hunt.io Open in urlscan Pro
52.223.52.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity
Submission: On December 11 via api (December 11th 2024, 8:57:36 am UTC) from IN — Scanned from CA

Summary HTTP 59 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 7 domains to perform 59 HTTP transactions. The main IP is 52.223.52.2, located in United States and belongs to AMAZON-02, US. The main domain is hunt.io.
TLS certificate: Issued by WR1 on December 1st 2024. Valid for: 3 months.

This is the only time hunt.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.223.52.2 52.223.52.2	16509 (AMAZON-02) (AMAZON-02)
1	142.251.35.168 142.251.35.168	15169 (GOOGLE) (GOOGLE)
51	18.238.80.54 18.238.80.54	16509 (AMAZON-02) (AMAZON-02)
2	13.226.94.26 13.226.94.26	16509 (AMAZON-02) (AMAZON-02)
1	18.238.49.59 18.238.49.59	16509 (AMAZON-02) (AMAZON-02)
2	54.231.199.162 54.231.199.162	16509 (AMAZON-02) (AMAZON-02)
1	142.251.41.14 142.251.41.14	15169 (GOOGLE) (GOOGLE)
2 2	13.225.63.28 13.225.63.28	16509 (AMAZON-02) (AMAZON-02)
59	8

1 52.223.52.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0b1d980e1f2226c6.awsglobalaccelerator.com

hunt.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.168 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 18.238.80.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-54.jfk52.r.cloudfront.net

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.94.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-26.jfk52.r.cloudfront.net

events.framer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.49.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-59.jfk52.r.cloudfront.net

app.framerstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.231.199.162 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com

public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.41.14 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.63.28 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-28.ewr53.r.cloudfront.net

framer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	framerusercontent.com framerusercontent.com — Cisco Umbrella Rank: 25787	1 MB
4	framer.com 2 redirects events.framer.com — Cisco Umbrella Rank: 40059 framer.com — Cisco Umbrella Rank: 36284	8 KB
2	amazonaws.com public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com	34 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36
1	framerstatic.com app.framerstatic.com — Cisco Umbrella Rank: 206034	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	108 KB
1	hunt.io hunt.io	46 KB
59	7

	Domain	Requested by
51	framerusercontent.com	hunt.io framerusercontent.com
2	framer.com	2 redirects
2	public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com	hunt.io
2	events.framer.com	hunt.io events.framer.com
1	www.google-analytics.com	www.googletagmanager.com
1	app.framerstatic.com	hunt.io
1	www.googletagmanager.com	hunt.io
1	hunt.io
59	8

This site contains links to these domains. Also see Links.

Domain
app.hunt.io
www.cobaltstrike.com
www.amnesty.org
x.com
www.linkedin.com

Subject Issuer	Validity	Valid
hunt.io WR1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
framerusercontent.com Amazon RSA 2048 M03	`2024-11-16` - `2025-12-14`	a year	crt.sh
events.framer.com Amazon RSA 2048 M03	`2024-04-09` - `2025-05-07`	a year	crt.sh
framerstatic.com Amazon RSA 2048 M02	`2024-09-22` - `2025-10-20`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2024-11-18` - `2025-11-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity
Frame ID: 1801E446896AB67E3DC21D3F7E38A378
Requests: 59 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rare Watermark Links Cobalt Strike 4.10 Team Servers to Ongoing Suspicious Activity

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

59
Requests

97 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

1559 kB
Transfer

5340 kB
Size

2
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://app.hunt.io/dashboard
Title: Login

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
Title: Cobalt Strike 4.10

Search URL Search Domain Scan URL

URL: https://app.hunt.io/search/detail/44.203.181.185
Title: Hunt

Search URL Search Domain Scan URL

URL: https://app.hunt.io/assoc/44.203.181.185
Title: Hunt

Search URL Search Domain Scan URL

URL: https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
Title: Amnesty International

Search URL Search Domain Scan URL

URL: https://x.com/Huntio?t=tNAyMYy3rMSrq6u0XIpZRg&s=09

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hunt-intelligence-inc/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://framer.com/m/phosphor-icons/Sun.js@0.0.53 HTTP 302
https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js

Request Chain 40

https://framer.com/m/phosphor-icons/Moon.js@0.0.53 HTTP 302
https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js

59 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Show response
hunt.io/blog/ 557 KB
46 KB 256ms
116ms Document
text/html 52.223.52.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.223.52.2 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a0b1d980e1f2226c6.awsglobalaccelerator.com

