censys.com Open in urlscan Pro
2606:4700::6812:f5b Public Scan

Go To Rescan
Add Verdict Report

URL:
https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Submission: On September 20 via api (September 20th 2024, 12:30:45 pm UTC) from IT — Scanned from IT

Summary HTTP 81 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 21 domains to perform 81 HTTP transactions. The main IP is 2606:4700::6812:f5b, located in United States and belongs to CLOUDFLARENET, US. The main domain is censys.com.
TLS certificate: Issued by E6 on September 14th 2024. Valid for: 3 months.

This is the only time censys.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2606:4700::68... 2606:4700::6812:f5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
7	104.17.71.206 104.17.71.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:1eb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.172.112.32 18.172.112.32	16509 (AMAZON-02) (AMAZON-02)
2	23.192.243.198 23.192.243.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1	199.232.188.157 199.232.188.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	95.101.111.156 95.101.111.156	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
2	172.64.149.114 172.64.149.114	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2a02:26f0:470... 2a02:26f0:4700::17d4:6eb9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	18.172.112.115 18.172.112.115	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.15.91 104.18.15.91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
81	26

26 2606:4700::6812:f5b (United States)

ASN13335 (CLOUDFLARENET, US)

censys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.censys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:1eb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.112.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-112-32.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.192.243.198 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-243-198.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 95.101.111.156 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-156.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.149.114 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

api.weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

120-hwt-117.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:4700::17d4:6eb9 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.172.112.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-112-115.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.15.91 (None, )

ASN13335 (CLOUDFLARENET, US)

censys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	censys.com censys.com go.censys.com	704 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5691 c.6sc.co — Cisco Umbrella Rank: 7155 ipv6.6sc.co — Cisco Umbrella Rank: 5832 b.6sc.co — Cisco Umbrella Rank: 3516	21 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 327 px4.ads.linkedin.com — Cisco Umbrella Rank: 6795	2 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 9115	26 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5505	4 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 6454	62 KB
3	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8293	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	303 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4314	2 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 74	13 KB
2	weglot.com api.weglot.com — Cisco Umbrella Rank: 27405 cdn.weglot.com — Cisco Umbrella Rank: 7203	3 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3674	6 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 932	393 B
1	t.co t.co — Cisco Umbrella Rank: 834	625 B
1	mktoresp.com 120-hwt-117.mktoresp.com	318 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 12740	205 B
1	google.it www.google.it — Cisco Umbrella Rank: 26237	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	241 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4054
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 782	14 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 875	15 KB
81	21

	Domain	Requested by
27	censys.com	censys.com
7	b.6sc.co	censys.com
7	go.censys.com	censys.com go.censys.com
4	cdn.bizible.com	censys.com cdn.bizible.com
3	js.zi-scripts.com	censys.com js.zi-scripts.com
3	px.ads.linkedin.com	1 redirects cdn.bizible.com
3	js.driftt.com	censys.com js.driftt.com
3	tracking.g2crowd.com	censys.com tracking.g2crowd.com
3	www.googletagmanager.com	censys.com www.googletagmanager.com
2	ws.zoominfo.com	js.zi-scripts.com
2	www.youtube.com	www.googletagmanager.com www.youtube.com
2	munchkin.marketo.net	censys.com munchkin.marketo.net
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	analytics.twitter.com	censys.com
1	t.co	censys.com
1	px4.ads.linkedin.com	censys.com
1	120-hwt-117.mktoresp.com	munchkin.marketo.net
1	cdn.bizibly.com	censys.com
1	cdn.weglot.com	censys.com
1	api.weglot.com	censys.com
1	www.google.it	censys.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	j.6sc.co	censys.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
81	27

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
community.censys.com
search.censys.io
support.censys.io
www.linkedin.com
twitter.com
www.facebook.com
censys.io

Subject Issuer	Validity	Valid
censys.com E6	`2024-09-14` - `2024-12-13`	3 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-07` - `2025-07-08`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
go.censys.com E5	`2024-08-07` - `2024-11-05`	3 months	crt.sh
g2crowd.com WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google.it WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
api.weglot.com WE1	`2024-08-29` - `2024-11-27`	3 months	crt.sh
cdn.weglot.com WE1	`2024-08-29` - `2024-11-27`	3 months	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
zi-scripts.com WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Frame ID: 89C0B62E144C635A1FDF11BBDC2BE425
Requests: 75 HTTP requests in this frame

Frame: https://go.censys.com/index.php/form/XDFrame
Frame ID: 8466AC13DFD69840C4B31FE3301D0F4A
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=s776ta4dv7d6&eId=s776ta4dv7d6&region=US&forceShow=false&skipCampaigns=false&sessionId=48240821-83d4-4ff0-be97-f83436b5c56e&sessionStarted=1726835441.431&campaignRefreshToken=9c606302-f258-4a69-9973-0543b7cc25ec&hideController=false&pageLoadStartTime=1726835440074&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F
Frame ID: BF5D44CB038D12EC7613984F9F6A4937
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1726835440074
Frame ID: 7F0EC09111CFB5DDCFA677663CCC6D3E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs | Censys

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

cdn\.weglot\.com
wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

81
Requests

98 %
HTTPS

40 %
IPv6

21
Domains

27
Subdomains

26
IPs

5
Countries

1179 kB
Transfer

2850 kB
Size

29
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/watch?v=axGRggPUZoY

Search URL Search Domain Scan URL

URL: https://community.censys.com/
Title: Community Forum

Search URL Search Domain Scan URL

URL: https://search.censys.io/search/getting-started
Title: Search Documentation

Search URL Search Domain Scan URL

URL: https://support.censys.io/hc/en-us/categories/4405771073812-Censys-Exposure-Management
Title: Attack Surface Management Documentation

Search URL Search Domain Scan URL

URL: https://search.censys.io/
Title: Search Now

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F
Title: Share post on LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F
Title: Share post on Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F
Title: Share post on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/censysio

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/censysio

Search URL Search Domain Scan URL

URL: https://censys.io/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&e_ipv6=AQIrqPUr0ZtYTgAAAZIPab0yrHnTuIZ68a9XhtbqmK7Wo7cYvDxFqa0eEUuOwUqGY7TW6w

81 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/ 101 KB
26 KB 812ms
706ms Document
text/html 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: 854b360b2b7396e5752ad65fbabdd2712fe805d85d467a3478d26abdef185e59

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8c61d3f81a80baa3-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 20 Sep 2024 12:30:40 GMT
link: <https://censys.com/?p=4437>; rel=shortlink
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 6
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine
x-ua-compatible: ie=edge

GET
H2 200 front-css.css
censys.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 77ms
74ms Stylesheet
text/css 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.8
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66aafa97-cca5"
age: 22820
cf-ray: 8c61d3fca9f7baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Thu, 01 Aug 2024 03:01:43 GMT

