets/ 12 KB
12 KB 80ms
74ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/insikt-group-logo-updated-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faf835f97585eb330064dc8e8b23593c89ccbaf59ec5dc3fae770ddc6afedbda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 12127
x-served-by: cache-mdw17337-MDW, cache-wdc5582-WDC
last-modified: Tue, 17 Dec 2019 17:53:59 GMT
server: cloudflare
x-timer: S1635456598.343315,VS0,VE1
etag: "5df91637-2f5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 12df3ffd-3239-11ec-949c-2a1d1f5da7d2
expires: Sat, 22 Oct 2022 06:35:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674894b3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-1-1.png
www.recordedfuture.com/assets/ 23 KB
23 KB 49ms
43ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-1-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f3923859a304623f0c5efd3103b04660502b9d2c7410b559d163266363efae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-8s28k
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 23668
x-served-by: cache-mdw17354-MDW, cache-bwi5082-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.334287,VS0,VE1
etag: "5df6af1e-5c74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 79f9fdfc-26ab-11ec-85ab-0e5e40533d09
expires: Fri, 07 Oct 2022 13:44:06 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674894c3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-2-1.png
www.recordedfuture.com/assets/ 245 KB
246 KB 57ms
51ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-2-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c662a9b742f184dc32f391cb1a7e22636157ef73c441024f8bc217a9d76f744f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 251050
x-served-by: cache-mdw17369-MDW, cache-wdc5560-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.322166,VS0,VE3
etag: "5df6af1e-3d4aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: a7892703-324c-11ec-b1cd-36fd5dbf0b73
expires: Sat, 22 Oct 2022 08:55:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674894d3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-3-2.png
www.recordedfuture.com/assets/ 46 KB
46 KB 35ms
29ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-3-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04b12fe4b726c8e5ba04dcff9b0d38ce4732135f29f207d157298e361217dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 47059
x-served-by: cache-mdw17369-MDW, cache-wdc5579-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.314808,VS0,VE3
etag: "5df6af1e-b7d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: a7900da4-324c-11ec-8013-ce1f3dd47c6f
expires: Sat, 22 Oct 2022 08:55:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674894f3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-4-2.png
www.recordedfuture.com/assets/ 372 KB
373 KB 81ms
76ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-4-2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca30196668a7f8ebe3b4a6ef2d30a2e3d491b06557b222a75d98b47c50f69bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-rwnjp
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 381121
x-served-by: cache-mdw17363-MDW, cache-wdc5581-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.340549,VS0,VE3
etag: "5df6af1e-5d0c1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 40bc9902-26a0-11ec-a1eb-72f4ee0ed6c4
expires: Fri, 07 Oct 2022 12:23:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489503afb-CDG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-5-1.png
www.recordedfuture.com/assets/ 46 KB
46 KB 44ms
38ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-5-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba11b78c71401e77efe041c42fd9d50277c38a01ca9f377adf9f038338d28cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 46669
x-served-by: cache-mdw17345-MDW, cache-bwi5021-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.352493,VS0,VE2
etag: "5df6af1e-b64d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 24bedba1-3304-11ec-8aba-3a45c8ccc7dd
expires: Sun, 23 Oct 2022 06:49:03 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489513afb-CDG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-6-1.png
www.recordedfuture.com/assets/ 54 KB
54 KB 51ms
46ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-6-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680ffc6fb7452a4d41dcccc5c5dff70c52d39aba45492d33c5413dddbf238c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-56496ffc66-lq4jv
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 55340
x-served-by: cache-mdw17349-MDW, cache-bwi5043-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.374437,VS0,VE2
etag: "5df6af1e-d82c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 5d46ad9b-274c-11ec-9af9-1209d3a7d90f
expires: Sat, 08 Oct 2022 08:55:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489533afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-7-1.png
www.recordedfuture.com/assets/ 85 KB
85 KB 79ms
73ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-7-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db41595d2e0dc3c39109915e8858537bdc06d9bf2b4800082478179af14db26b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 87053
x-served-by: cache-mdw17353-MDW, cache-wdc5525-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.347232,VS0,VE2
etag: "5df6af1e-1540d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 40a7883d-2bc9-11ec-adb8-669110ad1daa
expires: Fri, 14 Oct 2022 01:59:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489553afb-CDG
x-cache-hits: 1, 1

GET
H2 200 cobalt-strike-servers-8-1.png
www.recordedfuture.com/assets/ 84 KB
84 KB 78ms
73ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-8-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87ead41c0a6b481b3cc9c1bc9833aa34e2528b09e72516a285c734039ce5f168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-wvqsf
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 85746
x-served-by: cache-mdw17348-MDW, cache-bwi5021-BWI
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.353690,VS0,VE2
etag: "5df6af1e-14ef2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 888b4b78-274b-11ec-99cc-06a92871cae9
expires: Sat, 08 Oct 2022 08:49:50 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489563afb-CDG
x-cache-hits: 0, 1

GET
H2 200 cobalt-strike-servers-9-1.png
www.recordedfuture.com/assets/ 81 KB
81 KB 161ms
155ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/assets/cobalt-strike-servers-9-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f25666e0933bf72ec6b39d6fc904783fbf5159b3fad915bdccca1a73e2ca273b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 82751
x-served-by: cache-mdw17345-MDW, cache-wdc5540-WDC
last-modified: Sun, 15 Dec 2019 22:09:34 GMT
server: cloudflare
x-timer: S1635456598.349395,VS0,VE2
etag: "5df6af1e-1433f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: e9c69e4e-2cc5-11ec-8d6c-a6abd588099d
expires: Sat, 15 Oct 2022 08:08:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489583afb-CDG
x-cache-hits: 0, 1

GET
H2 200 9210833d-34a7-4597-ade0-03e16dcbc24c.png
no-cache.hubspot.com/cta/default/252628/ 106 KB
107 KB 267ms
201ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/252628/9210833d-34a7-4597-ade0-03e16dcbc24c.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265fd69dc48e408e11848da1bdaea9a27f2f474a502775577ee17e62abcb761a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: RXS043VWZXG9RJFE
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 108866
x-amz-id-2: gJb3phQwyf7/li3srAGg5VRdNLNY1yq3LnCduFP/rRRCKleaOxjG5PdAAbglL53dcmNj/D8FZxQ=
last-modified: Wed, 13 Oct 2021 15:59:51 GMT
server: cloudflare
etag: "db62a06d8de823cfae569d82d79e5bff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0n5doRUECJCICFThxGWVNmdVHdUcJBnsx9lNLihtW5Tk%2Bg8kkFobFaCNP6PDqspljopflBGldw1mqH1c3o7qKVP5bB2EK9BA1TmfbIPLF%2B4zlef5IVVTVEPnN5oxq6dUYWU%2F%2F47srKKILz5baMjkltk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6a5ab674ff5d375c-MXP

GET
H2 200 current.js Show response
js.hscta.net/cta/ 15 KB
6 KB 47ms
20ms Script
application/javascript 2606:4700::6811:dfcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:dfcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d40a41723def70b4af303c98a8269de407ed39586596106e16c9e0be01942d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 275
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.58/bundles/current.js&cfRay=6a5aafbe0d9268ec-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 12 Oct 2021 02:01:47 UTC
server: cloudflare
etag: W/"a8a49c7978076612823c74a68af6ddd2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: bIX34_Z7jbBTKmCHOiEuDTn.zv2_JoZI
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6a5ab6746de12b1e-FRA
x-amz-cf-id: DMIJIturnZZHKcbuVEsqFdwUHZ3Y3zbuR_Oy5RsD05PKB7Z2TeF96w==
x-hs-target-asset: cta-embed-js/static-1.58/bundles/current.js

GET
H2 200 a7fb8b5c-b14d-4030-a76d-26dbc96ab43b.png
no-cache.hubspot.com/cta/default/252628/ 19 KB
20 KB 268ms
202ms Image
image/jpeg 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/252628/a7fb8b5c-b14d-4030-a76d-26dbc96ab43b.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f527f0504570ea0238ac6eff51a33a70834b3ed3123265351526460cbe0d8d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: RXS87QVFK0BH77WA
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19318
x-amz-id-2: yPLo/Q5o6qBy+MkYg2805DIGPLeJ2pHrYBY5BxI0PeHORADqYEOXsNdm7odt6/dvC3Xu0wpbRDM=
last-modified: Wed, 13 Oct 2021 16:00:34 GMT
server: cloudflare
etag: "6de6b71af030820504a0f539322a3e49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8fwFcRZGpJRUh135Bowl0agavPeW%2Bvj50z78iOsgaUJwdG7VM4WxMIJPM1Kiw048PDKC25s%2FtcpxaxW63Oh8%2BPxuOnhoDr%2BKwg965MwvbgkW9Ae6oc8ycKpLYnuGiJcE1VvNVYUAtmQD2fuUPTEROek"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6a5ab674ff5e375c-MXP

GET
H2 200 termination-federal-unemployment-programs-turning-point-fraudsters-list.jpg
www.recordedfuture.com/wp-content/uploads/ 378 KB
379 KB 84ms
79ms Image
image/jpeg 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/termination-federal-unemployment-programs-turning-point-fraudsters-list.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f412e2b324d3f4828a4eebd87cbeef91837054dc9cbecee057c2a172ad3287ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37394
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
cf-bgj: h2pri
content-length: 387526
x-served-by: cache-mdw17371-MDW, cache-wdc5545-WDC
last-modified: Thu, 28 Oct 2021 15:59:35 GMT
server: cloudflare
x-timer: S1635455381.287889,VS0,VE2
etag: "617ac8e7-5e9c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 10a78b74-3809-11ec-b1cd-36fd5dbf0b73
expires: Sat, 29 Oct 2022 16:06:52 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489593afb-CDG
x-cache-hits: 1, 1

GET
H2 200 operation-secondary-infektion-impersonates-swedish-riksdag-list.jpg
www.recordedfuture.com/wp-content/uploads/ 86 KB
86 KB 79ms
74ms Image
image/jpeg 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/operation-secondary-infektion-impersonates-swedish-riksdag-list.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef52ef34f25e761b4c0392f953bdd8d9edda1bc028657df3dd9fdc6438183115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37379
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
cf-bgj: h2pri
content-length: 87800
x-served-by: cache-mdw17324-MDW, cache-bwi5021-BWI
last-modified: Tue, 26 Oct 2021 13:53:05 GMT
server: cloudflare
x-timer: S1635455397.502303,VS0,VE2
etag: "61780841-156f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 5e56886e-3665-11ec-8013-ce1f3dd47c6f
expires: Thu, 27 Oct 2022 14:02:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895a3afb-CDG
x-cache-hits: 1, 1

GET
H2 200 List-View-1.jpg
www.recordedfuture.com/wp-content/uploads/ 363 KB
364 KB 80ms
75ms Image
image/jpeg 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/List-View-1.jpg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b95cb9d1afbdd93fee9b33d9f2da1b4e0df06ad73b77b8f507005d0ae2089e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37379
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
cf-bgj: h2pri
content-length: 371732
x-served-by: cache-mdw17350-MDW, cache-bwi5024-BWI
last-modified: Thu, 21 Oct 2021 12:56:05 GMT
server: cloudflare
x-timer: S1635455397.622480,VS0,VE1
etag: "61716365-5ac14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
x-styx-req-id: 0564486b-37c0-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 07:24:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895b3afb-CDG
x-cache-hits: 1, 1

GET
H2 200 rf-logo-square-white-1.png
www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/ 4 KB
4 KB 85ms
80ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/rf-logo-square-white-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22d9ce45b9c08488a55c6806bb6dc4cbfde25f244f223ad95dafa7ab4fdf09f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41881
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4199
x-served-by: cache-mdw17345-MDW, cache-wdc5529-WDC
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450895.662074,VS0,VE1
etag: "61670e5c-1067"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: d73d2069-2cba-11ec-a29b-cab5920faf7c
expires: Sat, 15 Oct 2022 06:49:12 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895c3afb-CDG
x-cache-hits: 1, 1

GET
H2 200 qppr_frontend_script.min.js Show response
www.recordedfuture.com/wp-content/plugins/quick-pagepost-redirect-plugin/js/ 2 KB
967 B 81ms
77ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr_frontend_script.min.js?ver=5.2.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9jmjz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 568
x-served-by: cache-mdw17345-MDW, cache-wdc5556-WDC
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450198.673054,VS0,VE1
etag: W/"61670e5c-636"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 15 Oct 2022 11:15:21 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895d3afb-CDG
x-styx-req-id: 0592089c-2ce0-11ec-8aba-3a45c8ccc7dd
x-cache-hits: 0, 1

GET
H2 200 jquery.rwdImageMaps.min.js Show response
www.recordedfuture.com/wp-content/plugins/responsive-image-maps/ 1 KB
901 B 80ms
76ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/responsive-image-maps/jquery.rwdImageMaps.min.js?ver=1.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed839d9fae4a8e722e9c408c2716a6f1eb789b99ef16722cd39ff4965749d8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 661
x-served-by: cache-mdw17377-MDW, cache-bwi5032-BWI
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450198.722305,VS0,VE1
etag: W/"61785b26-45a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:12:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895e3afb-CDG
x-styx-req-id: c3b4885c-37c6-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 1, 1

GET
H2

200

aos.js Show response
unpkg.com/aos@2.3.1/dist/
Redirect Chain

https://unpkg.com/aos@2.3.1/dist/aos.js?ver=3.8.5
https://unpkg.com/aos@2.3.1/dist/aos.js

14 KB
5 KB

48ms
48ms

Script
application/javascript

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6177486
fly-request-id: 01FDDC4MP85YQ94T93W274G7CA
content-encoding: br
vary: Accept-Encoding
last-modified: Thu, 17 May 2018 22:11:13 GMT
server: cloudflare
etag: W/"379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6a5ab6758bcb59e9-MXP

Redirect headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01FK5FEH9AS137Y67KXDF7JG28
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /aos@2.3.1/dist/aos.js
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab674faca59e9-MXP

GET
H2 200 materialize.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 217 KB
61 KB 82ms
77ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/materialize.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9576157078dda9a522dad222249eeec6e639a856351b9f09451163cec1828ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 61953
x-served-by: cache-mdw17355-MDW, cache-bwi5025-BWI
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450198.679851,VS0,VE1
etag: W/"61670e5c-36305"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 05:14:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674895f3afb-CDG
x-styx-req-id: d0a134f2-2d76-11ec-a383-3277ea497536
x-cache-hits: 1, 1

GET
H2 200 isotope.pkgd.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 89 KB
27 KB 82ms
78ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/isotope.pkgd.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

699713f69dbd2387b7c3b57204bcdc3d86d3ac350718a7ad65a5293e0d2c53eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 27654
x-served-by: cache-mdw17373-MDW, cache-wdc5544-WDC
last-modified: Sun, 17 Oct 2021 08:09:21 GMT
server: cloudflare
x-timer: S1635450198.695573,VS0,VE1
etag: W/"616bda31-16506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:59:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489603afb-CDG
x-styx-req-id: 0e84f8d6-3234-11ec-92da-66ca9ee36be7
x-cache-hits: 1, 1

GET
H2 200 navigation.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
2 KB 95ms
90ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/navigation.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1179
x-served-by: cache-mdw17324-MDW, cache-wdc5544-WDC
last-modified: Wed, 13 Oct 2021 16:50:36 GMT
server: cloudflare
x-timer: S1635450198.786808,VS0,VE1
etag: W/"61670e5c-b97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 15 Oct 2022 08:37:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489623afb-CDG
x-styx-req-id: 024341f2-2cca-11ec-a383-3277ea497536
x-cache-hits: 0, 1