Software

Framer/32b700c /

Resource Hash

735103ff08357f02f897a41eaaddab0492f9962697b44c7d5937cd6fe999dd67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-length: 46687
content-type: text/html
date: Wed, 11 Dec 2024 08:57:27 GMT
etag: "51e2af52132b96eddccddd4ff0685171"
last-modified: Tue, 10 Dec 2024 16:52:44 GMT
link: <https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin=""
server: Framer/32b700c
server-timing: region;desc="us-east-1", cache;desc="not-cached", ssg-status;desc="optimized", version;desc="32b700c"
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 323 KB
108 KB 143ms
55ms Script
application/javascript 142.251.35.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f9fbd05138bb30d248ee1602c336c0d8f2a577b751048088a88d00e1135a0712

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 11 Dec 2024 08:57:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 08:57:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109830
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 chunk-7PZR57LV.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 657 KB
186 KB 208ms
141ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

ca91ca3baad1db28d57e2e66c1636b41d0b1ebeec150cd744ed7612cfade3310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"d31ef3a1c75a5b9c5016323bad637661"
x-amz-version-id: ydn.bpnyqfYZCo8jDH6K0IQhWPSwzo6Y
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Xbcmwg4bH4cK9XX0wwSlDsLnuQ9K3EW5d8K8dKY2yJvlRUmikn3chA==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="Xbcmwg4bH4cK9XX0wwSlDsLnuQ9K3EW5d8K8dKY2yJvlRUmikn3chA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-JR5VT52U.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 1 KB
1 KB 105ms
70ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-JR5VT52U.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

8b91ee4af78a9558d2bbbc889b190d7c47647405fabc8ae5be1c014d6c938228

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"8dc2caa5dfa40c0964a44a081b0b17d9"
x-amz-version-id: _8xnJxoEpvTiFxGHHyvVZ85IFf3u.3cf
age: 2471056
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: _RXNFq6aDWtPFMv9MhUJquEj2Qox0C_WvQT6YnOvsOHI9NDe1rIzOw==
date: Tue, 12 Nov 2024 18:33:13 GMT
content-type: text/javascript
last-modified: Tue, 12 Nov 2024 18:22:56 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="_RXNFq6aDWtPFMv9MhUJquEj2Qox0C_WvQT6YnOvsOHI9NDe1rIzOw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-DOOU7OF4.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 9 KB
4 KB 102ms
69ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-DOOU7OF4.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

e7ded5e12508f728778cdc968bf945badfc120ce873943924e0a6dd516871c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"589ac5e5c1ef313d2dd8e35dc038ac21"
x-amz-version-id: oD73PY_Rt0C23.Tz9gMPqTn.Rn0UE9Rx
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Ho1LnH8gbOu2DKT01TduDq5B4pUdEVh4dW6BoKYHVTOK8w7CQcVmZA==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="Ho1LnH8gbOu2DKT01TduDq5B4pUdEVh4dW6BoKYHVTOK8w7CQcVmZA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-RIUMFBNJ.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 447 B
1 KB 103ms
70ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RIUMFBNJ.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "30ed32fa3444df726bb60d89113cf478"
x-amz-version-id: 7vfweQgXPw5HumsSi2rUSCmzIK1fKK7F
age: 4201494
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ONI3mrY0cvN3508u-D7cq3ELTLns9qpMQ7eesdhzyoImiUA-KIKhyw==
date: Wed, 23 Oct 2024 17:52:35 GMT
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 16:32:06 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="ONI3mrY0cvN3508u-D7cq3ELTLns9qpMQ7eesdhzyoImiUA-KIKhyw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 447
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 3NOfmhLkro7nMnJ1Ukn9qft3G68X4tv5oy_-RbaqfP8.UDELJTMX.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 380 KB
50 KB 137ms
104ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/3NOfmhLkro7nMnJ1Ukn9qft3G68X4tv5oy_-RbaqfP8.UDELJTMX.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

19d418a2f626fc1c0356c26eb11f3ee19295720ac760dc28463e75bfafabb1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"312965149b43745df19ebb3646a49187"
x-amz-version-id: CsiOZNoHMTcKkZkWhRweeo1PFjl80IgX
age: 57808
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 8fquYG2wwquBGYYPtwXYlcmxqRwocyjwfX_d_Nf1lEWy8p5DVz5JaA==
date: Tue, 10 Dec 2024 16:54:01 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 16:52:32 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="8fquYG2wwquBGYYPtwXYlcmxqRwocyjwfX_d_Nf1lEWy8p5DVz5JaA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-2VZXA2FB.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 3 KB
2 KB 107ms
74ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2VZXA2FB.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