GET
H2 200 new-flags.css
censys.com/wp-content/plugins/weglot/app/styles/ 86 KB
3 KB 76ms
73ms Stylesheet
text/css 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.2.8
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66aafa97-15817"
age: 333180
cf-ray: 8c61d3fca9fabaa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Thu, 01 Aug 2024 03:01:43 GMT

GET
H2 200 fonts.min.css
censys.com/wp-content/themes/censys/ 1 KB
294 B 77ms
74ms Stylesheet
text/css 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61735c354f9522020636cb3749674af5b076908763062314a9ccf12ab9b216da

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-412"
age: 332983
cf-ray: 8c61d3fca9fcbaa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 tingle.min.css
censys.com/wp-content/themes/censys/ 4 KB
1 KB 77ms
74ms Stylesheet
text/css 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/tingle.min.css?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d914fa0a2c4756184bd0c5eab172e1581a65c7c398af4114eecc9e8d70ed31fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-e35"
age: 332983
cf-ray: 8c61d3fca9febaa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 style.min.css
censys.com/wp-content/themes/censys/ 75 KB
16 KB 77ms
75ms Stylesheet
text/css 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/style.min.css?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53fca8ce164335254bf76f7aa0e045936cc8b5edb9bb48ef7cd67b6e962c5172

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-12ceb"
age: 22820
cf-ray: 8c61d3fcaa00baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 front-js.js Show response
censys.com/wp-content/plugins/weglot/dist/ 5 KB
2 KB 76ms
74ms Script
application/javascript 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/plugins/weglot/dist/front-js.js?ver=4.2.8
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66aafa97-1239"
age: 27050
cf-ray: 8c61d3fcaa01baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Thu, 01 Aug 2024 03:01:43 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 166ms
24ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEF) /

Resource Hash

9be4bb9193ad7f5fc8debf9e923a81c1b9288575b2d87bed8fe4f506ecbb2c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: max-age=86400
content-encoding: gzip
etag: "3222648f7adb1:0"
age: 54837
accept-ranges: bytes
x-cache: HIT
content-length: 25393
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/x-javascript
last-modified: Wed, 18 Sep 2024 20:15:52 GMT
server: ECS (mil/6CEF)
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 323 KB
105 KB 253ms
120ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3SZK44Q2FX

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5927e64e838e2941ad7eec622266ea6aff73ac640161a735d00fe3772f248667

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 20 Sep 2024 12:30:40 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107763
date: Fri, 20 Sep 2024 12:30:40 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 dismiss.svg
censys.com/wp-content/themes/censys/images/ 299 B
250 B 80ms
79ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/dismiss.svg
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 578a885f458cb857b1aa0d8c2bb8f76acc46f4ff7c859ee6f76212af52ce9878

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-12b"
age: 332983
cf-ray: 8c61d3fdabe8baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 menu-open.svg
censys.com/wp-content/themes/censys/images/ 163 B
205 B 83ms
82ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/menu-open.svg
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa0583d1b39b4d6052ce985ff6bc1b3b50571aa8221e084d0b0d497d1f2e9e17

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-a3"
age: 332983
cf-ray: 8c61d3fdabebbaa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 menu-close.svg
censys.com/wp-content/themes/censys/images/ 248 B
240 B 83ms
82ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/menu-close.svg
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d06e53317a7d4edea1408de5bda6ad778d6cc655f95fafd3f59a3ef8f2bcf8c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-f8"
age: 332983
cf-ray: 8c61d3fdabeebaa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 Screenshot-2024-09-19-at-16.06.07.png
censys.com/wp-content/uploads/2024/09/ 184 KB
185 KB 48ms
46ms Image
image/webp 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/uploads/2024/09/Screenshot-2024-09-19-at-16.06.07.png
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 410a37779bb51c865c2d9159bbe4480a40de606224e44380c232aeea5ea7cb75

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66ec8472-71bb9"
age: 20239
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=465849
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/webp
content-disposition: inline; filename="Screenshot-2024-09-19-at-16.webp"
vary: Accept
last-modified: Thu, 19 Sep 2024 20:07:14 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d3fcaa03baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 188542
server: cloudflare

GET
H2 200 Screenshot-2024-09-13-at-10.13.38%E2%80%AFAM.png
censys.com/wp-content/uploads/2024/09/ 49 KB
49 KB 77ms
75ms Image
image/webp 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/uploads/2024/09/Screenshot-2024-09-13-at-10.13.38%E2%80%AFAM.png
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbe4bb9274d95f6958c05affee68228f583ac4289e88ebc66b1901b37d0967b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66e448a3-1b266"
age: 233867
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=111206
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/webp
content-disposition: inline; filename="Screenshot-2024-09-13-at-10.webp"
vary: Accept
last-modified: Fri, 13 Sep 2024 14:13:55 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d3fcaa04baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 49844
server: cloudflare

GET
H2 200 Screenshot-2024-09-13-at-10.01.28%E2%80%AFAM.png
censys.com/wp-content/uploads/2024/09/ 261 KB
262 KB 81ms
77ms Image
image/webp 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/uploads/2024/09/Screenshot-2024-09-13-at-10.01.28%E2%80%AFAM.png
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0d3301424d2af56861cf553a8d2641e4d9ee34b3c7907362ae0dd97caf88a61

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66e445c5-7132d"
age: 20239
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=463661
alt-svc: h3=":443"; ma=86400
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/webp
content-disposition: inline; filename="Screenshot-2024-09-13-at-10.webp"
vary: Accept
last-modified: Fri, 13 Sep 2024 14:01:41 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d3fdabdcbaa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 267690
server: cloudflare

GET
H2 200 forms2.min.js Show response
go.censys.com/js/forms2/js/ 199 KB
67 KB 293ms
57ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/js/forms2/js/forms2.min.js

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2c01002-31b30-61d9f4beb95c0"
age: 2833
x-content-type-options: nosniff
cf-ray: 8c61d3ff2bf50e06-MXP
expires: Fri, 20 Sep 2024 16:30:40 GMT
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/x-javascript
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 chatbox.svg
censys.com/wp-content/themes/censys/images/ 1 KB
633 B 82ms
81ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/chatbox.svg
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3afe8078c0e4c9e6b9a1751a9bc8822bcbbfcede726f40f35232e63bf0d6d4e8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-455"
age: 332983
cf-ray: 8c61d3fdabf0baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 vanilla-marquee.min.js Show response
censys.com/wp-content/themes/censys/js/ 8 KB
2 KB 85ms
81ms Script
application/javascript 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/js/vanilla-marquee.min.js?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e33eafeecba7c7d0296eaa885ff746864e3296c17b2ea3300f5a64c59714365

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-1f82"
age: 332983
cf-ray: 8c61d3fdabe0baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 tingle.min.js Show response
censys.com/wp-content/themes/censys/js/ 7 KB
2 KB 84ms
81ms Script
application/javascript 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/js/tingle.min.js?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca16450b530681d266f31f5b37686d5d6b1e6fdebc6ec667939a50847a523322