GET
H2 200 skip-link-focus-fix.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 685 B
660 B 160ms
155ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/skip-link-focus-fix.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 426
x-served-by: cache-mdw17359-MDW, cache-bwi5069-BWI
last-modified: Tue, 26 Oct 2021 19:46:52 GMT
server: cloudflare
x-timer: S1635450198.727140,VS0,VE1
etag: W/"61785b2c-2ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 07:24:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489633afb-CDG
x-styx-req-id: 05b2d923-37c0-11ec-92da-66ca9ee36be7
x-cache-hits: 0, 1

GET
H2 200 util.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
2 KB 83ms
79ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/util.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

773a8f6755c75e51461fb4809413075f96342df2696625580b407967292d915c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1302
x-served-by: cache-mdw17332-MDW, cache-wdc5552-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450198.759867,VS0,VE1
etag: W/"616e13a5-d48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 05:38:56 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489643afb-CDG
x-styx-req-id: 2ed1e179-3231-11ec-8dcb-6ed349c1c73f
x-cache-hits: 0, 1

GET
H2 200 swipe-content.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
1 KB 82ms
78ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/swipe-content.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8207ade6f639887a7838b2903d39de1b3d21a327b031310555676d120e068b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 912
x-served-by: cache-mdw17352-MDW, cache-wdc5556-WDC
last-modified: Tue, 12 Oct 2021 13:13:50 GMT
server: cloudflare
x-timer: S1635450198.779918,VS0,VE1
etag: W/"61658a0e-c29"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489653afb-CDG
x-styx-req-id: 44dc6167-2b5e-11ec-a29b-cab5920faf7c
x-cache-hits: 1, 1

GET
H2 200 nodelist-foreach-polyfill.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 242 B
408 B 120ms
116ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/nodelist-foreach-polyfill.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70c9b373b81d6e43a3479f52231ac50d2691fd9232042514159be5866a65e40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 174
x-served-by: cache-mdw17358-MDW, cache-wdc5535-WDC
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450198.700987,VS0,VE1
etag: W/"61785b28-f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:04:56 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489663afb-CDG
x-styx-req-id: f97e2666-37b4-11ec-8431-aac19659ab0b
x-cache-hits: 0, 1

GET
H2 200 smoothscroll.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 11 KB
4 KB 79ms
75ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/smoothscroll.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83e7b0edd83ba89635382f425dfdfd4e2dc0f4c43a059c41dce98cdb1048ab86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3373
x-served-by: cache-mdw17350-MDW, cache-wdc5569-WDC
last-modified: Tue, 12 Oct 2021 13:13:49 GMT
server: cloudflare
x-timer: S1635492033.441924,VS0,VE1
etag: W/"61658a0d-2c9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489673afb-CDG
x-styx-req-id: 44df4aec-2b5e-11ec-a383-3277ea497536
x-cache-hits: 1, 1

GET
H2 200 slick.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 50 KB
14 KB 82ms
78ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/slick.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec3873a49c77ec8a26f8c7a6f60eff1c0a7884459b5f8d2fcef28ef0ce271792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-2wb7t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14024
x-served-by: cache-mdw17360-MDW, cache-wdc5536-WDC
last-modified: Tue, 26 Oct 2021 19:46:48 GMT
server: cloudflare
x-timer: S1635450198.742645,VS0,VE1
etag: W/"61785b28-c676"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 06:27:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489683afb-CDG
x-styx-req-id: 1fcee821-37b8-11ec-a09e-227203492b43
x-cache-hits: 1, 1

GET
H2 200 jquery.matchHeight.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 5 KB
2 KB 81ms
77ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/jquery.matchHeight.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

271bc594ffc1d972db7f089f567b29b1174183bcd46c672eb7775226a404a027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1694
x-served-by: cache-mdw17364-MDW, cache-wdc5557-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450198.737400,VS0,VE1
etag: W/"616e13a5-12b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 06:42:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489693afb-CDG
x-styx-req-id: ffc0c0ff-3239-11ec-adb8-669110ad1daa
x-cache-hits: 1, 1

GET
H2 200 jquery.tabslet.min.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 3 KB
2 KB 80ms
76ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/jquery.tabslet.min.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5238692ecf23970cbc3bad3899f5ad4913886cd16f0883d22fda406b3324a253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 1305
x-served-by: cache-mdw17347-MDW, cache-bwi5073-BWI
last-modified: Tue, 12 Oct 2021 13:13:50 GMT
server: cloudflare
x-timer: S1635450198.763823,VS0,VE1
etag: W/"61658a0e-ceb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 13 Oct 2022 13:14:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674896b3afb-CDG
x-styx-req-id: 44dbc194-2b5e-11ec-949c-2a1d1f5da7d2
x-cache-hits: 0, 1

GET
H2 200 vendor.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 101 KB
26 KB 82ms
79ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/vendor.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

692f218144b18d4f2c28c9d8d69385106263fb3239fd0ae2b42680202941ba0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-bdff5
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 26112
x-served-by: cache-mdw17341-MDW, cache-bwi5060-BWI
last-modified: Sun, 17 Oct 2021 08:09:21 GMT
server: cloudflare
x-timer: S1635450198.723806,VS0,VE1
etag: W/"616bda31-19302"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 06:18:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674896c3afb-CDG
x-styx-req-id: d7d2e4b7-32ff-11ec-a29b-cab5920faf7c
x-cache-hits: 1, 1

GET
H2 200 script.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 10 KB
3 KB 82ms
79ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/script.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ab1a5e7c2b115dc7e18cc7715b14ee689e79dcb8ff780d7398991d19a6858f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 3131
x-served-by: cache-mdw17364-MDW, cache-wdc5549-WDC
last-modified: Tue, 19 Oct 2021 23:40:00 GMT
server: cloudflare
x-timer: S1635450198.731702,VS0,VE1
etag: W/"616f5750-2999"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 08:50:59 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674896d3afb-CDG
x-styx-req-id: 02f9f49d-324c-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 0, 1

GET
H2 200 IGLibrary.js Show response
www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/ 33 KB
10 KB 94ms
90ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/js/IGLibrary.js?ver=3.8.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f7e6a6c895c100151dfb452658d754fba7965e3ca95359990486db344d531e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 9789
x-served-by: cache-mdw17360-MDW, cache-bwi5068-BWI
last-modified: Tue, 26 Oct 2021 19:46:52 GMT
server: cloudflare
x-timer: S1635450198.694510,VS0,VE1
etag: W/"61785b2c-853a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 07:24:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674896e3afb-CDG
x-styx-req-id: 05b74fb9-37c0-11ec-8431-aac19659ab0b
x-cache-hits: 1, 1

GET
H2 200 hoverIntent.min.js Show response
www.recordedfuture.com/wp-includes/js/ 1 KB
762 B 80ms
76ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/hoverIntent.min.js?ver=1.8.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 501
x-served-by: cache-mdw17364-MDW, cache-wdc5577-WDC
last-modified: Tue, 19 Oct 2021 23:40:00 GMT
server: cloudflare
x-timer: S1635450198.701363,VS0,VE1
etag: W/"616f5750-462"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 06:20:03 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489703afb-CDG
x-styx-req-id: ed2b1e59-3236-11ec-8d6c-a6abd588099d
x-cache-hits: 1, 1

GET
H2 200 maxmegamenu.js Show response
www.recordedfuture.com/wp-content/plugins/megamenu/js/ 29 KB
6 KB 80ms
77ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=2.9.3

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8271756d5397dd04fee9e7b5e9bb25a40b32102998938539946d9a006a0ec737

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 6172
x-served-by: cache-mdw17327-MDW, cache-bwi5033-BWI
last-modified: Tue, 26 Oct 2021 19:46:46 GMT
server: cloudflare
x-timer: S1635450198.780596,VS0,VE2
etag: W/"61785b26-7583"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Oct 2022 08:12:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489723afb-CDG
x-styx-req-id: c3b4bc2c-37c6-11ec-a383-3277ea497536
x-cache-hits: 0, 1

GET
H2 200 public.js Show response
www.recordedfuture.com/wp-content/plugins/megamenu-pro/assets/ 20 KB
4 KB 83ms
79ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/megamenu-pro/assets/public.js?ver=1.9

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24dc262ca6db1017f88a6f18786dbb088dce4d06f65ed2b4b43cfd8d0cc618b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 4080
x-served-by: cache-mdw17340-MDW, cache-bwi5037-BWI
last-modified: Thu, 21 Oct 2021 10:54:05 GMT
server: cloudflare
x-timer: S1635450198.731528,VS0,VE1
etag: W/"617146cd-4f87"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 13:06:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489733afb-CDG
x-styx-req-id: b4b13206-326f-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 0, 1

GET
H2 200 cookieconsent.min.js Show response
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/ 25 KB
9 KB 83ms
80ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/cookieconsent.min.js?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 8808
x-served-by: cache-mdw17344-MDW, cache-bwi5064-BWI
last-modified: Wed, 13 Oct 2021 16:50:39 GMT
server: cloudflare
x-timer: S1635450198.722601,VS0,VE0
etag: W/"61670e5f-6441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Oct 2022 06:03:57 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489743afb-CDG
x-styx-req-id: aee50b0d-2d7d-11ec-adb8-669110ad1daa
x-cache-hits: 1, 2

GET
H2 200 complianz.min.js Show response
www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/ 40 KB
11 KB 119ms
116ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 10632
x-served-by: cache-mdw17352-MDW, cache-wdc5541-WDC
last-modified: Tue, 19 Oct 2021 23:39:59 GMT
server: cloudflare
x-timer: S1635450198.752108,VS0,VE1
etag: W/"616f574f-9e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Oct 2022 06:49:47 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489763afb-CDG
x-styx-req-id: 14fb9270-323b-11ec-b1cd-36fd5dbf0b73
x-cache-hits: 1, 1

GET
H2 200 wp-embed.min.js Show response
www.recordedfuture.com/wp-includes/js/ 1 KB
1 KB 77ms
75ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/wp-embed.min.js?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-7hfl5
x-cache: MISS, HIT
vary: Accept-Encoding
content-length: 779
x-served-by: cache-mdw17381-MDW, cache-wdc5561-WDC
last-modified: Mon, 04 Oct 2021 19:08:05 GMT
server: cloudflare
x-timer: S1635450198.717392,VS0,VE1
etag: W/"615b5115-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 08 Oct 2022 05:39:38 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489773afb-CDG
x-styx-req-id: f62a8696-2730-11ec-a8d7-0e710ff1d229
x-cache-hits: 0, 1

GET
H2

200

materialdesignicons.min.css
cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/
Redirect Chain

https://cdn.materialdesignicons.com/3.5.95/css/materialdesignicons.min.css
https://cdn.jsdelivr.net/mdi/3.5.95/css/materialdesignicons.min.css
https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

151 KB
27 KB

39ms
39ms

Stylesheet
text/css

2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81a0af4b719cd7130599920adcdb46c1baee5556a3bdac934cc13acab1da9d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297906
x-jsd-version: 3.5.95
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19127-FRA, cache-mxp6959-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"25b36-muzSasCNVhPtM//V10IY3npbGLE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6a5ab675fafe5a01-MXP

Redirect headers

date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297906
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 111
x-served-by: cache-fra19180-FRA, cache-mxp6975-MXP
timing-allow-origin: *
server: cloudflare
location: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000
cf-ray: 6a5ab6759a8d5a01-MXP

GET
H2 200 icon
fonts.googleapis.com/ 569 B
440 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 07:32:55 GMT
server: ESF
date: Fri, 29 Oct 2021 07:32:55 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 slick.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ 2 KB
1 KB 91ms
45ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2640739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 450
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8pKAvFw1A3hLsebQMUcgJRfPwv5twQh%2FNL8ifftPF7CnCW2aZVfs%2F4mSM7BLyZtNP1nBjtG6Ska3ws1euEsRXPR2U5FFiJlFF1bZwk6683Cv%2FxAWzqSExsbGuVsNz0jc%2FuqXb0i1iD5kp7Nr1hupfuH"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a5ab674ce5a59b9-MXP
expires: Wed, 19 Oct 2022 07:32:55 GMT

GET
H2 200 slick-theme.css
kenwheeler.github.io/slick/slick/ 3 KB
1 KB 137ms
42ms Stylesheet
text/css 2606:50c0:8003::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://kenwheeler.github.io/slick/slick/slick-theme.css
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8003::153 -, , ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fastly-request-id: 81f4026a8305ed4513fdd4152991af80db62a305
date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
age: 73
x-cache: HIT
content-length: 882
x-served-by: cache-mxp6937-MXP
access-control-allow-origin: *
last-modified: Mon, 02 Jul 2018 12:58:42 GMT
server: GitHub.com
x-github-request-id: 2482:4F07:2D2A0B:2F2B39:61678DB9
x-timer: S1635492775.217356,VS0,VE0
etag: W/"5b3a2182-c49"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Thu, 14 Oct 2021 01:57:11 GMT
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: HIT
x-cache-hits: 1

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/ 57 KB
4 KB 93ms
47ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/animate.min.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ed082521f47921ffff14d4ec1c6c3f1ea55114741bee23cc23d4ab6a3213642

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 741193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3541
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-e283"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=khnECTmdZ1KAbYTR0yusOEXhLAslV1%2Fx%2BxI1ckS43gfon9tuvaa7PPFzZRF8npWhJOScJw2klg20btZTHBqaKF7zri0e44Xto9rmNNdoHyc52zsNODxpfnJ3ZdogTEzQi3HRWwaSDZex4Wq9buykIpO6"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a5ab674ce5c59b9-MXP
expires: Wed, 19 Oct 2022 07:32:55 GMT

GET
H2 200 lity.css
www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/ 3 KB
1 KB 43ms
37ms Stylesheet
text/css 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/css/lity.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0604167abf2874fdbd5b6d19037baba5d36642b21656c3a6ce6cfef5b6ae8a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-644w6
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 1025
x-served-by: cache-mdw17355-MDW, cache-bwi5068-BWI
last-modified: Sun, 17 Oct 2021 08:09:21 GMT
server: cloudflare
x-timer: S1635450198.648129,VS0,VE1
etag: W/"616bda31-cd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 05:55:48 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674893c3afb-CDG
x-styx-req-id: b4949ac7-32fc-11ec-8013-ce1f3dd47c6f
x-cache-hits: 1, 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 66ms
38ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f08a93f82046606f7881783cc483a10fe364ecadf43f3b6cc64c67463af8666

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35832
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 984 B
913 B 263ms
194ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/252628.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2141abf196d6e27db0c32272439429c12f3ad7ac611be5b9fe7c079a0735d827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 780f364e-ffce-4280-96f1-10cf70590643
last-modified: Fri, 29 Oct 2021 07:26:07 GMT
server: cloudflare
x-trace: 2BF49029DEE58AC4F96C791E9762BD9BF67E78FBF4000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6a5ab674fc7d59dd-MXP
expires: Fri, 29 Oct 2021 07:33:55 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 119ms
37ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 90ms
30ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9d1a71851b9c575f7a08134336da7769a379f0db481b058bf45a82d60b7e2ddc