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-1d49"
age: 332983
cf-ray: 8c61d3fdabe3baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 scripts.min.js Show response
censys.com/wp-content/themes/censys/js/ 15 KB
3 KB 83ms
79ms Script
application/javascript 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/js/scripts.min.js?ver=1718766520
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 197473a3d655b7d39c00b67dc2897cdcc6c4662d6c09e2f983ef0ef7ae4f99e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-3b78"
age: 333180
cf-ray: 8c61d3fdabe4baa3-MXP
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 332 KB
93 KB 171ms
40ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M8HBC4P

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4aa1b3886630b31d235210944569430867f40cf8e1a8df7377c2a72d8f98db8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: br
expires: Fri, 20 Sep 2024 12:30:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 20 Sep 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 94457
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 1010467.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 162ms
92ms Script
text/javascript 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010467.js?p=https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/&e=

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b765d3fb1a12b3daa46c1e73d9c96462f630f3b951f0c1d6cb4a95f778058c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8c61d3fe1dfa0d5f-MXP
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 s776ta4dv7d6.js Show response
js.driftt.com/include/1726835700000/ 221 KB
62 KB 396ms
259ms Script
application/javascript 18.172.112.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1726835700000/s776ta4dv7d6.js

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.172.112.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-112-32.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a9c06804242819b18af434dfa96d939ba88510b3982da0e1691a23c48db42a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: gzip
x-amz-version-id: a4k69WVWquQ1jW2_kBtTfxPdsnon1ibv
etag: W/"7cbd84669081c065085f24294606507a"
access-control-allow-methods: GET, POST, OPTIONS
x-cache: Miss from cloudfront
x-amz-cf-id: tzqYRYFkfMcl-VhSWioIFmlMHXSRCKGitehOA3rV-jwIPteuYy0Gyw==
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 10 Sep 2024 16:08:07 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 30
access-control-allow-credentials: true
via: 1.1 df64c46f895e81567061da0488368914.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P8
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 284ms
50ms Script
application/x-javascript 23.192.243.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.192.243.198 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-192-243-198.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

Content-Encoding: gzip
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Fri, 20 Sep 2024 12:30:40 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 menu-arrow.svg
censys.com/wp-content/themes/censys/images/ 146 B
202 B 81ms
81ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/menu-arrow.svg
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/style.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69ecfe6c86238fb1047ef573209cde5270bdf40471a961d0908c9ced9e9ca93c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/wp-content/themes/censys/style.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-92"
age: 332217
cf-ray: 8c61d3fdbbf4baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 poppins-v15-latin-300.woff2
censys.com/wp-content/themes/censys/fonts/ 8 KB
8 KB 85ms
84ms Font
font/woff2 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/fonts/poppins-v15-latin-300.woff2
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://censys.com
Referer: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66724bb8-1ea8"
age: 332293
cf-ray: 8c61d3fdfc72baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7848
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: font/woff2
last-modified: Wed, 19 Jun 2024 03:08:40 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 poppins-v15-latin-500.woff2
censys.com/wp-content/themes/censys/fonts/ 8 KB
8 KB 61ms
60ms Font
font/woff2 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/fonts/poppins-v15-latin-500.woff2
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://censys.com
Referer: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66724bb8-1e60"
age: 332293
cf-ray: 8c61d3fdfc74baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7776
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: font/woff2
last-modified: Wed, 19 Jun 2024 03:08:40 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 poppins-v15-latin-300italic.woff2
censys.com/wp-content/themes/censys/fonts/ 8 KB
9 KB 59ms
59ms Font
font/woff2 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/fonts/poppins-v15-latin-300italic.woff2
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fe15236efa2c9099b9216ffaf5156f07b4cf03aea8b8ff25a94b514f3773341

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://censys.com
Referer: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66724bb8-21fc"
age: 332293
cf-ray: 8c61d3fdfc77baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8700
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: font/woff2
last-modified: Wed, 19 Jun 2024 03:08:40 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 poppins-v15-latin-600.woff2
censys.com/wp-content/themes/censys/fonts/ 8 KB
8 KB 60ms
60ms Font
font/woff2 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/themes/censys/fonts/poppins-v15-latin-600.woff2
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://censys.com
Referer: https://censys.com/wp-content/themes/censys/fonts.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66724bb8-1f34"
age: 20239
cf-ray: 8c61d3fdfc7bbaa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7988
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: font/woff2
last-modified: Wed, 19 Jun 2024 03:08:40 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 logo.svg
censys.com/wp-content/themes/censys/images/ 6 KB
3 KB 63ms
61ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/logo.svg
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c43394f4833460b982b1e2281cc4ec5782f9469daa5e791c62320f8de771fdf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-18a3"
age: 332983
cf-ray: 8c61d3fdfc83baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H2 200 Untitled-design-5.png
censys.com/wp-content/uploads/2022/05/ 34 KB
34 KB 83ms
82ms Image
image/webp 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/uploads/2022/05/Untitled-design-5.png
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c5db21aac74060ab969f0e3416f7625854f1feeec4583f1e72e29f8f356a1cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66724bb6-e1c3"
age: 244915
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=57795
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/webp
content-disposition: inline; filename="Untitled-design-5.webp"
vary: Accept
last-modified: Wed, 19 Jun 2024 03:08:38 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d3fdfc86baa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34456
server: cloudflare

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 160ms
143ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010467.js?p=https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZobiSbFQ2byyG96R
Referer: https://censys.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 323 KB
105 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3SZK44Q2FX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8HBC4P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ed27d29784421d0c2bdfce80661be8813d92a48de8b16f5eca9b3b61d732117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 20 Sep 2024 12:30:40 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107555
date: Fri, 20 Sep 2024 12:30:40 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 140ms
39ms Script
application/javascript 199.232.188.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8HBC4P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15412
date: Fri, 20 Sep 2024 12:30:40 GMT
x-tw-cdn: FT
last-modified: Thu, 04 Apr 2024 00:26:35 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kcgs7200164-IAD, cache-muc13941-MUC
x-amz-server-side-encryption: AES256

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 134ms
39ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8HBC4P

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=57584
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 20 Sep 2024 12:30:40 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 187ms
52ms Script
application/javascript 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66e78018-111cd"
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 15:30:40 GMT
accept-ranges: bytes
content-length: 18822
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Mon, 16 Sep 2024 00:47:20 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 40ms
40ms Script
application/x-javascript 23.192.243.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.192.243.198 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-192-243-198.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection: keep-alive
Expires: Sun, 29 Dec 2024 12:30:40 GMT
Accept-Ranges: bytes
Content-Length: 4741
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Fri, 20 Sep 2024 12:30:40 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 125ms
44ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3SZK44Q2FX&gtm=45je49j0v9132170779z8831989738za200zb831989738&_p=1726835440244&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1503702560.1726835441&ul=it-it&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1726835440&sct=1&seg=0&dl=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&dt=Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1341
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3SZK44Q2FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://censys.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
241 B 161ms
54ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3SZK44Q2FX&cid=1503702560.1726835441&gtm=45je49j0v9132170779z8831989738za200zb831989738&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3SZK44Q2FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://censys.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ga-audiences
www.google.it/ads/ 42 B
408 B 208ms
80ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3SZK44Q2FX&cid=1503702560.1726835441&gtm=45je49j0v9132170779z8831989738za200zb831989738&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=171481702