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25969
x-xss-protection: 0
pragma: public
x-fb-debug: ymXA+9NqjFsz/9aXQT7+iySbKyL7Gwo3Q6GDSGd0jNKs90DWF7GGuC4vPjwEgN1Kh1i5BOWV/Kjo1A6sA7CoVA==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 29 Oct 2021 07:32:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 195 KB
66 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d86f40d8a4da3814a05593d17079f9a0ae96d32693d925d8d1a03984dfdd8c39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 67661
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 191 KB
56 KB 135ms
39ms Script
application/javascript 2600:9000:223f:ae00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 20:01:17 GMT
content-encoding: gzip
age: 300699
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"7cb87695146dc95cd8d88df28207416b"
vary: Accept-Encoding
x-amz-version-id: 6OU.jcK726xIXqmaHxPRdLJ.sc4VC7b9
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
x-amz-cf-id: Zk9P0X25IbIiN3r-vfuXn0VzWSQGqU9FmEQ5VJPIjHcgcv5E6E-IwA==

GET
H2 200 container_nbhoRDM8.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 228 KB
66 KB 166ms
79ms Script
application/javascript 2600:9000:223f:ae00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_nbhoRDM8.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ae00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fccfcbc28d8356bdb5cf1c1323928aeb3e837f96cca5d64458d495f21f03e357

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 21 Oct 2021 13:58:34 GMT
content-encoding: gzip
age: 668062
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:01 GMT
server: AmazonS3
etag: W/"82805d16c3df5ec5c6c2ffe082ad7879"
vary: Accept-Encoding
x-amz-version-id: ofsW2xtj62u5IQvDiXMYwHzZx8qUII54
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
cache-control: max-age=691200
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
x-amz-cf-id: KVpVIpEBsOmudfwlTWWV8p-Sov-84zBD0O54hypjzr1-QEW2BGznDQ==

GET
H2 200 wp-emoji-release.min.js Show response
www.recordedfuture.com/wp-includes/js/ 14 KB
5 KB 83ms
81ms Script
application/x-javascript 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 42578
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-tkn5g
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 5269
x-served-by: cache-mdw17321-MDW, cache-bwi5040-BWI
last-modified: Thu, 21 Oct 2021 10:54:07 GMT
server: cloudflare
x-timer: S1635450198.739184,VS0,VE1
etag: W/"617146cf-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Oct 2022 05:18:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67489783afb-CDG
x-styx-req-id: 6e0547c6-32f7-11ec-8dcb-6ed349c1c73f
x-cache-hits: 1, 1

GET
H2 400 css2
fonts.googleapis.com/ 0
0 24ms
24ms Stylesheet
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.googleapis.com/css2?family=Inter:ital,wght@100..900
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 mp5rtwcnz2nd.js Show response
js.driftt.com/include/1635492900000/ 216 KB
62 KB 265ms
142ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

707fa94515d8bb05911ba2599cc33e2ea12338116fdbb426d7bb27745fc854ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: pIN9Mmbe9.qgbdzPKgHQdtjAVPuAONp0
content-encoding: gzip
etag: W/"813ae9adbbed4c9c0d39f0db074d4529"
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 19:03:47 GMT
server: nginx
date: Fri, 29 Oct 2021 07:32:55 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WLXxL7PsoxCJj-A9y_i323i_deTpVSni6-U3rB4bhOkr6_4YiPR50g==

GET
DATA 200
OK truncated
/ 609 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 420 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5efce88ac7228ea159bcf7fd1cc56d73c19428394218706524bac0e9151d4c61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 545 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 545 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3323814006fe6739493d27057954941830b59eff37ebaac994310e17c522dd57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 592 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fdd24bd96b3a482bc058d5c9bcfd6f1c664d91bbd47658d65ac5d852535f7fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 icon-brand-protect.png
www.recordedfuture.com/wp-content/uploads/ 4 KB
4 KB 69ms
69ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-brand-protect.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c23c7b5a64271af443cbff923966e7878bdbe67654ff666c1619e991be666775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3905
x-served-by: cache-mdw17380-MDW, cache-wdc5573-WDC
last-modified: Wed, 05 Feb 2020 16:09:29 GMT
server: cloudflare
x-timer: S1635453744.027033,VS0,VE0
etag: "5e3ae8b9-f41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: c42ebbb2-3248-11ec-8d6c-a6abd588099d
expires: Sat, 22 Oct 2022 08:27:45 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499803afb-CDG
x-cache-hits: 0, 2

GET
H2 200 icon-secops.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 90ms
90ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-secops.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a09ca406e89e7b1d3172741824df92d81eb000aa3241559c573f1bf17bc4899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4735
x-served-by: cache-mdw17334-MDW, cache-bwi5036-BWI
last-modified: Wed, 05 Feb 2020 16:09:33 GMT
server: cloudflare
x-timer: S1635453744.045922,VS0,VE1
etag: "5e3ae8bd-127f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 1dc341cf-37cc-11ec-8d6c-a6abd588099d
expires: Sat, 29 Oct 2022 08:50:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499833afb-CDG
x-cache-hits: 0, 1

GET
H2 200 icon-threat-intel.png
www.recordedfuture.com/wp-content/uploads/ 3 KB
3 KB 106ms
106ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-threat-intel.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f76e86c6a29453f0e15e74069a1e105af353ff07abaf5b7fdbb599e7c3263741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2590
x-served-by: cache-mdw17377-MDW, cache-wdc5561-WDC
last-modified: Wed, 05 Feb 2020 16:09:28 GMT
server: cloudflare
x-timer: S1635453744.030673,VS0,VE1
etag: "5e3ae8b8-a1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 9d055898-3248-11ec-8d6c-a6abd588099d
expires: Sat, 22 Oct 2022 08:26:39 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499843afb-CDG
x-cache-hits: 0, 1

GET
H2 200 icon-vuln-mgmt.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
6 KB 70ms
70ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-vuln-mgmt.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6759e1844268d4ab9f5c8a9c16c245b58c1b5cc8d8361ce751bf8902a0025293

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-9l82c
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5398
x-served-by: cache-mdw17367-MDW, cache-bwi5035-BWI
last-modified: Wed, 05 Feb 2020 16:09:32 GMT
server: cloudflare
x-timer: S1635453744.071853,VS0,VE1
etag: "5e3ae8bc-1516"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 29781676-2d81-11ec-92da-66ca9ee36be7
expires: Sun, 16 Oct 2022 06:28:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499853afb-CDG
x-cache-hits: 1, 1

GET
H2 200 icon-third-party.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
6 KB 70ms
70ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-third-party.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7223c0b2ffaafe54a5aa7784420e711a847bde036b3e8050c319e815a4b1aa33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-6b6d6f77d6-rtbxr
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 5241
x-served-by: cache-mdw17349-MDW, cache-bwi5071-BWI
last-modified: Wed, 05 Feb 2020 16:09:31 GMT
server: cloudflare
x-timer: S1635453744.072514,VS0,VE1
etag: "5e3ae8bb-1479"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 3727d247-2696-11ec-87ae-d639ca93668d
expires: Fri, 07 Oct 2022 11:11:55 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499863afb-CDG
x-cache-hits: 0, 1

GET
H2 200 icon-geopoli.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 75ms
74ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-geopoli.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7915f988d90a47aff5003835c6e0255c3cb35247762ff36f005e7f94d5e8fbbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4916
x-served-by: cache-mdw17366-MDW, cache-wdc5525-WDC
last-modified: Wed, 05 Feb 2020 16:09:30 GMT
server: cloudflare
x-timer: S1635453744.093667,VS0,VE1
etag: "5e3ae8ba-1334"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: fc2a624a-37b4-11ec-949c-2a1d1f5da7d2
expires: Sat, 29 Oct 2022 06:05:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499883afb-CDG
x-cache-hits: 0, 1

GET
H2 200 icon-overview.png
www.recordedfuture.com/wp-content/uploads/ 790 B
1 KB 70ms
69ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-overview.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

593f56bb9b00b639f6aadc57954f46080ce233d1bc01ef50f85720df619029f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-6m9mg
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 790
x-served-by: cache-mdw17330-MDW, cache-bwi5060-BWI
last-modified: Tue, 17 Dec 2019 15:13:34 GMT
server: cloudflare
x-timer: S1635453744.071959,VS0,VE0
etag: "5df8f09e-316"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: b060c9d5-2cc9-11ec-a383-3277ea497536
expires: Sat, 15 Oct 2022 08:35:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674998a3afb-CDG
x-cache-hits: 1, 2

GET
H2 200 icon-portal.png
www.recordedfuture.com/wp-content/uploads/ 521 B
945 B 68ms
68ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-portal.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

613c27d45e0551e5862b4bbbf3c6f5241f73bc472ff15e84492f9b4f6579c58b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-b6mvq
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 521
x-served-by: cache-mdw17321-MDW, cache-wdc5545-WDC
last-modified: Tue, 17 Dec 2019 15:13:47 GMT
server: cloudflare
x-timer: S1635453744.067394,VS0,VE0
etag: "5df8f0ab-209"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 4219b3b5-3234-11ec-adb8-669110ad1daa
expires: Sat, 22 Oct 2022 06:00:57 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674998b3afb-CDG
x-cache-hits: 0, 2

GET
H2 200 menu-integrations-1-36x36.png
www.recordedfuture.com/wp-content/uploads/ 966 B
1 KB 73ms
72ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/menu-integrations-1-36x36.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ec19e731a605af29732582f00be3657470562ad2c1059ce01e58feda8f8d141

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-d6tdl
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 966
x-served-by: cache-mdw17354-MDW, cache-bwi5022-BWI
last-modified: Sun, 15 Dec 2019 22:09:35 GMT
server: cloudflare
x-timer: S1635453744.075399,VS0,VE1
etag: "5df6af1f-3c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 2d05ee11-37bb-11ec-8431-aac19659ab0b
expires: Sat, 29 Oct 2022 06:49:19 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674998d3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 icon-services.png
www.recordedfuture.com/wp-content/uploads/ 5 KB
5 KB 68ms
68ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-services.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1026d9fb308f7ae9af4b10ee43618382be1a6313656b395da90681d6a10b1988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-8pr5t
x-cache: HIT, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4639
x-served-by: cache-mdw17370-MDW, cache-wdc5564-WDC
last-modified: Mon, 16 Dec 2019 20:33:19 GMT
server: cloudflare
x-timer: S1635453744.047174,VS0,VE0
etag: "5df7ea0f-121f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: dfa2254f-37b7-11ec-b1cd-36fd5dbf0b73
expires: Sat, 29 Oct 2022 06:25:41 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674998e3afb-CDG
x-cache-hits: 1, 2

GET
H2 200 icon-license.png
www.recordedfuture.com/wp-content/uploads/ 872 B
1 KB 143ms
142ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/icon-license.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db2af24bfef6358a1c62eb490dcef92470cfd816b84f7fac5c50ae79b1397f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39031
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 872
x-served-by: cache-mdw17361-MDW, cache-wdc5549-WDC
last-modified: Tue, 17 Dec 2019 15:13:28 GMT
server: cloudflare
x-timer: S1635453744.085343,VS0,VE1
etag: "5df8f098-368"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 58bee4e2-37b6-11ec-8d6c-a6abd588099d
expires: Sat, 29 Oct 2022 06:14:45 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab674998f3afb-CDG
x-cache-hits: 0, 1

GET
H2 200 2019_0618-Cobalt-Strike-1.png
www.recordedfuture.com/wp-content/uploads/ 11 KB
11 KB 78ms
78ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/uploads/2019_0618-Cobalt-Strike-1.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2003c6297eb3b8cbe99aa25e9953a881081149bfc9817d49e13cf63d23fbd84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/cobalt-strike-servers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36177
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 10956
x-served-by: cache-mdw17334-MDW, cache-wdc5564-WDC
last-modified: Fri, 17 Jan 2020 15:43:41 GMT
server: cloudflare
x-timer: S1635456598.471398,VS0,VE1
etag: "5e21d62d-2acc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 0820fe93-2cc6-11ec-949c-2a1d1f5da7d2
expires: Sat, 15 Oct 2022 08:09:19 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab67499913afb-CDG
x-cache-hits: 0, 1

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://www.recordedfuture.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 footer-icons.png
www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/ 1 KB
1 KB 135ms
135ms Image
image/png 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/img/footer-icons.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb54e94c545f03932d631cd985aff128d39396abed2de7cbb522b535493d0262

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/wp-content/themes/recorded-future-2019/style.css?ver=3.8.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 41881
x-pantheon-styx-hostname: styx-fe2-a-5f44469ddc-p85k9
x-cache: MISS, HIT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1293
x-served-by: cache-mdw17363-MDW, cache-wdc5550-WDC
last-modified: Tue, 19 Oct 2021 00:39:01 GMT
server: cloudflare
x-timer: S1635450895.657956,VS0,VE0
etag: "616e13a5-50d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: f81764a4-3248-11ec-8d6c-a6abd588099d
expires: Sat, 22 Oct 2022 08:29:12 GMT
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 6a5ab6755ae13afb-CDG
x-cache-hits: 0, 2

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 79ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-geo-cc_and_ra: DE-NW
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100035-IAD, cache-hhn11537-HHN

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 62ms
8ms Script
text/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 276
date: Fri, 29 Oct 2021 07:28:19 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17168
expires: Fri, 29 Oct 2021 09:28:19 GMT

GET
H2 200 194163687656043 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 222ms
222ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/194163687656043?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50b65e8904b4b0452adb190cdcf16f6f0f2b31d1179c1eb5d8429284f135260a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: NK3D2DK6MBTTvh7xFlZtTpaOhIng1awfm2mxdD4anxST/g6NgPD5Jh3Um2bPB+bVsbzbpEFXstFzpaH1Azs6gA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 29 Oct 2021 07:32:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
173 B 81ms
50ms Ping
text/plain 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2F&idsite=1&rec=1&r=581390&h=7&m=32&s=55&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_id=98c82a95705b4585&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=KFk3F0&fa_pv=1&fa_fp[0][fa_vid]=vEIWOq&fa_fp[0][fa_fv]=1&fa_fp[1][fa_vid]=uVN6sl&fa_fp[1][fa_fv]=1&pf_net=52&pf_srv=30&pf_tfr=8
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.recordedfuture.com
date: Fri, 29 Oct 2021 07:32:55 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H2 200 materialdesignicons-webfont.woff2
cdn.jsdelivr.net/npm/@mdi/font@3.5.95/fonts/ 184 KB
185 KB 89ms
45ms Font
font/woff2 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/fonts/materialdesignicons-webfont.woff2?v=3.5.95

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7201c12b0e82cd05a60c412f53f98f37cfec9616ef61f6e34d7d3a5293e440a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/@mdi/font@3.5.95/css/materialdesignicons.min.css
Origin: https://www.recordedfuture.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297906
x-jsd-version: 3.5.95
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 188316
x-served-by: cache-fra19129-FRA, cache-mxp6980-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2df9c-phH0PGPYo4B5H0mrSvcp1jz84oo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
cf-ray: 6a5ab676be88375e-MXP