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 20 Sep 2024 12:30:40 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 getForm Show response
go.censys.com/index.php/form/ 18 KB
4 KB 158ms
140ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.censys.com/index.php/form/getForm?munchkinId=120-HWT-117&form=1156&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&callback=jQuery371032069467815541786_1726835440569&_=1726835440570
Requested by: Host: go.censys.com
URL: https://go.censys.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d09f16afb0622a6ee61e1c676a73e7190096a7f3e79c5872c7061985bd436f2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cf-ray: 8c61d4000cfa0e06-MXP
cached: true
content-encoding: gzip
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare

POST
H3 200 pageviews Show response
api.weglot.com/ 2 B
1 KB 184ms
108ms XHR
application/json 172.64.149.114
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.weglot.com/pageviews?api_key=wg_61934053291864b079a9288b000dbf273

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.149.114 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .weglot.com; base-uri 'self'; connect-src 'self' ; font-src 'self' cdn.jsdelivr.net https://fonts.gstatic.com data:; form-action 'self' .weglot.com announcekit.app; frame-src 'self' .weglot.io announcekit.app https://www.google.com https://js.stripe.com https://app.goentri.com https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://js.refiner.io blob:; img-src 'self' * data: blob:; object-src 'none'; media-src 'self' blob:; script-src 'nonce-d5fd827d45f6b7584a6633dc15a8ca26' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.weglot.com https://app.productfruits.com; worker-src 'self' blob:; block-all-mixed-content;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3bd6aeebbc69014092e8cc554aa628f3&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod;frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://censys.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:40 GMT
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/json
x-frame-options: SAMEORIGIN
access-control-allow-headers: Content-Type, Weglot-Source, Authorization
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' *.weglot.com; base-uri 'self'; connect-src 'self' *; font-src 'self' cdn.jsdelivr.net https://fonts.gstatic.com data:; form-action 'self' *.weglot.com announcekit.app; frame-src 'self' *.weglot.io announcekit.app https://www.google.com https://js.stripe.com https://app.goentri.com https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://js.refiner.io blob:; img-src 'self' * data: blob:; object-src 'none'; media-src 'self' blob:; script-src 'nonce-d5fd827d45f6b7584a6633dc15a8ca26' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.weglot.com https://app.productfruits.com; worker-src 'self' blob:; block-all-mixed-content;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3bd6aeebbc69014092e8cc554aa628f3&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod;frame-ancestors 'none';
cache-control: max-age=0, must-revalidate, no-store, private
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8c61d40069d7524f-MXP
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(self), magnetometer=(), microphone=(), midi=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), hid=(), idle-detection=(), serial=()
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 mag-gray.svg
censys.com/wp-content/themes/censys/images/ 450 B
383 B 72ms
54ms Image
image/svg+xml 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/themes/censys/images/mag-gray.svg
Requested by: Host: censys.com
URL: https://censys.com/wp-content/themes/censys/style.min.css?ver=1718766520
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78539280f0caa07d88858fbcb3f423e1c9034bb3fb785ca124a6fef177b0280c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/wp-content/themes/censys/style.min.css?ver=1718766520

Response headers

cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"66724bb8-1c2"
age: 22820
cf-ray: 8c61d4000809baa3-MXP
access-control-allow-origin: *
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 19 Jun 2024 03:08:40 GMT

GET
H3 200 us.svg
cdn.weglot.com/flags/rectangle_mat/ 4 KB
1 KB 108ms
48ms Image
image/svg+xml 172.64.149.114
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.weglot.com/flags/rectangle_mat/us.svg

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.149.114 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13f37fb251c977ec5699cf416c01dbf115409267e9d668223a0ab5d4c3b32b74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"d28feaeefc98358bcc1d3b48048c495d"
age: 17242227
x-content-type-options: nosniff
expires: Sat, 20 Sep 2025 12:30:40 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: UuVyLMqXInrMcvaSpozaqfUywep62FosGSlM4Qmg9OE1e6dPRO448Q==
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/svg+xml; charset=utf-8
last-modified: Fri, 16 Feb 2024 16:04:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 4dd111c814b0b5cf8bf82e59008da624.cloudfront.net (CloudFront)
cf-ray: 8c61d4005df40dc5-MXP
x-amz-cf-pop: CDG50-C2
server: cloudflare

GET
H2 200 wgarrowdown.png
censys.com/wp-content/plugins/weglot/dist/images/ 110 B
264 B 70ms
53ms Image
image/webp 2606:4700::6812:f5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://censys.com/wp-content/plugins/weglot/dist/images/wgarrowdown.png
Requested by: Host: censys.com
URL: https://censys.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88e6089311b7c99457a011819b754c7a3bcbbd6d78aa9914c56d870e21f5932a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.8

Response headers

cf-bgj: imgq:100,h2pri
etag: "66aafa97-a4"
age: 332982
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=164
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/webp
content-disposition: inline; filename="wgarrowdown.webp"
vary: Accept
last-modified: Thu, 01 Aug 2024 03:01:43 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d400180dbaa3-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 110
server: cloudflare

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 168ms
56ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3SZK44Q2FX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c72baa546b07c7eb296c3b83867d1dc7105a9e78722916e4fdbb84bd25fe664

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: br
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options: nosniff
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires: Fri, 20 Sep 2024 12:30:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=it for more info."
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport
cache-control: private, max-age=0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
x-xss-protection: 0
server: ESF

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 360ms
343ms Ping
text/html 2606:4700::6812:1eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010467.js?p=https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4n4O2nQQV8eEseMD
Referer: https://censys.com/

Response headers

GET
H2 200 ipv
cdn.bizible.com/ 43 B
305 B 36ms
32ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=e8407e1d9ea44923b24b0df8b95db065&_biz_l=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&_biz_t=1726835440461&_biz_i=Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys&_biz_n=0&rnd=938730&cdn_o=a&_biz_z=1726835440619

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CE9) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 573308
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/gif
last-modified: Fri, 13 Sep 2024 21:15:32 GMT
server: ECS (mil/6CE9)

GET
H2 200 u
cdn.bizibly.com/ 43 B
205 B 70ms
33ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=e8407e1d9ea44923b24b0df8b95db065&_biz_l=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&_biz_t=1726835440620&_biz_i=Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys&rnd=587849&cdn_o=a&_biz_z=1726835440620

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEB) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 573277
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/gif
last-modified: Fri, 13 Sep 2024 21:16:03 GMT
server: ECS (mil/6CEB)

POST
H/1.1 200
OK visitWebPage
120-hwt-117.mktoresp.com/webevents/ 2 B
318 B 813ms
130ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://120-hwt-117.mktoresp.com/webevents/visitWebPage?_mchNc=1726835440638&_mchCn=&_mchId=120-HWT-117&_mchTk=_mch-censys.com-1726835440636-51303&_mchHo=censys.com&_mchPo=&_mchRu=%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: 1c234528-6969-47f7-adac-008ab7e996f8
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Fri, 20 Sep 2024 12:30:41 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
325 B 364ms
360ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=e8407e1d9ea44923b24b0df8b95db065&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.09.18

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF9) /

Resource Hash

8738a739bc53f1ea0598d912e7387c1b0e042c2846b6e82e6d116c6180b2582f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: FDED23F7
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 218
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: ECS (mil/6CF9)

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 314ms
218ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://censys.com/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 0006228c3509d9de7a6b7fa64b1938bb
x-msedge-ref: Ref A: C7C1C77F7D444BD480425282F1300538 Ref B: MIL30EDGE1010 Ref C: 2024-09-20T12:30:40Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYijDUJ2d56a3+mSxk4uw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-io...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-i...

0
265 B

287ms
201ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&e_ipv6=AQIrqPUr0ZtYTgAAAZIPab0yrHnTuIZ68a9XhtbqmK7Wo7cYvDxFqa0eEUuOwUqGY7TW6w
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B8042806231448289A7BD47906711E42 Ref B: MRS20EDGE0114 Ref C: 2024-09-20T12:30:41Z
x-li-fabric: prod-lor1
x-li-uuid: AAYijDUPsqWGdwxqU0MPUA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=861546&time=1726835440701&url=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&e_ipv6=AQIrqPUr0ZtYTgAAAZIPab0yrHnTuIZ68a9XhtbqmK7Wo7cYvDxFqa0eEUuOwUqGY7TW6w
x-msedge-ref: Ref A: 84518BC9A0534CF7B4266A9D1AD2E3B3 Ref B: MIL30EDGE0907 Ref C: 2024-09-20T12:30:40Z
x-li-fabric: prod-lor1
x-li-uuid: AAYijDUK6IpJp+CfAl+NAg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 20 Sep 2024 12:30:40 GMT

GET
H2 200 adsct
t.co/i/ 43 B
625 B 339ms
269ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=1c9ab9b9-e43c-43f0-897d-23b33434f0bd&events=%5B%5B%22download%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7f19d989-dc60-4b65-ba90-35964d71e1d2&tw_document_href=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1dps&type=javascript&version=2.3.30

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 00bc3acc1b2899bb
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 9207b4b84cb7b8ce430d6191113ce52926fcace3a82730b473751230a774c6a9
cf-cache-status: DYNAMIC
cf-ray: 8c61d400fbe1bb1f-MXP
x-response-time: 182
content-length: 43
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_o

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
393 B 263ms
152ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=1c9ab9b9-e43c-43f0-897d-23b33434f0bd&events=%5B%5B%22download%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7f19d989-dc60-4b65-ba90-35964d71e1d2&tw_document_href=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1dps&type=javascript&version=2.3.30

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 6dc8d5c159aad270
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 760c11ca7e8971826f0d37745ca24ce3c7b5cb8f6f243db642103de5dbdaedb5
x-response-time: 112
content-length: 43
date: Fri, 20 Sep 2024 12:30:40 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_o

GET
H2 200 / Show response
c.6sc.co/ 7 B
189 B 51ms
41ms XHR
text/html 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://censys.com
content-length: 7
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 18 B
304 B 162ms
49ms XHR
text/html 2a02:26f0:4700::17d4:6eb9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:4700::17d4:6eb9 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: aa57d9d47b3eb3d9ba0b3af49f802c74a26e07cb651f046bfad8bdd1c75a7933

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2001:ac8:24:44::16
expires: Fri, 20 Sep 2024 12:30:40 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1726835440856_399797900_824937171_26_1484_42_56_219";dur=1
access-control-allow-origin: https://censys.com
content-length: 18
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 161ms
140ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A40%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&v=1.1.27

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:40 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 162ms
141ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2020%20Sep%202024%2012%3A30%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208c0b745eeb641321e1a8170af700d2a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2020%20Sep%202024%2012%3A30%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2020%20Sep%202024%2012%3A30%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&v=1.1.27

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:40 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 forms2.css
go.censys.com/js/forms2/css/ 13 KB
3 KB 52ms
51ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/js/forms2/css/forms2.css

Requested by

Host: go.censys.com
URL: https://go.censys.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2c00ffa-3437-61d9f4beb95c0"
age: 2832
x-content-type-options: nosniff
cf-ray: 8c61d400fe570e06-MXP
expires: Fri, 20 Sep 2024 16:30:40 GMT
accept-ranges: bytes
content-length: 2623
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2-theme-plain.css
go.censys.com/js/forms2/css/ 828 B
331 B 66ms
65ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.censys.com
URL: https://go.censys.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "14b915-33c-61d9f4beb95c0"
age: 2833
x-content-type-options: nosniff
cf-ray: 8c61d400fe590e06-MXP
expires: Fri, 20 Sep 2024 16:30:40 GMT
accept-ranges: bytes
content-length: 246
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: text/css
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 getKnownLead Show response
go.censys.com/index.php/form/ 49 B
280 B 423ms
422ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/index.php/form/getKnownLead?form=1156&lpId=&munchkinId=120-HWT-117&filledFields=true&_mkt_trk=id%3A120-HWT-117%26token%3A_mch-censys.com-1726835440636-51303&callback=jQuery371032069467815541786_1726835440569&_=1726835440571

Requested by

Host: go.censys.com
URL: https://go.censys.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19d09129e81d0e7db0a9400f9a9dd46b108094255196f1d5b411e577c2ff9463

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cf-ray: 8c61d400fe5b0e06-MXP
content-encoding: gzip
cf-cache-status: DYNAMIC
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: application/javascript; charset=utf-8
server: cloudflare
x-content-type-options: nosniff

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/ 32 KB
11 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27eb1b9a227db9b8b8dd07c09160caadb713fcf58cb80a6fd5eea7ccc7c68bd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: br
age: 4788
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options: nosniff
expires: Sat, 20 Sep 2025 11:10:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Sep 2024 11:10:52 GMT
last-modified: Wed, 18 Sep 2024 04:15:59 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
content-length: 10743
x-xss-protection: 0
server: sffe

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 146ms
146ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A24%3A44%3A%3A16%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&ipv6=2001%3Aac8%3A24%3A44%3A%3A16&v=1.1.27

Requested by

Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:41 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 XDFrame Show response
go.censys.com/index.php/form/ Frame 8466 2 KB
732 B 153ms
151ms Document
text/html 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/index.php/form/XDFrame