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 69ms
16ms Script
application/x-javascript 2a02:26f0:6c00::210:ba18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba18 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:55 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15899
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
291 B 15ms
15ms Script
application/javascript 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=lJKS1X&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: 506ce0942e77b6fa5cc1f4ba511c55fb494dda9a4e81f80ff653684e43c101a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 15ms
15ms Image
image/gif 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2071120796&utmhn=www.recordedfuture.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&utmhid=950438839&utmr=-&utmp=%2Fcobalt-strike-servers%2F&utmht=1635492775487&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D93161374.1027330140.1635492775.1635492775.1635492775.1%3B%2B__utmz%3D93161374.1635492775.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=222575880&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1635492600000/ 63 KB
20 KB 263ms
206ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1635492600000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: RXSBTNFSEAXF0DFD
x-amz-server-side-encryption: AES256
cf-ray: 6a5ab6773bad59a1-MXP
x-amz-id-2: x4rYvKrBVnunNUAYVUBrLi06nCroZOBPZCKeVXpzNh7X+L+Z8SqWUIioyEJkh6Q3ybiqoRP8xpQ=
last-modified: Mon, 19 Jul 2021 13:55:02 GMT
server: cloudflare
etag: W/"eb683456778d317c80ce91826fab13f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Fri, 29 Oct 2021 07:37:55 GMT

GET
H2 200 252628.js Show response
js.hs-banner.com/ 61 KB
16 KB 523ms
477ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: FP09MQT0SSP4QMMR
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: HDiVsa6zUK5INntQ/3sSYCBxjqSc3vVoFXpCbOdgsyPBlLAMZINkSbfH/qGzkDLPTBqshzUDpDQ=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 19:24:49 GMT
server: cloudflare
etag: W/"e0c913f4a0cc31dc55b4467584a6d8e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: lq2tXQvbi9wr797yewJV6QQGCJrrtX2q
access-control-allow-origin: https://therecord.media
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6a5ab67729325a13-MXP
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Fri, 29 Oct 2021 07:37:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 50ms
14ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 5541
date: Fri, 29 Oct 2021 06:00:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Fri, 29 Oct 2021 08:00:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1003136084&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-9153858-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e16222637c8b4e6d66a3cb4d54f55a24a9140fabd8fdb5895124a2050ab09458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 39063
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 258ms
194ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=click&q=%7B%22event_id%22%3A%22%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:55 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
www.recordedfuture.com/wp-json/complianz/v1/banner/ 124 B
746 B 821ms
820ms XHR
application/json 104.18.13.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/wp-json/complianz/v1/banner/?lang=en&locale=en_US&token=simcl

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/wp-content/plugins/complianz-gdpr-premium/assets/js/complianz.min.js?ver=5.2.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.124 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d76765387694089266778e153c66e21910ff270859a097830300a10dc13976c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/json

Response headers

cf-edge-cache: cache,platform=wordpress
date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-styx-req-id: 6ee9ff13-388a-11ec-949c-2a1d1f5da7d2
x-cache: MISS, MISS
x-cache-hits: 0, 0
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 122
x-served-by: cache-mdw17333-MDW, cache-bwi5074-BWI
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-timer: S1635492776.896339,VS0,VE410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
accept-ranges: bytes
cf-ray: 6a5ab6773d173afb-CDG
link: <https://www.recordedfuture.com/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-6cf4595974-gsvkz

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
676 B 156ms
121ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c2ad79c9-a20c-4bf8-9806-ef04d7706384&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Fri, 29 Oct 2021 07:32:55 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c09b829935f3fa8898a2c06e4b64300418fbe9b4b160cf684991c677469bbc2c
x-transaction: 1b55c16e4548b854
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
470 B 136ms
114ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv0r6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c2ad79c9-a20c-4bf8-9806-ef04d7706384&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 105
pragma: no-cache
last-modified: Fri, 29 Oct 2021 07:32:55 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 71cd59e04b7d71fce9b7fb8ec249ad05a1a4769f74ac3a251b8b8869f402421e
x-transaction: 9a0a0e9797ad54de
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26800%26time%3D1635492775547%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true&e_ipv6=AQK17Iwy4v3hHAAAAXzK90kQGRfxSqxBr...

0
154 B

331ms
126ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true&e_ipv6=AQK17Iwy4v3hHAAAAXzK90kQGRfxSqxBrD4I5Dkjy61aF_aTwHBkdGg-nW0AWBsACpOmeO-J
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: 8AU22QNwshYwlo1cryoAAA==

Redirect headers

date: Fri, 29 Oct 2021 07:32:56 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=26800&time=1635492775547&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&liSync=true&e_ipv6=AQK17Iwy4v3hHAAAAXzK90kQGRfxSqxBrD4I5Dkjy61aF_aTwHBkdGg-nW0AWBsACpOmeO-J
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: WD6ixQNwshaQ/clvGCsAAA==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 49ms
28ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1003136084&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

afc9ea91964f1089ed3afcc20604ffa0107862a6d992ddc37ae0d21afa441b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14418
x-xss-protection: 0
server: cafe
etag: 2987026233222861869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 89 KB
35 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-MV8X7B7&t=gtag_UA_9153858_2&cid=1027330140.1635492775

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7de89396905b351061b28ada8e81a476206d9fd14e00e010cf71adca05cbb5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35764
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
313 B 23ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=194163687656043&ev=PageView&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&rl=&if=false&ts=1635492775622&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1635492775621.1100648348&it=1635492775357&coo=false&exp=p0&rqm=GET

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 29 Oct 2021 07:32:55 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003136084/ 2 KB
2 KB 61ms
26ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003136084/?random=1635492775635&cv=9&fst=1635492775635&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tiba=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23af879c65c6f3e5681d35b05549ceeb15d8ac4e2e21d8cd8be53d8f1922b37f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1076
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
185 B 21ms
21ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=950438839&t=pageview&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&ul=en-us&de=UTF-8&dt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=93161374.1027330140.1635492775.1635492775.1635492775.1&_utmz=93161374.1635492775.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1635492775643&_u=aSBCAUADQAAAAC~&jid=1066616744&gjid=1348912282&cid=1027330140.1635492775&tid=UA-9153858-2&_gid=960182900.1635492776&_r=1&gtm=2ouar0&z=1066958901

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 21ms
20ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=950438839&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&ul=en-us&de=UTF-8&dt=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog%20Tracking&ea=Post%20Type%20Blog%20Tracking&el=Blog%20Tracking%20%7C%7C%20https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_utma=93161374.1027330140.1635492775.1635492775.1635492775.1&_utmz=93161374.1635492775.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1635492775669&_u=aSDCAUADQAAAAC~&jid=1743868789&gjid=90381888&cid=1027330140.1635492775&tid=UA-9153858-2&_gid=960182900.1635492776&_r=1&gtm=2wgar0539N74N&z=1392762033

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 60ms
20ms XHR
text/plain 2a00:1450:400c:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1066616744&gjid=1348912282&_gid=960182900.1635492776&_u=aSBCAUACQAAAAC~&z=531703776

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Oct 2021 07:32:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 40ms
20ms XHR
text/plain 2a00:1450:400c:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1743868789&gjid=90381888&_gid=960182900.1635492776&_u=aSDCAUADQAAAAC~&z=1156736332

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Oct 2021 07:32:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1003136084/ 42 B
519 B 63ms
25ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1003136084/?random=1635492775635&cv=9&fst=1635490800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tiba=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&async=1&fmt=3&is_vtc=1&random=860403676&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1003136084/ 42 B
548 B 64ms
26ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1003136084/?random=1635492775635&cv=9&fst=1635490800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaar0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&tiba=A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers&async=1&fmt=3&is_vtc=1&random=860403676&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
25ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1066616744&_u=aSBCAUACQAAAAC~&z=1119338010

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
26ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1066616744&_u=aSBCAUACQAAAAC~&z=1119338010

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
26ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1743868789&_u=aSDCAUADQAAAAC~&z=250780319

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 37ms
34ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-9153858-2&cid=1027330140.1635492775&jid=1743868789&_u=aSDCAUADQAAAAC~&z=250780319

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Oct 2021 07:32:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 8DB4 0
112 B 18ms
17ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.recordedfuture.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
date: Fri, 29 Oct 2021 07:32:56 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
173 B 41ms
41ms Ping
text/plain 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2F&idsite=1&rec=1&r=195134&h=7&m=32&s=56&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&_id=98c82a95705b4585&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=f4rC3n&pf_net=52&pf_srv=30&pf_tfr=8&pf_dm1=435
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.recordedfuture.com
date: Fri, 29 Oct 2021 07:32:56 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

GET
H2 200 matomo.js Show response
recordedfuture.matomo.cloud/ 191 KB
56 KB 22ms
22ms Script
application/javascript 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: AmazonS3 /
Resource Hash: c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: gzip
age: 572440
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 17 Oct 2021 20:19:00 GMT
server: AmazonS3
etag: W/"7cb87695146dc95cd8d88df28207416b"
vary: Accept-Encoding,User-Agent
x-amz-version-id: 6OU.jcK726xIXqmaHxPRdLJ.sc4VC7b9
via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
cache-control: max-age=691200, max-age=691200
x-amz-cf-pop: FRA56-C2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: GTPJDuW65niwO9eahONVyD9Uf7wR-mxrR_k2LsavFNnC08-_s0kt9g==
expires: Sat, 06 Nov 2021 07:32:56 GMT

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
290 B 16ms
16ms Script
application/javascript 52.223.61.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=sVJvc4&url=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.61.136 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8b6f710f441cdbc2.awsglobalaccelerator.com
Software: Apache /
Resource Hash: 9b06698961ffd341fa55203a034f365f30b5ae5ac5c5a38c01ef6a533721b40c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
696 B 75ms
37ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Oct 2021 07:32:56 GMT
X-Proxy-Origin: 194.36.108.21; 194.36.108.21; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b01d2cf4-1b4e-4a15-af35-f81d6550817c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.recordedfuture.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
378 B 94ms
25ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 03cdc33d9a1c3c22b85844648f7787f8b005e7b3169555792dd36257e31f9495

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:56 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.recordedfuture.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 core Show response
js.driftt.com/ Frame 3428 2 KB
1 KB 104ms
103ms Document
text/html 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Thu, 28 Oct 2021 19:03:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: bMJdpKzFuimfQxj5V4jQaOBHqq.Y5SZg
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 29 Oct 2021 07:32:56 GMT
cache-control: no-cache
etag: W/"3dc284cb1ef587649834a9ae64c54484"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: o7_OVsDhm920Srvi8_LRjsCLBKtJbaHu0oqxkL27wVz_Z9aUyIsVYA==

GET
H2 200 chat Show response
js.driftt.com/core/ Frame C50A 2 KB
1 KB 108ms
108ms Document
text/html 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1635492900000/mp5rtwcnz2nd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Thu, 28 Oct 2021 19:03:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: bMJdpKzFuimfQxj5V4jQaOBHqq.Y5SZg
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 29 Oct 2021 07:32:56 GMT
cache-control: no-cache
etag: W/"3dc284cb1ef587649834a9ae64c54484"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: 65zzrBO86xPUZT3rWjIu5umFFp-tg8Ho4iBbtPfPhdstX2WipB7hBQ==

GET
H2 200 nr-1211.min.js Show response
js-agent.newrelic.com/ 33 KB
13 KB 35ms
9ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1211.min.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/cobalt-strike-servers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: yf8j0EL0OxPIPTHd.58X6iFExO4xIT0R
content-encoding: gzip
etag: "3ad2268e635f4d033b0062f582c5b85a"
x-amz-request-id: X3M81H4NM1B4G6R6
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 12477
x-amz-id-2: cvOSmODg07/4O4zGwviZMR3PU/m+IFAgnbTWch2Pw3XfIW/4Me7DGjuuZsigtg0xT+fI73EM98w=
x-served-by: cache-hhn4054-HHN
last-modified: Mon, 27 Sep 2021 20:46:50 GMT
server: AmazonS3
x-timer: S1635492777.638661,VS0,VE0
date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 8985

GET
H2 200 loader-v2.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 6 KB
3 KB 172ms
161ms Script
text/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js?__hsfp=2427650321&__hssc=57501621.1.1635492776614&__hstc=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&hsutk=60e108089cdefe4d82c69e9de9fdb5b7&pg=9210833d-34a7-4597-ade0-03e16dcbc24c&pid=252628&sv=cta-embed-js-static-1.58&lag=1417&rdy=1&df=a

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7af30d30b8b1894637a8360fc65d4a4f3337b1c6868ef89273f04e32828a6ba9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 85dbde8a-f653-448f-ac6e-7acda2cb8159
cf-ray: 6a5ab67dfce3375c-MXP
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-trace: 2B5CF1CF78C941304A11DC6B12D8FB43E23565EDE2000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMgSv9TSxoiBUBS4JF3zgp3seQbS5deGgXWVMKBCt87mduL2%2BseVnuj5DQCe%2BT4ZOyCPFPtXzSLLdwn2nAy75TOJ8%2FElTHSqTUJEOkX6EGIQtpqYyK%2Bx5z8ARnf6kfGPE0Ru8woN2P%2BIVZAAbwwC5G9qcQBPrtNovkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 loader-v2.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 7 KB
3 KB 155ms
145ms Script
text/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js?__hsfp=2427650321&__hssc=57501621.1.1635492776614&__hstc=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&canon=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&hsutk=60e108089cdefe4d82c69e9de9fdb5b7&pg=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&pid=252628&sv=cta-embed-js-static-1.58&lag=1379&rdy=1&df=a

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c7e0fe5fb97666da6b5e2a87daca9d43a2e6e1c94e206ade877017cafd058c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d5de4a1a-9efe-42b2-809b-c002365bf034
cf-ray: 6a5ab67dfcdf375c-MXP
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-trace: 2BF8C626F8D44D7874457D1C0D20799C39AD96F616000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLdOT3muf1%2FepAeHJUrZ1cMrSm7fWLZluCLJPgr6lQpImice21xWTadXpf%2FmiMr2XLlwBBS1tdumio1LqgFdAMRzecoeHEuRyUnwhUoBxuG6ptnKfsFcuA9GaghfU0oV6ktMj%2Fc%2FoNRQeynmDfw1UKFbqNBssMgcWlk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
548 B 188ms
140ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: f5888559-f568-4174-a83c-749126bbb462
cf-ray: 6a5ab67e3ae33757-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-trace: 2B01A7AA0729814B1862EB93EFAC7E4F3022E833A6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
524 B 75ms
66ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492776617&vi=60e108089cdefe4d82c69e9de9fdb5b7&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 3e7442b5-f9fc-416f-8415-1b021b91c546
cf-ray: 6a5ab67dfcec375c-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrRb6tqtCOhabG4kO3adXTECRKaxOI3rdsakmZE5El9Gy%2BjHZM3ZEMW3x%2FaIzzKHnamy%2BQ3iH2%2FEbN%2Bgbzz5J3bhPu5ca5a7WsX4kHmvYpQJILvdpi9EVj0MKPJ61BqSkv5fWZI8Hk5OP%2FOegF0G"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.1 200
OK da2b64f2d4 Show response
bam.nr-data.net/1/ 57 B
321 B 474ms
129ms Script
text/javascript 162.247.242.19
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/da2b64f2d4?a=155511080&v=1211.ba193a8&to=ZVxUY0UAD0AEAENQClwWd1RDCA5dShBeVwJeXA%3D%3D&rst=1734&ck=1&ref=https://www.recordedfuture.com/cobalt-strike-servers/&ap=692&be=105&fe=1690&dc=539&perf=%7B%22timing%22:%7B%22of%22:1635492774918,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:10,%22c%22:10,%22s%22:16,%22ce%22:52,%22rq%22:52,%22rp%22:82,%22rpe%22:90,%22dl%22:84,%22di%22:519,%22ds%22:539,%22de%22:543,%22dc%22:1680,%22l%22:1690,%22le%22:1705%7D,%22navigation%22:%7B%7D%7D&fp=285&fcp=746&at=SRtXFQ0aHE4%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1211.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.19 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-7.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 196ms
196ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A55%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:56 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 runtime~main.052c7d9a.js Show response
js.driftt.com/core/assets/js/ Frame 3428 6 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:30 GMT
content-encoding: gzip
age: 44966
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:36 GMT
server: nginx
etag: W/"90fee67c6fbb12760c1a1e979845582c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yntBPbIX58PzJmaOGQUaG9sm7tcOlsEQ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4KJZt4u9GxGXyzuoEWKwN_Bz6-vuvWw6MPdd9T9SMW2XFv-M3LaWDA==