Requested by

Host: go.censys.com
URL: https://go.censys.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8731bec2163ff4226b797a600f8ceb62941f7d688213236c5e8f23563800afe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://censys.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8c61d403da080e06-MXP
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 20 Sep 2024 12:30:41 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
192 B 246ms
244ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://censys.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: FDA594D0D6024807BAAE7A5953076D8B Ref B: MIL30EDGE0907 Ref C: 2024-09-20T12:30:41Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYijDUS78bmLuZxXHFy3w==
x-li-proto: http/2
access-control-allow-origin: https://censys.com
x-cache: CONFIG_NOCACHE
date: Fri, 20 Sep 2024 12:30:40 GMT
vary: Origin

GET
H2 200 forms2.min.js Show response
go.censys.com/js/forms2/js/ Frame 8466 199 KB
0 0ms
0ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.censys.com/js/forms2/js/forms2.min.js

Requested by

Host: go.censys.com
URL: https://go.censys.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://go.censys.com/index.php/form/XDFrame

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2c01002-31b30-61d9f4beb95c0"
age: 2833
x-content-type-options: nosniff
cf-ray: 8c61d3ff2bf50e06-MXP
expires: Fri, 20 Sep 2024 16:30:40 GMT
date: Fri, 20 Sep 2024 12:30:40 GMT
content-type: application/x-javascript
last-modified: Fri, 19 Jul 2024 20:11:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 core
js.driftt.com/ Frame BF5D 0
0 506ms
408ms Document
text/html 18.172.112.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=s776ta4dv7d6&eId=s776ta4dv7d6&region=US&forceShow=false&skipCampaigns=false&sessionId=48240821-83d4-4ff0-be97-f83436b5c56e&sessionStarted=1726835441.431&campaignRefreshToken=9c606302-f258-4a69-9973-0543b7cc25ec&hideController=false&pageLoadStartTime=1726835440074&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1726835700000/s776ta4dv7d6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.172.112.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-112-115.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://censys.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 20 Sep 2024 12:30:41 GMT
etag: W/"7fa6273776a10e1cff36c7df5a64a35b"
last-modified: Tue, 10 Sep 2024 16:07:57 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 84c3894c21a4640fb5c0efcf95646dca.cloudfront.net (CloudFront)
x-amz-cf-id: neugNoQhVFUMrL3LApTyH-QT1YzURsp4wpRVAqRiPFofSoK1sF7H6g==
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5ufFSgiGhxIMl_WU.GqRDbmBkzut3.t
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat
js.driftt.com/core/ Frame 7F0E 0
0 251ms
155ms Document
text/html 18.172.112.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1726835440074

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1726835700000/s776ta4dv7d6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.172.112.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-112-115.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://censys.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 20 Sep 2024 12:30:41 GMT
etag: W/"7fa6273776a10e1cff36c7df5a64a35b"
last-modified: Tue, 10 Sep 2024 16:07:57 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 84c3894c21a4640fb5c0efcf95646dca.cloudfront.net (CloudFront)
x-amz-cf-id: vM1P4wBORrb3ZI1nhJUX0yUCyEqchldHsW69J8wLx9NEWeKL4KcsPg==
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5ufFSgiGhxIMl_WU.GqRDbmBkzut3.t
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 88ms
44ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: censys.com
URL: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 23105
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: LL9tAXqeR-R0TYc0yPaSgiE32DnC1iXybD4ex7MrjaJAmu5l0EP5Aw==
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
via: 1.1 8b15d366b8a05fea04eb2afabb997d46.cloudfront.net (CloudFront)
cf-ray: 8c61d4055a190e41-MXP
x-amz-cf-pop: MXP63-P4
server: cloudflare

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
518 B 488ms
487ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c193a10889028d6c095c7d2658a3a6e5e805922d9c1d7f6253008e360e283f55

Request headers

Authorization: Bearer e5cf445bd11680826611
Referer: https://censys.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

server: cloudflare
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"96-1YrujyLc1HhI7nx3JKw2e0S2OKg"
via: 1.1 0f03c98743d9ffe79330c1f694241fc2.cloudfront.net (CloudFront)
cf-ray: 8c61d40749e20e69-MXP
apigw-requestid: eZ2l1hN4vHcEP8A=
access-control-allow-origin: https://censys.com
x-cache: Miss from cloudfront
x-amz-cf-id: N_cNHz9twU9Qag9bzkublhlOqQSPemyLTqo0AZxpTx4r5-7kELof9Q==
date: Fri, 20 Sep 2024 12:30:42 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
vary: Origin
x-amz-cf-pop: MXP63-P4

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 256ms
226ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://censys.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://censys.com
apigw-requestid: eZ2lzhezvHcEStg=
cf-cache-status: DYNAMIC
cf-ray: 8c61d405df050e69-MXP
date: Fri, 20 Sep 2024 12:30:41 GMT
server: cloudflare
vary: Origin
via: 1.1 e57379aeeaf825df3f0a6972a5cb719c.cloudfront.net (CloudFront)
x-amz-cf-id: vAksJQFtVWiG66OBEf1755YMeohNhUarTUAwUL7iIDOY2BbJ0G7liQ==
x-amz-cf-pop: MXP63-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 u
cdn.bizible.com/ 43 B
109 B 25ms
24ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/u?mapType=mkto&mapValue=id%3A120-HWT-117%26token%3A_mch-censys.com-1726835440636-51303&_biz_u=e8407e1d9ea44923b24b0df8b95db065&_biz_l=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&_biz_t=1726835441621&_biz_i=Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys&_biz_n=1&rnd=411417&cdn_o=a&_biz_z=1726835441621

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEB) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 573278
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: image/gif
last-modified: Fri, 13 Sep 2024 21:16:03 GMT
server: ECS (mil/6CEB)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 142ms
142ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A40%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&ipv6=2001%3Aac8%3A24%3A44%3A%3A16&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:41 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:41 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 cropped-Censys-Square-Icon-32x32.png
censys.com/wp-content/uploads/2022/03/ 748 B
1 KB 39ms
39ms Other
image/webp 104.18.15.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://censys.com/wp-content/uploads/2022/03/cropped-Censys-Square-Icon-32x32.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.15.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e1520546dbd369cdd78b359f79a3f449e28d799db111fe7069dc961a00abe15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66724bb7-513"
age: 332983
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=1299
date: Fri, 20 Sep 2024 12:30:42 GMT
content-type: image/webp
content-disposition: inline; filename="cropped-Censys-Square-Icon-32x32.webp"
vary: Accept
last-modified: Wed, 19 Jun 2024 03:08:39 GMT
cache-control: public, max-age=31536000
cf-ray: 8c61d4097d2b0f7e-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 748
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/6553ddb4a5e753ac3f0ffbfb/ 3 KB
2 KB 285ms
251ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6553ddb4a5e753ac3f0ffbfb/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d5938dfeeb4e54b883b25c07be9b215d19109c156bfbbaa72fbbed7a59d8a333