GET
H2 200 4.a93e53d9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 58 KB
20 KB 9ms
8ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.a93e53d9.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
content-encoding: gzip
age: 7214439
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 06 Aug 2021 18:47:25 GMT
server: nginx
etag: W/"fce0b3daf28dfa888be2818f43b06ef0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: imvxQz4ZQnCekVetyHrX84xCYV8ndGWZ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R8gUvGwiGHy49ttcHKSqVkZ6wTDJuuFdpGRcatG3sMAi07A37wB_Lg==

GET
H2 200 main~493df0b3.580db5ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 6 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.580db5ef.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:07:00 GMT
server: nginx
etag: W/"9b4aab2d855603fa59a09f8160eb7cb4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SHbjo2Z875cq.BpS9ven0n3hNF1FVxPh
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Lij1JvRz-NDuJ9KRyvzQbXWoZKPkxCMdcxS0482huiHaHbM_SfT1MA==

GET
H2 200 runtime~main.052c7d9a.js Show response
js.driftt.com/core/assets/js/ Frame C50A 6 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:30 GMT
content-encoding: gzip
age: 44966
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:36 GMT
server: nginx
etag: W/"90fee67c6fbb12760c1a1e979845582c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yntBPbIX58PzJmaOGQUaG9sm7tcOlsEQ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fWgIM3Q4ES5_o8FXXVJwlK74Qt0dyef3zdJM0UCVGvnrzeYvM7GkFw==

GET
H2 200 4.a93e53d9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 58 KB
20 KB 11ms
10ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.a93e53d9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
content-encoding: gzip
age: 7214439
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 06 Aug 2021 18:47:25 GMT
server: nginx
etag: W/"fce0b3daf28dfa888be2818f43b06ef0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: imvxQz4ZQnCekVetyHrX84xCYV8ndGWZ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RZFyMr-LKAyxqGvNpK2KisHOnSWDVROD0WrcEijubQ4hMpMEEW4_Jw==

GET
H2 200 main~493df0b3.580db5ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 6 KB
3 KB 12ms
11ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.580db5ef.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:07:00 GMT
server: nginx
etag: W/"9b4aab2d855603fa59a09f8160eb7cb4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SHbjo2Z875cq.BpS9ven0n3hNF1FVxPh
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5h17o0e04eoKgHWSj3e1yP0jdpyiP0OfjUZFSQXCmAn4e7emYklnPA==

GET
H2 200 42.3b1c2441.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 47 KB
14 KB 8ms
8ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:47:44 GMT
content-encoding: gzip
age: 2371511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 19:15:45 GMT
server: nginx
etag: W/"62fe06940598a98760a9eae46800ff59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: E3w4v9xUpTukoTN6KVYDSvvAp5xA8HF0
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bgkBG3S3-fquZ8dBDXWDdW_qhDAPZvehOodm3KMEZiI69-O_zzxDmQ==

GET
H2 200 17.cce21c2a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 44 KB
13 KB 9ms
9ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.cce21c2a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726818
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:29 GMT
server: nginx
etag: W/"565bf690dc82ce7e1f45c9647d892490"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jEi2sT.oz2dMTnmIGznKkCTerYS6HNwY
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Sm0CtM83yuOc_xBf3eElhi1AEzIFtZJ8lcjpxhIHmvSUyUAju6U9tA==

GET
H2 200 35.3e4eba7e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 25 KB
8 KB 10ms
9ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.3e4eba7e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 23:23:46 GMT
content-encoding: gzip
age: 2016550
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 04 Oct 2021 13:21:53 GMT
server: nginx
etag: W/"b1a0f364c9ad5137b5ab8e5237a825b8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cLt._QkphhF6wcrsAIpyxqbDvHwcLtk_
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Lo1P65-0r3UdlIoGgOSRQJNHuhmiHx8dD0pGMgKHopFNlgkicAmpOQ==

GET
H2 200 15.8065fdbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 16 KB
5 KB 10ms
10ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.8065fdbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583691
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:32 GMT
server: nginx
etag: W/"db60664de2c8d54d23e359c94e68f6ce"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vLMtFICr__AmVbpyC1134yZVvjJr6q0Q
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5qZ71dU3t0GKyL9qAO74AKV6VYI-GhNl7Asv4wi0Va-ufNK3am0NOg==

GET
H2 200 19.5937a5b2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 72 KB
22 KB 11ms
11ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.5937a5b2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874426
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:09 GMT
server: nginx
etag: W/"08aceb94bd26b0e431ca437d628e3c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PpKcHacqpQIWv5LlWxshj7GW7ctXBTRY
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CetkhaM1kwvWu530CruoxTzHlbYYP0qrID0mAC8fpzg6iCgB_Fc5mw==

GET
H2 200 32.04864e7d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 16 KB
6 KB 12ms
12ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.04864e7d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"3b6707d602c1f7d03c4c8b0bdecb8e4e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IQWkyjvCMbbf.bwH.bxeulTS_dkZZlBI
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: chdCRkAdoQrI0qS3JYZsjTmd5u6G5ea7bqA2S5LkhmJCpXfNUOpK8A==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 59 KB
19 KB 14ms
13ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:35 GMT
content-encoding: gzip
age: 1874421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v0Q3sUg3fAcXKBWqoZodUDobSoc9.NX8
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yXfR_A_tiPYXQNphuWE_tW7n_LU_IyH1yVDkiLXGIFQaNpUL-kVBsw==

GET
H2 200 10.704ab67c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 91 KB
28 KB 15ms
14ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.704ab67c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 03:51:37 GMT
content-encoding: gzip
age: 2173279
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:47 GMT
server: nginx
etag: W/"50dcb170ca1ae1f4a09fe8f23065f2a8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8SLWCghXfnMEQiqJuVzEB4mWFfFgTeMA
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3IxM_5VUhVa8c7ChHYiAnIK1iHgsFSHgCeP2SroXhWM7wBqBipHGmg==

GET
H2 200 9.a48906f3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 23 KB
7 KB 17ms
16ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.a48906f3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 23:46:40 GMT
content-encoding: gzip
age: 2101576
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 04 Oct 2021 13:21:54 GMT
server: nginx
etag: W/"60e5547ed381473c15e63274bcd796b6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cLY_oJezEuNHBH6Dj5RzDB2u5ynjzlwV
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yxLjkB7HeQGy6zEcAXzkMOuoyiZU1NCeIuhmV7CrJ30tGvYvE0T-tQ==

GET
H2 200 13.c2156fc2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 62 KB
19 KB 19ms
18ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.c2156fc2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 21:49:43 GMT
content-encoding: gzip
age: 1503793
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Oct 2021 21:20:00 GMT
server: nginx
etag: W/"b94404e76324bd4454531b2e0a54f7bb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dduSgTmTEeX.c1xrsh3Cd4WUJFtbN06M
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NxNGHfmdpN43RBcDi-Mop5_l8yi2Yl1rErU3m1lZ8Cw7YW7VXk4tlA==

GET
H2 200 40.01f4f7b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 105 KB
34 KB 20ms
19ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.01f4f7b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"7dd9b27f83583b6d43567ed4b21eff8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y2Sw4rqaMZnrkHZZfz79v4_9V0UisJNM
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CEDX8_pz9jnYLUhwQ_GHDuDyTeaIOqAiZSIdAh1VZC7affwSKRkyAA==

GET
H2 200 33.c1910d43.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 12 KB
4 KB 22ms
21ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.c1910d43.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 01:06:03 GMT
content-encoding: gzip
age: 1924013
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 06 Oct 2021 19:39:55 GMT
server: nginx
etag: W/"0e451f1cf9656229ccd33dfa3ad0638d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: arjv9VVzrh14vIIrzh0xILLlz5wMfYBC
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wOeV39N5lVL8mpNJmDIwemEAMxf7tHcUVoW0bH49chBvJrr1pyfIZA==

GET
H2 200 25.b7a0bf53.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 12 KB
5 KB 22ms
21ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.b7a0bf53.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874426
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"808f7c7829001881a39cef6846a36ce0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _ix5iBb64na.L1JY7ymqDewgFGceFL7s
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 721qZOzCEf1y6_WOYyQEH9kGzTUVBIJokrA9t8Hhh_aHCmOc7nGMcw==

GET
H2 200 16.fab21cf4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 17 KB
7 KB 23ms
21ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fab21cf4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 18:08:17 GMT
content-encoding: gzip
age: 5750679
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 23 Aug 2021 17:42:07 GMT
server: nginx
etag: W/"b451093ecfaa012f364641010ed13346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mlbxReFt8YmdLvOZ4ChXgFfj8NP88809
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8tPhKSYX8kegx7N_eZUwcqjissRZeEvHMwUoUJBY0gOXza-XQeJglA==

GET
H2 200 7.ea51c6ed.chunk.css
js.driftt.com/core/assets/css/ Frame 3428 11 KB
3 KB 23ms
21ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.ea51c6ed.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:32 GMT
server: nginx
etag: W/"e87bf3956b83df89533ed143a9c0c06b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LHV.oH0gwktF4jnhsCJIoVIXzJywrym8
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4wa_h7aqlV6j79UCxfL4YAORtZilOebsm_LeJWQAnr5GQrc_MkiKwQ==

GET
H2 200 7.098b8816.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 68 KB
21 KB 24ms
23ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.098b8816.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:35 GMT
server: nginx
etag: W/"3c32ffd586275849e767bd285d8adc4a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: WrJRYvrD7eXTt.dy2mnsL_0HScpDLQF_
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5AXkQ8Ys_IGnASVUPYQwwouV3p6FOyKDZ3EXxTBT-s6QemZOnuJxGQ==

GET
H2 200 14.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 3428 24 B
665 B 23ms
22ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/14.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
age: 7214438
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Fri, 06 Aug 2021 18:47:22 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TvxaskXeU1vX5QWjGFtspdoYt.ZZ_9cE
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jf3BB-9YqD63BUc2ldsa0KIGhgFcOZwDT5PWXH8ZobAunAPjhh2QqA==

GET
H2 200 14.03c017b5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 71 KB
18 KB 25ms
24ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.03c017b5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"c34078b7dac13ea8ac14ab51434795df"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Q8fMkTTTL7O5vEW45ly7dAsRJgoH_WtQ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AuzsmmZBJD7fJVYrhhvpuOfriz1DLlYHt2G7QPbPhZ2L7Y5yBSUUPA==

GET
H2 200 20.1baaa537.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 46 KB
13 KB 26ms
26ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.1baaa537.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218339
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"0e951b4ab93678b94bf79313d886aaf3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vSg8w9fhSOF1p10wor9Wyt__PlLKXRCS
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qvTR-VEckr6M1BGIO_jx9VtApGY_sfIyuMd8fVipkYJnXn3R_Qamug==

GET
H2 200 12.28cf3bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 40 KB
13 KB 27ms
27ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.28cf3bf7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:33 GMT
server: nginx
etag: W/"2e01bb2ae1b1914ea5c578e17744b422"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: flDAxDLRsacaAoJIOqhtcKtkWZaQbJCj
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eYt9T4uglv23caDp8uvV_O8UcSbSAx8cASXuj6IXAtTvJvyM6m9bVA==

GET
H2 200 42.3b1c2441.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 47 KB
14 KB 27ms
26ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:47:44 GMT
content-encoding: gzip
age: 2371511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 30 Sep 2021 19:15:45 GMT
server: nginx
etag: W/"62fe06940598a98760a9eae46800ff59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: E3w4v9xUpTukoTN6KVYDSvvAp5xA8HF0
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UijTMIN0MyC7aIIdZ4U4N5zYmSUuZkudhu_kP1r72Ei1rQRGr6wqPw==

GET
H2 200 17.cce21c2a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 44 KB
13 KB 28ms
27ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.cce21c2a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
content-encoding: gzip
age: 2726818
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 27 Sep 2021 17:53:29 GMT
server: nginx
etag: W/"565bf690dc82ce7e1f45c9647d892490"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jEi2sT.oz2dMTnmIGznKkCTerYS6HNwY
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3deRgX02lXv8f4tevo1zLD4vJDey_Z4Tqy0t24GRLYjjzMBgcOX5VA==

GET
H2 200 35.3e4eba7e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 25 KB
8 KB 28ms
27ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.3e4eba7e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 23:23:46 GMT
content-encoding: gzip
age: 2016550
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 04 Oct 2021 13:21:53 GMT
server: nginx
etag: W/"b1a0f364c9ad5137b5ab8e5237a825b8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cLt._QkphhF6wcrsAIpyxqbDvHwcLtk_
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D5UYeQR8KPgUCc3MFWSFcnqP7ugkt6Fn1tQ1vwroNFKqe25ny1n0pA==

GET
H2 200 15.8065fdbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 16 KB
5 KB 29ms
26ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.8065fdbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:05 GMT
content-encoding: gzip
age: 4583691
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:32 GMT
server: nginx
etag: W/"db60664de2c8d54d23e359c94e68f6ce"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vLMtFICr__AmVbpyC1134yZVvjJr6q0Q
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: x_1HekXQ2NXsf2H5GPkn_u63SxZXaT1VxfyoXXgUsmmpBhNdg0gClA==

GET
H2 200 19.5937a5b2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 72 KB
22 KB 30ms
23ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.5937a5b2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874426
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:09 GMT
server: nginx
etag: W/"08aceb94bd26b0e431ca437d628e3c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PpKcHacqpQIWv5LlWxshj7GW7ctXBTRY
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jiOkmEI76vdVp9Y-8-pyGHiV7OH7Gj07horCvHnvfUfNRdgqR6NcPA==

GET
H2 200 32.04864e7d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 16 KB
6 KB 31ms
25ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.04864e7d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"3b6707d602c1f7d03c4c8b0bdecb8e4e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IQWkyjvCMbbf.bwH.bxeulTS_dkZZlBI
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oOCcoKOtZcQMMGkDa8yOXXVWi5fUW1ZZBj5kg5rTMYw46lLSnTXXxA==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 59 KB
19 KB 32ms
25ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:35 GMT
content-encoding: gzip
age: 1874421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v0Q3sUg3fAcXKBWqoZodUDobSoc9.NX8
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iwKnGjWdaPwZCwwYIEoN3YobeZp761IwC5GqZbaRhXJ8k6h4QuYx1w==

GET
H2 200 10.704ab67c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 91 KB
28 KB 34ms
26ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.704ab67c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 03:51:37 GMT
content-encoding: gzip
age: 2173279
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:47 GMT
server: nginx
etag: W/"50dcb170ca1ae1f4a09fe8f23065f2a8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8SLWCghXfnMEQiqJuVzEB4mWFfFgTeMA
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oaSzC1Qe5Q0OMXDvAdZN0h9WVU6ageUVZ5PGcBbxswy4QwB9Oe9j7Q==

GET
H2 200 9.a48906f3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 23 KB
7 KB 35ms
28ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.a48906f3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 23:46:40 GMT
content-encoding: gzip
age: 2101576
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 04 Oct 2021 13:21:54 GMT
server: nginx
etag: W/"60e5547ed381473c15e63274bcd796b6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cLY_oJezEuNHBH6Dj5RzDB2u5ynjzlwV
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -hbmxF1v-mwVXN-QcVBax4q6B80QA2ds_dpuDDWPX0Y3NKk6scg5ow==

GET
H2 200 13.c2156fc2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 62 KB
19 KB 36ms
28ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.c2156fc2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 21:49:43 GMT
content-encoding: gzip
age: 1503793
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Oct 2021 21:20:00 GMT
server: nginx
etag: W/"b94404e76324bd4454531b2e0a54f7bb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dduSgTmTEeX.c1xrsh3Cd4WUJFtbN06M
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zEJeAiSWwjMu36g0OPRBs1FjaJm3B3ygu-b2eDqGuHqbl5AUi_jLRg==

GET
H2 200 40.01f4f7b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 105 KB
34 KB 38ms
30ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.01f4f7b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:25 GMT
content-encoding: gzip
age: 4580851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:33 GMT
server: nginx
etag: W/"7dd9b27f83583b6d43567ed4b21eff8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y2Sw4rqaMZnrkHZZfz79v4_9V0UisJNM
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IrwXmJqvy0Gg7s2A1qvO4_3Kqo9EoX333URlcF5FTotSfjc1oA9Xdw==

GET
H2 200 33.c1910d43.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 12 KB
4 KB 39ms
32ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.c1910d43.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 01:06:03 GMT
content-encoding: gzip
age: 1924013
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 06 Oct 2021 19:39:55 GMT
server: nginx
etag: W/"0e451f1cf9656229ccd33dfa3ad0638d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: arjv9VVzrh14vIIrzh0xILLlz5wMfYBC
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QYNSlZyvEBQu1-QdOGZeBAPLCS9P8kakJCSJb6FJvHzT-Jr_DwbYFA==

GET
H2 200 25.b7a0bf53.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 12 KB
5 KB 39ms
32ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.b7a0bf53.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:30 GMT
content-encoding: gzip
age: 1874426
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:10 GMT
server: nginx
etag: W/"808f7c7829001881a39cef6846a36ce0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _ix5iBb64na.L1JY7ymqDewgFGceFL7s
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GVNpjKFC1HOmfGPu1FLXs87wExFPnkeV8LmPlYiitJJxWaLdVcrq_Q==

GET
H2 200 16.fab21cf4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 17 KB
7 KB 38ms
33ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fab21cf4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 18:08:17 GMT
content-encoding: gzip
age: 5750679
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 23 Aug 2021 17:42:07 GMT
server: nginx
etag: W/"b451093ecfaa012f364641010ed13346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mlbxReFt8YmdLvOZ4ChXgFfj8NP88809
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XUFHWSzuTe5BsAEs6w-P46Fhl2UC-5oeNqPouccvST1JQu_eKs3bSQ==

GET
H2 200 7.ea51c6ed.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 11 KB
3 KB 37ms
32ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.ea51c6ed.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:32 GMT
server: nginx
etag: W/"e87bf3956b83df89533ed143a9c0c06b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LHV.oH0gwktF4jnhsCJIoVIXzJywrym8
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: K_akZUa1Z4QBKZtm7PZ-09maqBnu2X1okoYLRLbOYOanhGR7Xs8byw==

GET
H2 200 7.098b8816.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 68 KB
21 KB 39ms
34ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.098b8816.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:35 GMT
server: nginx
etag: W/"3c32ffd586275849e767bd285d8adc4a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: WrJRYvrD7eXTt.dy2mnsL_0HScpDLQF_
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WHsiVwGzsn2LyS8nKLq6uUAslm-l9ufvROvAEud2ot56iBfHlorQ3g==

GET
H2 200 14.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 24 B
665 B 37ms
32ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/14.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 19:32:17 GMT
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
age: 7214438
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Fri, 06 Aug 2021 18:47:22 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TvxaskXeU1vX5QWjGFtspdoYt.ZZ_9cE
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jridSpZXhh1RquTS9gcHZB58q_z7i6PeUYC97qK41RfM8FrbbjpZ_A==

GET
H2 200 14.03c017b5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 71 KB
18 KB 41ms
36ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.03c017b5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:14 GMT
content-encoding: gzip
age: 568602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"c34078b7dac13ea8ac14ab51434795df"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Q8fMkTTTL7O5vEW45ly7dAsRJgoH_WtQ
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Osrqb6Qb1eBFbeFVU4KpXTmS1jd9ZQ91aCnotBN1l58J4C42GGhBCQ==

GET
H2 200 20.1baaa537.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 46 KB
13 KB 42ms
37ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.1baaa537.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218339
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"0e951b4ab93678b94bf79313d886aaf3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vSg8w9fhSOF1p10wor9Wyt__PlLKXRCS
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L16nHPJWXKorMrkrZnWkSeG9-8FSSdikLNmOQJ5rLMHl2GeX6C1PXg==

GET
H2 200 12.28cf3bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 40 KB
13 KB 43ms
38ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.28cf3bf7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 19:03:31 GMT
content-encoding: gzip
age: 44965
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 28 Oct 2021 18:04:33 GMT
server: nginx
etag: W/"2e01bb2ae1b1914ea5c578e17744b422"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: flDAxDLRsacaAoJIOqhtcKtkWZaQbJCj
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XuyglnvH5RL7AFleGTHsrGyETUH1p-q42KBFPMYPYeNIpRMhHb5ZnQ==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
362 B 86ms
85ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22a7fb8b5c-b14d-4030-a76d-26dbc96ab43b%22%2C%229d9a2f2d-7a5e-4b33-9cfa-4f7e5e866275%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492776773&vi=60e108089cdefe4d82c69e9de9fdb5b7&nc=true&u=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&b=57501621.1.1635492776614&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 332650a9-49b7-415c-8390-580d8a253cd5
cf-ray: 6a5ab67eee25375c-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsZ8pLl4z7nxXNSWdj6rgeYuqE53ldgMGjHcf0TVgr52h56mEVLlFsCrJv0RHAPBs8%2FH4u8g6ldVOZRNtO1f%2BJ26sAb2ozXeJ4d3MUJNfhTV8F2ahZ6PqixUW3DxczqmB8vP9ahpHXUlDfrAKh6m"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
424 B 454ms
452ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=252628&pg=a7fb8b5c-b14d-4030-a76d-26dbc96ab43b&lt=1635492775236&dt=1635492776615&at=1635492776784&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
cf-cache-status: MISS
last-modified: Fri, 29 Oct 2021 07:32:57 GMT
server: cloudflare
x-hubspot-correlation-id: 445c2385-c590-4e42-befc-8a93aeb8f792
x-trace: 2BAF55BA0871BCBA07FDAFB924EE4A8708F6CFD7B2000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNCp0Jl7y%2Bh5IfUuTG8t5AnS6o%2BaNdFyS%2BRvOgTYfbpbXuUae2huIhTCsFHgqggJ7I6eT9%2FVi44ZPfiSmqnaog%2FnYk1ugbz71f%2FzxYcLqPhp7QSjhAkXN61UDmKCx18fiPG1jJ8qE2z85iHUndfGe1%2FTWwoPc6L1W%2F4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab67efe3e375c-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
217 B 464ms
463ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 5efb4124-841c-4548-aa03-82f834f0e54c
cf-ray: 6a5ab67efc3b3757-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:57 GMT
server: cloudflare
x-trace: 2BDC815EEE87D658314527B72609342FB4FE834B1F000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 334 KB
0 159ms
52ms Media
video/mp4 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:6702 -, , ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 23408
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 26M7HJFHD6YRETQ8
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:56 GMT
via: 1.1 a9eaf6e9a69fa6a7e0ae6b0894db715a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P3
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
Content-Range: bytes 0-4150014/4150015
Content-Length: 4150015
x-amz-id-2: xUagrozSVLDIEooNw3Qdw33f8ZaaQZvdK9ly6JDWsz8vkfI8kE6w+93MNjUryI1onDqT0WTVQb4=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qKjV5P8fquhVjzrAIQEQgUhrTIYUOYafZ0IB615P%2BlkbNsd1l6JOdK%2FHkG1r6fhJcVwCJhLJTYAX9Zre8cuRpehGIf%2F8ob9ic2QHtDMJtilfFYfvKhv8rCVMLyy2Y223sayjAwtWr%2FLox4MfYuT96XC%2F9A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab67f9d885a37-MXP
x-amz-cf-id: 3UxxK6ZDcHpHgzW1rnpeWiKCDqV7BcVeWy-jpNPE5hDbAm__Mk0r5A==

GET
H2 200 22.e10510b6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 42 KB
12 KB 8ms
8ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.e10510b6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b0257060098cdc51166f35b62e7dd8f0c5f8d6cfa319901c0c51a629537e02fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 01:13:23 GMT
content-encoding: gzip
age: 1232373
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 14 Oct 2021 21:28:22 GMT
server: nginx
etag: W/"a99459752bee496e4af7c45277fd9c26"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: T8L5krx2cqygd71cKnQ.RlFky1lNaO_x
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _p-8e7MTFuYgBh9CyfgjR9MnOp5q3K2Sb_Ve7tmPagvKWoXaXkh1zg==

GET
H2 200 24.49c6961c.chunk.css
js.driftt.com/core/assets/css/ Frame 3428 8 KB
2 KB 9ms
8ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/24.49c6961c.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 14:52:31 GMT
content-encoding: gzip
age: 1874425
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 14:03:07 GMT
server: nginx
etag: W/"f80cd64e339375567091159cb077b941"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Jae8JqW663dCPtKcAWnt.q.y_JeyJDGP
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ytzAX5qCiyTMAJhhPb7aUDMxMToHa4VWnGgi66E4eonJYFbpeVLNqw==

GET
H2 200 24.76cfc36a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 11 KB
5 KB 9ms
9ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.76cfc36a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

39a37a8590ed1f9c94e9cf2559ecef149e3c26c33a902bf317be1d1a4e239dc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 17:56:28 GMT
content-encoding: gzip
age: 912988
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 18 Oct 2021 17:22:52 GMT
server: nginx
etag: W/"ef507f77f0656bb96ae332b6aa56a704"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dimasf7fktpZ3ilSSOILefw61MPRf19Q
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3Qg-CiAVbgisBy4DkY7vOBKoHl4dD1NaAqnzJOydJwJaj8dDrEsEWA==

GET
H2 200 18.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 3428 365 B
1007 B 9ms
9ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/18.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 18:05:58 GMT
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
age: 2726818
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 365
last-modified: Mon, 27 Sep 2021 17:53:27 GMT
server: nginx
etag: "06b2963b029c0824382815165bfea73e"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2nl84_Ynkb7J4eflOi4MBL9RG1iL8udX
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: koD7cuPU9BrNQHfnS4WXOOpPMOyInLX4ig6FWdN1OdHi-8FpSvqNbA==

GET
H2 200 18.eb1a6df4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3428 84 KB
23 KB 10ms
10ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.eb1a6df4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f19b1f14c864b5c91313c4ff558be0405a4912d5f980a75ca55fd9138e2122e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=mp5rtwcnz2nd&region=US&forceShow=false&skipCampaigns=false&sessionId=630cb44b-9a49-4cf2-bf67-3c933d3f91ad&sessionStarted=1635492776.601&campaignRefreshToken=a4c660f9-3949-40f5-896c-3134cfbe14c4&hideController=false&pageLoadStartTime=1635492775008&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 18:53:57 GMT
content-encoding: gzip
age: 218339
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Oct 2021 18:24:49 GMT
server: nginx
etag: W/"fca6f88644e3f72c16abd34367e299db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 8Dtw1x8g7uQYQi_RZW4NW_rYatewsWyL
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JHuhmS08tZkoz67vOsuABhDUNBMey0Q4ea_yAr4__qr1ihZQAt9eUg==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
352 B 82ms
82ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%229210833d-34a7-4597-ade0-03e16dcbc24c%22%2C%22bfb042c4-2edc-4f3e-b748-d104f601ac33%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2427650321&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&t=A+Multi-Method+Approach+to+Identifying+Rogue+Cobalt+Strike+Servers&cts=1635492776844&vi=60e108089cdefe4d82c69e9de9fdb5b7&nc=true&u=57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1&b=57501621.1.1635492776614&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 34084930-3893-4145-822f-7d5ba8ec7148
cf-ray: 6a5ab67f5edb375c-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBDQPoPRbtaW5Wn5VsOt0rhXNeiBj5U7inYXbdNFklTXGJDelgoJLLPi6vota8kSiO4u18hdAoKtK2A0t91TDEELaOyQ8lBalO0PFPULR1evFk6%2FlN1kSKD9ljlGNv0Ma6cqxKKwXSVjVefNzztS"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
364 B 157ms
156ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=252628&pg=9210833d-34a7-4597-ade0-03e16dcbc24c&lt=1635492775198&dt=1635492776615&at=1635492776862&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
cf-cache-status: MISS
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-hubspot-correlation-id: 6f695d16-4d47-44f2-8b53-575842e64839
x-trace: 2B0A95426C6B2BD21E326B774D2AA634E05452CA6C000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rW51gR9Sd0%2BOAyK6OTm1MFd9fGCi5jyT43XF9tE%2B5%2B9Nl3zKe7ZpWGf2SyXRvGk2qYroM9GCzFTsKBmjyUZzERs77WYTIjTOVDLeF45QDSsO3HkXYADHur208QNmDkjdm5596mDNqi93wJRvSAomAy6Rj4%2F3sNyg78g%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6a5ab67f6f00375c-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
171 B 149ms
148ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:56 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 9d68b488-47bd-4f10-9086-b19e00a2e693
cf-ray: 6a5ab67f6d203757-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Fri, 29 Oct 2021 07:32:56 GMT
server: cloudflare
x-trace: 2B0A23AC5BE3F53473B868954B1360ED3CADEDB456000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 30.e776e5b0.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 6 KB
1 KB 7ms
7ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/30.e776e5b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 06:18:06 GMT
content-encoding: gzip
age: 4583690
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:30 GMT
server: nginx
etag: W/"9f36443a9402e1e03bf8070ddc88b8db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: tAgW8ISL_lhmF8yDc7EFC6RakUCehknp
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: trNEl-KjK2Aie4S1WF3QMGESaVc2W7lfR0clEvmQAb7W4YzYxt9V5Q==

GET
H2 200 30.1cba0c50.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 2 KB
2 KB 8ms
7ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.1cba0c50.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2337e32bed1dffbceeade3e898616dadd4b6ba320b8201ec767923828a91dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 18:18:48 GMT
content-encoding: gzip
age: 1775648
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 08 Oct 2021 17:49:20 GMT
server: nginx
etag: W/"d54ffcde15f455981e28d3c9524c5a65"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mpksmuuRXsbc0e.AvyCNzrcsYNrGiRlA
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 088BOpBjUtuYCINwqTXrfDhB6JjR7Tm0kp3peRKNO8CHOaI0GJX_Tg==