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 759d26bb8e1dbf37e07e1726835441
_vtok: MTkyLjE0NS4xMjcuMjE1
visited-url: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Referer: https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8c61d40c9b164c3f-MXP
access-control-allow-origin: https://censys.com
date: Fri, 20 Sep 2024 12:30:42 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/6553ddb4a5e753ac3f0ffbfb/ Frame 0
0 321ms
173ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6553ddb4a5e753ac3f0ffbfb/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://censys.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://censys.com
allow: GET,HEAD
cf-cache-status: DYNAMIC
cf-ray: 8c61d40b4be35a37-MXP
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 20 Sep 2024 12:30:42 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 150ms
149ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&ipv6=2001%3Aac8%3A24%3A44%3A%3A16&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:42 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:42 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
BLOB 200
OK daa2c17f-a664-4e5f-8661-29be72195657 Show response
https://censys.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://censys.com/daa2c17f-a664-4e5f-8661-29be72195657
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5938dfeeb4e54b883b25c07be9b215d19109c156bfbbaa72fbbed7a59d8a333

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3033

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 191ms
190ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A42%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&ipv6=2001%3Aac8%3A24%3A44%3A%3A16&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:43 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:43 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 156ms
155ms Image
image/gif 95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08c0b745eeb641321e1a8170af700d2a&svisitor=null&visitor=39fedbcf-b17e-4421-810c-a6ef0fdb0c51&session=55fda0f1-286e-498e-84a9-fb55debdeaf4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2020%20Sep%202024%2012%3A30%3A43%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20Censys%20investigated%20cyber%20threat%20actor%20group%20Fox%20Kitten%20using%20a%20historical%2C%20global%20internet%20perspective%20to%20analyze%20IOC%20profiles.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20Fox%20Kitten%20Infrastructure%20Reveals%20Unique%20Host%20Patterns%20and%20Potentially%20New%20IOCs%20%7C%20Censys%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcensys.com%2Fanalysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs%2F&pageViewId=9ae63ba1-26a5-476e-805c-2e9e7124c4c6&ipv6=2001%3Aac8%3A24%3A44%3A%3A16&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://censys.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 12:30:44 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 20 Sep 2024 12:30:44 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.g2crowd.com/	1970-01-20 23:40:37	Name: __cf_bm Value: N7rmvr4w8CaalegTCsPQs2fW5BCzLE9YGdJQhd6ndyE-1726835440-1.0.1.1-B2QPu0sueAROKoxMYWS.59Qr.FHJKyq7oumMyO_OzzCd.nkqY6ksk8iFIt189T98jqjQSjJBhLYWvadkZCS4YA
.censys.com/	1970-01-21 08:26:11	Name: _biz_uid Value: e8407e1d9ea44923b24b0df8b95db065
.go.censys.com/	1970-01-20 23:40:37	Name: __cf_bm Value: Dy46Kiqm61pwqUrpodHHiGH3Zf3P8VCeyfcClOXoN7w-1726835440-1.0.1.1-EsW7uTaKNX5Nx0tSLBJPsSDtRre2ZBB6z9BCl.cCJI2r5WRBfdDET90MZlQCIvhKt7SitUSQpjdyoqVzCBWhqA
.censys.com/	1970-01-21 09:16:35	Name: _ga_3SZK44Q2FX Value: GS1.1.1726835440.1.0.1726835440.60.0.0
.censys.com/	1970-01-21 09:16:35	Name: _ga Value: GA1.1.1503702560.1726835441
.censys.com/	1970-01-21 09:16:35	Name: _mkto_trk Value: id:120-HWT-117&token:_mch-censys.com-1726835440636-51303
.bizible.com/	1970-01-21 08:26:11	Name: _BUID Value: e8407e1d9ea44923b24b0df8b95db065
.bizibly.com/	1970-01-21 08:26:11	Name: _BUID Value: 76f5d58ae503a4ba06033499eedb7e06
censys.com/	1970-01-21 09:16:35	Name: _gd_visitor Value: 39fedbcf-b17e-4421-810c-a6ef0fdb0c51
censys.com/	1970-01-20 23:40:49	Name: _gd_session Value: 55fda0f1-286e-498e-84a9-fb55debdeaf4
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: vs_oBb48DNU
.youtube.com/	1970-01-21 03:59:47	Name: VISITOR_INFO1_LIVE Value: 3zxSe3-1DvM
.youtube.com/	1970-01-21 03:59:47	Name: VISITOR_PRIVACY_METADATA Value: CgJJVBIcEhgSFhMLFBUWFwwYGRobHB0eHw4PIBAREiEgZQ%3D%3D
.twitter.com/	1970-01-21 09:16:35	Name: personalization_id Value: "v1_UQbT1HEQ1liE98od7GPKEw=="
.t.co/	1970-01-21 09:16:35	Name: muc_ads Value: fa4480ca-0e43-42ea-a829-c77139852e20
.t.co/	1970-01-20 23:40:37	Name: __cf_bm Value: v7CHmHR2nAmxRMRkOdoo48amEX0tU1IqXKUVF1uxaSA-1726835441-1.0.1.1-GDeVe9JbVaPxsYckj4.5Y9ZBcyJEKn4QOKNqhLlB2s7SYfqJDew.CvepmNYXt7G6cHhR8C1xqOYAHaeF3OQ_nQ
.linkedin.com/	1970-01-21 08:26:11	Name: bcookie Value: "v=2&5340002f-e51d-4bd1-8d7a-78f21e841ee7"
.linkedin.com/	1970-01-21 03:59:47	Name: li_gc Value: MTswOzE3MjY4MzU0NDA7MjswMjHerxSD+unUSNnNiBNyANQc08RKSi4uW/7GqLw2ogFIOQ==
.linkedin.com/	1970-01-20 23:42:01	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2987:u=1:x=1:i=1726835440:t=1726921840:v=2:sig=AQElPD-Ok-H9tXrP1kqRhY3vH4nnQ_rJ"
go.censys.com/	1969-12-31 23:59:59	Name: BIGipServerab57web-nginx-app_https Value: !cAEEwovanMdoiruwZJ6CmE6tjLF6/xFFfyoCy85N4Bx4gN6hB0LZRdYs9GPKDKsfmGukItKKVMiwUNw=
censys.com/	1970-01-20 23:40:37	Name: drift_campaign_refresh Value: 9c606302-f258-4a69-9973-0543b7cc25ec
.censys.com/	1970-01-21 08:26:11	Name: _biz_nA Value: 2
.censys.com/	1970-01-21 08:26:11	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%2C%22Mkto%22%3A%221%22%7D
.censys.com/	1970-01-21 08:26:11	Name: _biz_pendingA Value: %5B%5D
.censys.com/	1970-01-21 08:26:11	Name: _zitok Value: 759d26bb8e1dbf37e07e1726835441
censys.com/	1970-01-21 09:16:35	Name: drift_aid Value: f3e448a8-eadd-4409-9dbe-1bd3e337d765
censys.com/	1970-01-21 09:16:35	Name: driftt_aid Value: f3e448a8-eadd-4409-9dbe-1bd3e337d765
.zoominfo.com/	1970-01-20 23:40:37	Name: __cf_bm Value: jsV85weWtHOwVDxXGpMLFlMJLSzFU1O3fmCuo4HC_Qw-1726835442-1.0.1.1-zVQHyVHDsTrfiqd2F9B73foO6VP3ZVC06JlccPcYrDxujniiWin1WeZR3R6O4oE0GjCp5OqiDIUosYA2Rl9u8A
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: HHQCV24jcfe.qC1Xoy4Zu7K.Ir9qIrUmyO0AgJu06sQ-1726835442874-0.0.1.1-604800000