GET
H2 206 Be%20In%20The%20Know%20-%201000x150.mp4
go.recordedfuture.com/hubfs/video/ 292 KB
0 54ms
37ms Media
video/mp4 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Be%20In%20The%20Know%20-%201000x150.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:6702 -, , ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-cache-tag: F-40645593741,FD-40644989410,P-252628,FLS-ALL
age: 94701
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593741,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: E8MMD3BKSQS19MJ5
etag: "7e96f071cd2d83e5b7ed23b469d79a6e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610488579540
date: Fri, 29 Oct 2021 07:32:56 GMT
via: 1.1 57c777096dda7430f4dd98bcff27e0fc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
Content-Range: bytes 0-4182721/4182722
Content-Length: 4182722
x-amz-id-2: BIrnZJyjHfQYLsDLdJzgP2PajAdPaqktjtqw/sbMBxPCsKe8m4CswUr5k9ZksdWf6/aWoO7xYus=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:56:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGpQZqXEoTd0MXezXFVC%2FT%2BvtE4yvzfoQahiExllOlrAKIpPDL%2FBJhMoxqWFvCCdFQUIA0jNvgQYARnhiBu07r%2BvVswAh49X8kHEhIxArcU4598r2oUmxT6TDP4yLOXBEenLDzt9t%2BpxjmnnnLOGwj%2BnsA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: csscr0TOmaPgfBrU9ZjgdZG283D4s.x.
cf-ray: 6a5ab67f9d8c5a37-MXP
x-amz-cf-id: Hgkj5TTH-bIsA9rMATA8a6M-4GcHzyxgsXuBMPMPekabCJIsw4VRbA==

GET
H2 200 1.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 7 KB
2 KB 7ms
7ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 07:05:26 GMT
content-encoding: gzip
age: 4580850
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 03 Sep 2021 14:38:30 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: H3lCc5pGZRKjCHfgJqwvBl_pDrcMRgYg
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: J6XSKkASXHsIICPE_FaSBflBLTbXTqeK9WenTvj0lJvI1U0vhuCBSQ==

GET
H2 200 1.187c50a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 54 KB
16 KB 9ms
8ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.187c50a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a3075e2c162e41c4962a4221ae035dd607d895bd424e87aa4065a044c43763e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 01:27:39 GMT
content-encoding: gzip
age: 2181917
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Oct 2021 18:06:47 GMT
server: nginx
etag: W/"eeccccb655ee3b6bcb8b1a9b1da4fd30"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Kqvbu6YYADSzpukLsRda19nqjwsCcGyV
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qQuKRFsmobfDr_-Tt7Np3eEP8rXNGll7AzphH-kS9Gd2arlUQxcmkA==

GET
H2 200 0.ad8639b0.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 42 KB
7 KB 10ms
9ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/0.ad8639b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c84f3c933180c0ed1706f8f1923c12fb57a172ebf24c8836491c475918312ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831966
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:44 GMT
server: nginx
etag: W/"a5653da1eea0ce65836fae4712db2473"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mQv2gyI5K.QRprLf3a7EsELFpJyDQLND
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I0REpYT7_F947JsBSQBkb8ak4gHFEhK_9ZHuL-fXhCj8lPacLqtxng==

GET
H2 200 0.5ea0d49e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 64 KB
22 KB 11ms
10ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.5ea0d49e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

122848c6dceeeadfaf910d73d86132a3f93e61c6ff1e96d6d8c7d8468c0a7995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831966
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:46 GMT
server: nginx
etag: W/"2996e5ba3e005bdf8e42e630171ac432"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ANfBCF9YOHpHxJhPHvW3WC43S2ZFQyIl
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b7VnYlxkpen_kP9DuBx1VwGTAycedYPy-uiDrBTLURAH0hjZxAsqmg==

GET
H2 200 29.d680488a.chunk.css
js.driftt.com/core/assets/css/ Frame C50A 11 KB
2 KB 12ms
11ms Stylesheet
text/css 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.d680488a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

875438cf4486dbc880f1db9771e4fd278245d0ab049cf5791c306d4373ad279f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 16:26:50 GMT
content-encoding: gzip
age: 831966
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 19 Oct 2021 15:04:45 GMT
server: nginx
etag: W/"9f452b950fbeae1c64bd0358798fcb33"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: k01PIVMggK2WuJWw6lbDZ.1.Qn1d1d5I
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sgbLfTUmMSsvStqyY6cw8pgIpyWOGB8iYjNYo3aX25sw3Z7c2_d-gQ==

GET
H2 200 29.e378e9bb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C50A 11 KB
5 KB 12ms
12ms Script
application/javascript 18.66.112.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.e378e9bb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.052c7d9a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

61c5e0ee01b43350fc63d6540019ca4a1a2fec438e09e225b715a442a63115f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1635492775008
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 22 Oct 2021 17:36:15 GMT
content-encoding: gzip
age: 568601
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 22 Oct 2021 17:06:58 GMT
server: nginx
etag: W/"08a72aad434f11567a747fd67be2d3fb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: giCtYEsUB_JM_Od5EXfAQpRwov8jwuh0
via: 1.1 91dc0292eef4e22508a3ae73fe64bbf5.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ocJZDx6V1SHnBAU_kEnTG-zQcqShzWWVi5NwPAr7haAI0MeoETAWqg==

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 3428 25 B
123 B 131ms
131ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
server: istio-envoy
requestid: 6a0bbdde68922ee3
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 368ms
123ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftb5bc2a9437aba7ddc7c80c6263c
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame 3428 103 B
200 B 124ms
124ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

7c3c905b1aff3b713b47574d8e1ad8ff8e4ca4ea0afd0f68384ec6afc809492e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
server: istio-envoy
requestid: 9b58e51aa086d415
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 103
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 340ms
119ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:57 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift8d460b7476c8e00ea1dc71b75aa
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H2 206 Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
go.recordedfuture.com/hubfs/video/ 942 KB
0 353ms
352ms Media
video/mp4 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/hubfs/video/Risk-Scores-IPs,-Domains,-Hashes%20-%20350x300.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:6702 -, , ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.recordedfuture.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Range: bytes=327680-

Response headers

x-amz-meta-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
age: 23409
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40645593018,FD-40644989410,P-252628,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 26M7HJFHD6YRETQ8
etag: "7f4242e366fbe63e1f2907688d81e5dc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1610487504295
date: Fri, 29 Oct 2021 07:32:57 GMT
via: 1.1 a9eaf6e9a69fa6a7e0ae6b0894db715a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P3
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
Content-Range: bytes 327680-4150014/4150015
Content-Length: 3822335
x-amz-id-2: xUagrozSVLDIEooNw3Qdw33f8ZaaQZvdK9ly6JDWsz8vkfI8kE6w+93MNjUryI1onDqT0WTVQb4=
x-amz-meta-index-tag: all
last-modified: Tue, 12 Jan 2021 21:38:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dGpuR4bWJU39dc4Pf5z%2FmsxZ5gchpH%2BC8PFloDEqf87WATj%2BuOD9mwx9y4xQqaPYkokZoNMDJdBLeFYF2Q0RCoZDs%2B1QmGuBrXQ99ifQY3NaWCzC0%2FL7yRzX6nnnpiAvVQAiKB2xVDps3Z5ZHsURiTxsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: .5QE3xlgKIP9l5dOUqTrCu4sct8O.z5W
cf-ray: 6a5ab680afae5a37-MXP
x-amz-cf-id: 3UxxK6ZDcHpHgzW1rnpeWiKCDqV7BcVeWy-jpNPE5hDbAm__Mk0r5A==

GET
H2 200 mp5rtwcnz2nd.json Show response
embeds.driftcdn.com/embeds/ Frame 3428 47 KB
12 KB 484ms
405ms XHR
application/json 13.32.99.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embeds.driftcdn.com/embeds/mp5rtwcnz2nd.json
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-26.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eb12d13ad02ba7962f843a06b7728b8d136a25182694903a57ff950fed773031

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 07:32:58 GMT
content-encoding: gzip
x-amz-cf-pop: FRA60-P3
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 29 Oct 2021 06:25:45 GMT
server: AmazonS3
etag: W/"825d36d1702d81109dcf7e1c830a2721"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json; charset=UTF-8
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
cache-control: public, max-age=30
x-amz-cf-id: 6aZGVkolTATFvOh9iIlgHW5GoRO2Y3z0ZFHSrsssspiikBDCOxBkNQ==

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 212ms
212ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10029f0b0000a7a37b61cf000000874d2f00&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A55%20GMT%22%2C%22timeSpent%22%3A%222309%22%2C%22totalTimeSpent%22%3A%222309%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:57 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 199ms
198ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10029f0b0000a7a37b61cf000000874d2f00&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223310%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:58 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame 3428 25 B
108 B 117ms
117ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:32:59 GMT
server: istio-envoy
requestid: 11a3dc7ffb9be565
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 105ms
105ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:32:58 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift970c72146408f49b096cc1d9c84
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 216ms
216ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10029f0b0000a7a37b61cf000000874d2f00&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A58%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224311%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:32:59 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 195ms
195ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10029f0b0000a7a37b61cf000000874d2f00&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A33%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A32%3A59%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%225313%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:33:00 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 195ms
194ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=36bb10029f0b0000a7a37b61cf000000874d2f00&session=87a15427-5ffa-4e9f-894f-c702d75f3e97&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A33%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2029%20Oct%202021%2007%3A33%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226314%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insikt%20Group%20assesses%20changes%20to%20Cobalt%20Strike%20servers%20in%20the%20wild%20following%20the%20public%20identification%20of%20several%20Cobalt%20Strike%20server%20detection%20methods.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22A%20Multi-Method%20Approach%20to%20Identifying%20Rogue%20Cobalt%20Strike%20Servers%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fcobalt-strike-servers%2F&pageViewId=efcd9d6e-e9fe-46e9-8dc3-ad0030b9965f&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 29 Oct 2021 07:33:01 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/add/ Frame 3428 25 B
108 B 103ms
103ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.3b1c2441.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 29 Oct 2021 07:33:02 GMT
server: istio-envoy
requestid: 260dd24d6449a0fc
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 0
0 103ms
102ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 29 Oct 2021 07:33:01 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift0a7585545ffb400038fff593333
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.6sc.co/	1970-01-20 15:49:24	Name: 6suuid Value: 36bb10029f0b0000a7a37b61cf000000874d2f00
.recordedfuture.com/	1970-01-20 00:27:48	Name: _gcl_au Value: 1.1.752578207.1635492775
.hubspot.com/	1970-01-19 22:18:14	Name: __cf_bm Value: .btYwkEAt66t1YtKZ2qAU6C75IYLyk2E9XTTVtf_W8k-1635492775-0-AZBePs0/DNkd93vER84JJ1+uPjCt7MdZqeIQXyuS2cRCtEPrEJqmidpyyo3I51i2G2bNRYmR2/ZJ54pTAVY+gW0=
.recordedfuture.com/	1970-01-20 07:44:07	Name: _pk_id.1.e343 Value: 98c82a95705b4585.1635492775.
.recordedfuture.com/	1970-01-19 22:18:14	Name: _pk_ses.1.e343 Value: 1
.recordedfuture.com/	1970-01-20 15:49:24	Name: __utma Value: 93161374.1027330140.1635492775.1635492775.1635492775.1
.recordedfuture.com/	1969-12-31 23:59:59	Name: __utmc Value: 93161374
.recordedfuture.com/	1970-01-20 02:41:00	Name: __utmz Value: 93161374.1635492775.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.recordedfuture.com/	1970-01-19 22:18:13	Name: __utmt_sfga Value: 1
.recordedfuture.com/	1970-01-19 22:18:14	Name: __utmb Value: 93161374.1.10.1635492775
www.recordedfuture.com/	1970-01-20 15:49:24	Name: _gd_visitor Value: 8814f332-043c-4f83-88c1-68903efed009
www.recordedfuture.com/	1970-01-19 22:18:27	Name: _gd_session Value: 87a15427-5ffa-4e9f-894f-c702d75f3e97
.recordedfuture.com/	1970-01-20 15:49:24	Name: _ga Value: GA1.2.1027330140.1635492775
.recordedfuture.com/	1970-01-19 22:19:39	Name: _gid Value: GA1.2.960182900.1635492776
.recordedfuture.com/	1970-01-20 00:27:48	Name: _fbp Value: fb.1.1635492775621.1100648348
.recordedfuture.com/	1970-01-19 22:18:12	Name: _gat_gtag_UA_9153858_2 Value: 1
.recordedfuture.com/	1970-01-19 22:18:12	Name: _gat_UA-9153858-2 Value: 1
.doubleclick.net/	1970-01-19 22:18:13	Name: test_cookie Value: CheckForPermission
.twitter.com/	1970-01-20 15:49:24	Name: personalization_id Value: "v1_d5fscHzSt8Aji8V+qE+Q2A=="
.linkedin.com/	1970-01-19 23:01:24	Name: UserMatchHistory Value: AQKkfGM3jzO9aQAAAXzK90d5Zqri-FO4nPUXjcMCTWNamwEWsnGzf2eVd_mU6XUY-UW31KFhnpD49g
.linkedin.com/	1970-01-19 23:01:24	Name: AnalyticsSyncHistory Value: AQJquEK5_F7JuQAAAXzK90d5kE4xn6-8rM2tt9Kn8FC_XYbzs77_NUtf5cUG9c6Lc2AXECpeaUHZFW1oP0mPyw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 15:50:06	Name: bcookie Value: "v=2&d1c98b08-1b8d-48ac-8ad2-382cf241893a"
.linkedin.com/	1970-01-19 22:19:39	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2560:u=1:x=1:i=1635492775:t=1635579175:v=2:sig=AQGL5XrMMFaQ0XPLTZlI38Ir4fezgT8u"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:50:06	Name: bscookie Value: "v=1&202110290732563843bac4-4579-4aa9-8ba2-033b6f518036AQETqrSakU3Dn1es8lU10uf0EfiugUpC"
.linkedin.com/	1970-01-20 15:40:17	Name: li_gc Value: MTswOzE2MzU0OTI3NzY7MjswMjEAoKYWyyTdIZv4GyrVo52ceTNQj+f9S76K9vcHat1I1w==
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_policy_id Value: 17
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_functional Value: allow
www.recordedfuture.com/	1970-01-20 07:03:48	Name: cmplz_statistics-anonymous Value: allow
www.recordedfuture.com/	1970-01-19 22:18:14	Name: drift_campaign_refresh Value: a4c660f9-3949-40f5-896c-3134cfbe14c4
.recordedfuture.com/	1970-01-20 07:39:48	Name: __hstc Value: 57501621.60e108089cdefe4d82c69e9de9fdb5b7.1635492776614.1635492776614.1635492776614.1
.recordedfuture.com/	1970-01-20 07:39:48	Name: hubspotutk Value: 60e108089cdefe4d82c69e9de9fdb5b7
.recordedfuture.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.recordedfuture.com/	1970-01-19 22:18:14	Name: __hssc Value: 57501621.1.1635492776614
www.recordedfuture.com/	1970-01-19 22:28:17	Name: _an_uid Value: 0
www.recordedfuture.com/	1970-01-20 15:49:24	Name: _gd_svisitor Value: 36bb10029f0b0000a7a37b61cf000000874d2f00
.go.recordedfuture.com/	1969-12-31 23:59:59	Name: __cfruid Value: 784aa321517d70cd9ab73557c80eb8add478165c-1635492776
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 4c112108321409f
.recordedfuture.com/	1970-01-19 22:19:39	Name: source Value: (direct)
.recordedfuture.com/	1970-01-19 22:19:39	Name: medium Value: (none)
.recordedfuture.com/	1970-01-19 22:19:39	Name: content Value: undefined
.recordedfuture.com/	1970-01-19 22:19:39	Name: keyword Value: undefined
.recordedfuture.com/	1970-01-19 22:19:39	Name: campaign Value:
.recordedfuture.com/	1970-01-19 22:19:39	Name: landing_page Value: /cobalt-strike-servers/
.recordedfuture.com/	1970-01-19 22:19:39	Name: conversion_page Value: /cobalt-strike-servers/

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css2?family=Inter:ital,wght@100..900 Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
b.6sc.co
bam.nr-data.net
bootstrap.api.drift.com
c.6sc.co
cdn.jsdelivr.net
cdn.materialdesignicons.com
cdn.matomo.cloud
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
embeds.driftcdn.com
fonts.googleapis.com
go.recordedfuture.com
googleads.g.doubleclick.net
j.6sc.co
js-agent.newrelic.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscta.net
kenwheeler.github.io
metrics.api.drift.com
no-cache.hubspot.com
perf.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
recordedfuture.matomo.cloud
secure.adnxs.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
track.hubspot.com
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.recordedfuture.com
104.111.233.140
104.18.13.124
104.244.42.195
104.244.42.197
108.174.10.14
13.32.99.26
151.101.130.137
162.247.242.19
172.217.18.98
18.66.112.39
185.33.221.87
199.232.136.157
2600:9000:223f:ae00:c:7d55:b3c0:93a1
2606:2c40::c73c:6702
2606:4700::6810:125e
2606:4700::6810:5805
2606:4700::6810:5814
2606:4700::6810:7baf
2606:4700::6811:45b0
2606:4700::6811:d5cc
2606:4700::6811:dfcc
2606:4700::6812:15bf
2606:4700::6813:9b53
2606:50c0:8003::153
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:800::200e
2a00:1450:4001:809::2004
2a00:1450:4001:809::2008
2a00:1450:4001:811::2003
2a00:1450:4001:813::2008
2a00:1450:4001:828::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c09::9d
2a02:26f0:6c00::210:ba18
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.94.218.138
50.16.7.188
52.223.61.136
89.187.169.39
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03cdc33d9a1c3c22b85844648f7787f8b005e7b3169555792dd36257e31f9495
04b12fe4b726c8e5ba04dcff9b0d38ce4732135f29f207d157298e361217dbe9
0940efb55fa2f1deb76f9261931ac680e0fc2429e1073e2bafaadc7a32bab6d5
0b22a782d08b25024012dd62af1848c8e9fc236b147753ba3b98f03e8034aafa
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
1026d9fb308f7ae9af4b10ee43618382be1a6313656b395da90681d6a10b1988
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
122848c6dceeeadfaf910d73d86132a3f93e61c6ff1e96d6d8c7d8468c0a7995
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1348cfccbfc3386e39f760e3e95f6d79c2546051541c316747dd39925c459c89
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
1612e3d01a9389defe81c28b91ee18b7b1f97b54f39dd8aa651667c25bce28e2
1cc82f513588a417cfb181cd5b2329432cc3b2bb9d1f056e432838a036851aed
1ed082521f47921ffff14d4ec1c6c3f1ea55114741bee23cc23d4ab6a3213642
1f7e6a6c895c100151dfb452658d754fba7965e3ca95359990486db344d531e7
2141abf196d6e27db0c32272439429c12f3ad7ac611be5b9fe7c079a0735d827
22d9ce45b9c08488a55c6806bb6dc4cbfde25f244f223ad95dafa7ab4fdf09f6
2337e32bed1dffbceeade3e898616dadd4b6ba320b8201ec767923828a91dbe9
23af879c65c6f3e5681d35b05549ceeb15d8ac4e2e21d8cd8be53d8f1922b37f
265fd69dc48e408e11848da1bdaea9a27f2f474a502775577ee17e62abcb761a
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
271bc594ffc1d972db7f089f567b29b1174183bcd46c672eb7775226a404a027
2b4d9e531f3302ad49380ce5e5e160925956edb55179c63ee2bac32ab040d1a5
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2f08a93f82046606f7881783cc483a10fe364ecadf43f3b6cc64c67463af8666
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
326d6c39524da9a4b3d35286c798b93738a4665b29ce498d5b5df959a3a19012
3323814006fe6739493d27057954941830b59eff37ebaac994310e17c522dd57
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
39a37a8590ed1f9c94e9cf2559ecef149e3c26c33a902bf317be1d1a4e239dc1
3b44433b6d777aed38ed9359c5453bba1fb62c181f99f060b94cc58e457457d9
3ca30196668a7f8ebe3b4a6ef2d30a2e3d491b06557b222a75d98b47c50f69bc
3ec19e731a605af29732582f00be3657470562ad2c1059ce01e58feda8f8d141
3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b
40bcd63ab74f4ab4d6976033797595ea693379a4186ba951e8059d8f2b63c7a8
41f7afd6088c39cdc0d6f910f7f4b6afbf6a2133533847e960a8ca906fabc1c6
44a71fb13f43360c9013841611c5c20848a929ac2ef5cff804dce3da0e02271e
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e42e478fd27161799c18a75c2e9a7341996250f696d09d53db336a2962ba06b
5059bfed12587f496894f97319682ccb715e7748ae93dd2cafd6310e914f3870
506ce0942e77b6fa5cc1f4ba511c55fb494dda9a4e81f80ff653684e43c101a8
50b65e8904b4b0452adb190cdcf16f6f0f2b31d1179c1eb5d8429284f135260a
5238692ecf23970cbc3bad3899f5ad4913886cd16f0883d22fda406b3324a253
52997a640c38c5915b6105ad464bf2bf8121f3fe40c72d70791f54c4be95971a
578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93
58332a4cc75a697eafeb1b4d9cb66326d6a29acb2f98afc1de3f1ef2401be056
593f56bb9b00b639f6aadc57954f46080ce233d1bc01ef50f85720df619029f8
5b95cb9d1afbdd93fee9b33d9f2da1b4e0df06ad73b77b8f507005d0ae2089e0
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5efce88ac7228ea159bcf7fd1cc56d73c19428394218706524bac0e9151d4c61
5f3923859a304623f0c5efd3103b04660502b9d2c7410b559d163266363efae8
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
613c27d45e0551e5862b4bbbf3c6f5241f73bc472ff15e84492f9b4f6579c58b
61c5e0ee01b43350fc63d6540019ca4a1a2fec438e09e225b715a442a63115f3
6759e1844268d4ab9f5c8a9c16c245b58c1b5cc8d8361ce751bf8902a0025293
680ffc6fb7452a4d41dcccc5c5dff70c52d39aba45492d33c5413dddbf238c8f
692f218144b18d4f2c28c9d8d69385106263fb3239fd0ae2b42680202941ba0f
699713f69dbd2387b7c3b57204bcdc3d86d3ac350718a7ad65a5293e0d2c53eb
6a09ca406e89e7b1d3172741824df92d81eb000aa3241559c573f1bf17bc4899
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6fdd24bd96b3a482bc058d5c9bcfd6f1c664d91bbd47658d65ac5d852535f7fd
707fa94515d8bb05911ba2599cc33e2ea12338116fdbb426d7bb27745fc854ad
70c9b373b81d6e43a3479f52231ac50d2691fd9232042514159be5866a65e40f
7161c0d59473e4252d49119a51cb9b5e2ee3829684f461bc4be3541d0902d66c
71f918c131027703d4692c7e7cc9d46fc09554fc2b211e60f12e8fea8360deb7
7201c12b0e82cd05a60c412f53f98f37cfec9616ef61f6e34d7d3a5293e440a5
7223c0b2ffaafe54a5aa7784420e711a847bde036b3e8050c319e815a4b1aa33
7727399fe5d8441829176e6a661b540efaac1680120a1d7fb1235e258d70770b
773a8f6755c75e51461fb4809413075f96342df2696625580b407967292d915c
7915f988d90a47aff5003835c6e0255c3cb35247762ff36f005e7f94d5e8fbbc
792cbd24e934bdcb0e62deaaefed93938b59a01223bafe4004eeb8b54baa5808
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842
7ab1a5e7c2b115dc7e18cc7715b14ee689e79dcb8ff780d7398991d19a6858f1
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7af30d30b8b1894637a8360fc65d4a4f3337b1c6868ef89273f04e32828a6ba9
7c142f741438550d5cad8e88b6b2952f8f256efda416f35e5a84dd2f6066144d
7c3c905b1aff3b713b47574d8e1ad8ff8e4ca4ea0afd0f68384ec6afc809492e
81a0af4b719cd7130599920adcdb46c1baee5556a3bdac934cc13acab1da9d30
81dbdd695385ce9e3065e0cf1d8f058169de79244b1d1be4059b527e31d23c77
8207ade6f639887a7838b2903d39de1b3d21a327b031310555676d120e068b47
8271756d5397dd04fee9e7b5e9bb25a40b32102998938539946d9a006a0ec737
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e7b0edd83ba89635382f425dfdfd4e2dc0f4c43a059c41dce98cdb1048ab86
84decc00a588d65b9c7ae58a79d11fa6eb4a1ae0330a0e78097ef88599482168
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
852cd8d4d0443f3e12551ea41d1a2fde9e962edabda4afd5c8496f397a8dcbe4
875438cf4486dbc880f1db9771e4fd278245d0ab049cf5791c306d4373ad279f
87ead41c0a6b481b3cc9c1bc9833aa34e2528b09e72516a285c734039ce5f168
8c7e0fe5fb97666da6b5e2a87daca9d43a2e6e1c94e206ade877017cafd058c8
98726f9632fa3f6359c2d118f2061241729bcfc9a98563ccb6cf87444d32bd88
9b06698961ffd341fa55203a034f365f30b5ae5ac5c5a38c01ef6a533721b40c
9d1a71851b9c575f7a08134336da7769a379f0db481b058bf45a82d60b7e2ddc
a24dc262ca6db1017f88a6f18786dbb088dce4d06f65ed2b4b43cfd8d0cc618b
a3075e2c162e41c4962a4221ae035dd607d895bd424e87aa4065a044c43763e4
a42d7e3e31574f46088f10ef28941abf54233afa6c88e4c1dbdca1e30f7d1d92
a4ca8d1377ccd3f8b6c41a288a2fbf8101a5cb4cf51202747b706269bece8dbd
a7f76c0835d3a337c354d936e4797b1453457ab37dadb9f99cbf75bc792daede
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af0ad47815cfcb0fc8402cf431dd782af68f2ba05752c66d9bb11a4354f65754
afc9ea91964f1089ed3afcc20604ffa0107862a6d992ddc37ae0d21afa441b70
b0257060098cdc51166f35b62e7dd8f0c5f8d6cfa319901c0c51a629537e02fd
ba11b78c71401e77efe041c42fd9d50277c38a01ca9f377adf9f038338d28cc6
bb54e94c545f03932d631cd985aff128d39396abed2de7cbb522b535493d0262
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd54d3dc95cf10c02ae9f22ec9e0d584284f02c241478074e4caadf5a8f49e6c
c1519dacf01319cb5e0caa709cf1cb40794474a6ca4eb2de3d6fcb86c6157bf5
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef
c23c7b5a64271af443cbff923966e7878bdbe67654ff666c1619e991be666775
c2d8b5ed5baf711d51629607797e32e5ff638637a0091598427eac4908dbae47
c60328c2a2fba270c2fc603e556bb6eb41d10cecac5941dfe54e0c071472cc78
c662a9b742f184dc32f391cb1a7e22636157ef73c441024f8bc217a9d76f744f
c7de89396905b351061b28ada8e81a476206d9fd14e00e010cf71adca05cbb5d
c84f3c933180c0ed1706f8f1923c12fb57a172ebf24c8836491c475918312ff0
c87e0e31334c6998b90c83d48eff6252a248120d32b376414965e1421203c901
cda9b31d709444e003d3adbfbdec43f093e405b36841fde5c1d187e439585219
d0604167abf2874fdbd5b6d19037baba5d36642b21656c3a6ce6cfef5b6ae8a3
d40a41723def70b4af303c98a8269de407ed39586596106e16c9e0be01942d72
d76765387694089266778e153c66e21910ff270859a097830300a10dc13976c2
d86f40d8a4da3814a05593d17079f9a0ae96d32693d925d8d1a03984dfdd8c39
d9576157078dda9a522dad222249eeec6e639a856351b9f09451163cec1828ff
db2af24bfef6358a1c62eb490dcef92470cfd816b84f7fac5c50ae79b1397f81
db41595d2e0dc3c39109915e8858537bdc06d9bf2b4800082478179af14db26b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e16222637c8b4e6d66a3cb4d54f55a24a9140fabd8fdb5895124a2050ab09458
e2003c6297eb3b8cbe99aa25e9953a881081149bfc9817d49e13cf63d23fbd84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e90135befb1cde3a65a625bd4b1947fe8241484d5248194fbb3ab8b3b9912706
eaeb4f0f1808f80c63dfe32e104ca7e0d2f34811e935891f591275d14b1a7826
eb12d13ad02ba7962f843a06b7728b8d136a25182694903a57ff950fed773031
ec3873a49c77ec8a26f8c7a6f60eff1c0a7884459b5f8d2fcef28ef0ce271792
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ed839d9fae4a8e722e9c408c2716a6f1eb789b99ef16722cd39ff4965749d8fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef52ef34f25e761b4c0392f953bdd8d9edda1bc028657df3dd9fdc6438183115
f19b1f14c864b5c91313c4ff558be0405a4912d5f980a75ca55fd9138e2122e2
f25666e0933bf72ec6b39d6fc904783fbf5159b3fad915bdccca1a73e2ca273b
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
f412e2b324d3f4828a4eebd87cbeef91837054dc9cbecee057c2a172ad3287ce
f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed
f527f0504570ea0238ac6eff51a33a70834b3ed3123265351526460cbe0d8d88
f62973e506cd3fa10b2afc34ca1b974a6bb77f39e018690d767beb48481c9db8
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f76e86c6a29453f0e15e74069a1e105af353ff07abaf5b7fdbb599e7c3263741
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
f94ce8666bf003756c16b56edad5a0121b3516222d4f093bdb771afabfb2cc5f
f958b4527bcb3c4da9d038386657b0a8e498e40bb6d5eede4f0a42d4b1503221
f978da291f493e64d4420d2cfab5c2bdc736c53f11c8d61c6da1efdb7df1155d
fa110ac06915e913fea0ad440e557cd75b95101504acc6a865efb5d7f0f34d95
faf835f97585eb330064dc8e8b23593c89ccbaf59ec5dc3fae770ddc6afedbda
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c
fccfcbc28d8356bdb5cf1c1323928aeb3e837f96cca5d64458d495f21f03e357
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.recordedfuture.com Open in urlscan Pro 104.18.13.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

216 Requests

99 %HTTPS

61 %IPv6

34 Domains

45 Subdomains

39 IPs

7 Countries

4213 kBTransfer

10314 kBSize

46 Cookies

61 Outgoing links

Redirected requests

216 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.recordedfuture.com Open in urlscan Pro
104.18.13.124 Public Scan

Screenshot
Live screenshot

Full Image

216
Requests

99 %
HTTPS

61 %
IPv6

34
Domains

45
Subdomains

39
IPs

7
Countries

4213 kB
Transfer

10314 kB
Size

46
Cookies

216 HTTP transactions
6 data transactions