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').
security	warning	URL: https://www.youtube.com/s/player/a9d81eca/www-widgetapi.vflset/www-widgetapi.js(Line 209) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube-nocookie.com') does not match the recipient window's origin ('https://censys.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

120-hwt-117.mktoresp.com
analytics.twitter.com
api.weglot.com
b.6sc.co
c.6sc.co
cdn.bizible.com
cdn.bizibly.com
cdn.weglot.com
censys.com
go.censys.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tracking.g2crowd.com
ws.zoominfo.com
www.google.it
www.googletagmanager.com
www.youtube.com
104.16.118.43
104.17.71.206
104.18.15.91
104.244.42.195
13.107.42.14
152.195.15.58
162.159.140.229
172.64.149.114
172.64.150.44
18.172.112.115
18.172.112.32
192.28.144.124
199.232.188.157
2001:4860:4802:34::36
23.192.243.198
2606:4700::6812:1eb0
2606:4700::6812:f5b
2620:1ec:21::14
2a00:1450:4001:811::200e
2a00:1450:4001:812::2008
2a00:1450:4001:81d::2003
2a00:1450:400c:c00::9c
2a02:26f0:3500:10::210:a9a
2a02:26f0:4700::17d4:6eb9
95.101.111.156
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
0c5db21aac74060ab969f0e3416f7625854f1feeec4583f1e72e29f8f356a1cb
13f37fb251c977ec5699cf416c01dbf115409267e9d668223a0ab5d4c3b32b74
197473a3d655b7d39c00b67dc2897cdcc6c4662d6c09e2f983ef0ef7ae4f99e3
19d09129e81d0e7db0a9400f9a9dd46b108094255196f1d5b411e577c2ff9463
1fe15236efa2c9099b9216ffaf5156f07b4cf03aea8b8ff25a94b514f3773341
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
27eb1b9a227db9b8b8dd07c09160caadb713fcf58cb80a6fd5eea7ccc7c68bd4
2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
3afe8078c0e4c9e6b9a1751a9bc8822bcbbfcede726f40f35232e63bf0d6d4e8
3ed27d29784421d0c2bdfce80661be8813d92a48de8b16f5eca9b3b61d732117
410a37779bb51c865c2d9159bbe4480a40de606224e44380c232aeea5ea7cb75
43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4aa1b3886630b31d235210944569430867f40cf8e1a8df7377c2a72d8f98db8b
4b765d3fb1a12b3daa46c1e73d9c96462f630f3b951f0c1d6cb4a95f778058c4
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e1520546dbd369cdd78b359f79a3f449e28d799db111fe7069dc961a00abe15
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
53fca8ce164335254bf76f7aa0e045936cc8b5edb9bb48ef7cd67b6e962c5172
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
578a885f458cb857b1aa0d8c2bb8f76acc46f4ff7c859ee6f76212af52ce9878
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5927e64e838e2941ad7eec622266ea6aff73ac640161a735d00fe3772f248667
61735c354f9522020636cb3749674af5b076908763062314a9ccf12ab9b216da
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
69ecfe6c86238fb1047ef573209cde5270bdf40471a961d0908c9ced9e9ca93c
6e33eafeecba7c7d0296eaa885ff746864e3296c17b2ea3300f5a64c59714365
78539280f0caa07d88858fbcb3f423e1c9034bb3fb785ca124a6fef177b0280c
854b360b2b7396e5752ad65fbabdd2712fe805d85d467a3478d26abdef185e59
8738a739bc53f1ea0598d912e7387c1b0e042c2846b6e82e6d116c6180b2582f
88e6089311b7c99457a011819b754c7a3bcbbd6d78aa9914c56d870e21f5932a
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
9be4bb9193ad7f5fc8debf9e923a81c1b9288575b2d87bed8fe4f506ecbb2c44
9c43394f4833460b982b1e2281cc4ec5782f9469daa5e791c62320f8de771fdf
9c72baa546b07c7eb296c3b83867d1dc7105a9e78722916e4fdbb84bd25fe664
a9c06804242819b18af434dfa96d939ba88510b3982da0e1691a23c48db42a7a
aa0583d1b39b4d6052ce985ff6bc1b3b50571aa8221e084d0b0d497d1f2e9e17
aa57d9d47b3eb3d9ba0b3af49f802c74a26e07cb651f046bfad8bdd1c75a7933
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b8731bec2163ff4226b797a600f8ceb62941f7d688213236c5e8f23563800afe
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
c193a10889028d6c095c7d2658a3a6e5e805922d9c1d7f6253008e360e283f55
ca16450b530681d266f31f5b37686d5d6b1e6fdebc6ec667939a50847a523322
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
d06e53317a7d4edea1408de5bda6ad778d6cc655f95fafd3f59a3ef8f2bcf8c7
d09f16afb0622a6ee61e1c676a73e7190096a7f3e79c5872c7061985bd436f2e
d0d3301424d2af56861cf553a8d2641e4d9ee34b3c7907362ae0dd97caf88a61
d5938dfeeb4e54b883b25c07be9b215d19109c156bfbbaa72fbbed7a59d8a333
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d914fa0a2c4756184bd0c5eab172e1581a65c7c398af4114eecc9e8d70ed31fe
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbe4bb9274d95f6958c05affee68228f583ac4289e88ebc66b1901b37d0967b7
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

censys.com Open in urlscan Pro 2606:4700::6812:f5b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

81 Requests

98 %HTTPS

40 %IPv6

21 Domains

27 Subdomains

26 IPs

5 Countries

1179 kBTransfer

2850 kBSize

29 Cookies

11 Outgoing links

Redirected requests

81 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

censys.com Open in urlscan Pro
2606:4700::6812:f5b Public Scan

Screenshot
Live screenshot

Full Image

81
Requests

98 %
HTTPS

40 %
IPv6

21
Domains

27
Subdomains

26
IPs

5
Countries

1179 kB
Transfer

2850 kB
Size

29
Cookies

81 HTTP transactions
0 data transactions