24bd03c6988e57312952d42ebbd11a362b0be97ff666d3d6ac8f3597174c56b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"4b4dc1288d4d44143b9e6fe8df9e4b6e"
x-amz-version-id: hk8yEBKXPBLqOXukKKa845iu4h0Sc3Sv
age: 1095067
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: N1gk-LNIESkbQyQAt2FkJJ1XfJr5jx0aEfZg-BvXhqf8uXiJGHQsJA==
date: Thu, 28 Nov 2024 16:46:22 GMT
content-type: text/javascript
last-modified: Thu, 28 Nov 2024 16:33:32 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="N1gk-LNIESkbQyQAt2FkJJ1XfJr5jx0aEfZg-BvXhqf8uXiJGHQsJA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-6QJAY4QR.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 269 KB
66 KB 347ms
343ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-6QJAY4QR.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

d1964a0c53200006e756ef0d0e32cea07deff44d89075cf26ae2afe3d85f43e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"3afe3347ed0aec09439983af47904a6d"
x-amz-version-id: zyo9Vn24E.niqDg3AEyJtLy_CnlZx88n
age: 57808
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Yx-gj45IV4qcx3qR1Aooud8fQKRNS78shVhryv2uJVg9NUOnT5EbMA==
date: Tue, 10 Dec 2024 16:54:01 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 16:52:32 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="Yx-gj45IV4qcx3qR1Aooud8fQKRNS78shVhryv2uJVg9NUOnT5EbMA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-IQJXJS56.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 2 MB
461 KB 375ms
371ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-IQJXJS56.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"31dd62f5e78dc021748cb2e226a1a631"
x-amz-version-id: ha0.ZQo2WOP80YQTROckWsD0vmO7dcYH
age: 4718525
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: sBZSvFZspXfh2o_mtLV9bQKo7OKQMkanathS6m6pyUPaZKbfttlYfg==
date: Thu, 17 Oct 2024 18:15:24 GMT
content-type: text/javascript
last-modified: Thu, 17 Oct 2024 17:21:59 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="sBZSvFZspXfh2o_mtLV9bQKo7OKQMkanathS6m6pyUPaZKbfttlYfg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-FXENASNC.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 390 KB
57 KB 520ms
516ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-FXENASNC.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

6fa7b05626f316594c613602ef5bed9327ca1941725837795dfc47414fb05cb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"2696554a7eb9bf9e3747d04c0b5f0360"
x-amz-version-id: FRRe_bV5sWEgclmgU3Du1hlU5_3MgCsn
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9lO38-xKLyljU41wEBTTDopnSxoNfZGv2YHXtUcDC8Go00MwkdhwkQ==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="9lO38-xKLyljU41wEBTTDopnSxoNfZGv2YHXtUcDC8Go00MwkdhwkQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-AIWW63AC.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 55 KB
18 KB 577ms
573ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

dcb6c51ec0458017b4fc8364df113fc4556a9346ce84daafda08bc73fcd27539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"c3cfe8d46f0f118acfe59b0243a8cba4"
x-amz-version-id: hZJ6hCAsaBZGQbUuC8DONqNM3KckUnHx
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: rBiN47bpDmAS1HmxiyO9Erc5EZTa6PaHqfNUXULNHlyaqK6vs68_6w==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="rBiN47bpDmAS1HmxiyO9Erc5EZTa6PaHqfNUXULNHlyaqK6vs68_6w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-N24P5JZY.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 22 KB
5 KB 578ms
574ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-N24P5JZY.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

af7863f53048fe6d665e912eb1a7438502bcd90275756bd57746711efd07ad1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"ba9ae5ccd01ced4534b15ed639fe510a"
x-amz-version-id: L991hsuWUzV8BUCU9Rw0ZcqAUGDolfsL
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 2oDJdIKxxIJNztRJ9tWsVuBiHFqJoRYkQ4DVAbGdwgp2wooRYcf9zA==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="2oDJdIKxxIJNztRJ9tWsVuBiHFqJoRYkQ4DVAbGdwgp2wooRYcf9zA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-WNOMLQKT.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 145 KB
21 KB 584ms
580ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-WNOMLQKT.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

bad9ed8e37d8d1aee7eacb1761e4bf4a7ac110eec89a7e92ff35545023c37cd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"2d1c59a942931206e7cfd493cbbcb555"
x-amz-version-id: TcEpfVxNfQMKuvNPEVW3buQUrbvv6J2b
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: aTLI3Yi-IknbhF0Bnak-10r7XgjsSd2oi6eL5z3yRFNcmiWV56ehPA==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="aTLI3Yi-IknbhF0Bnak-10r7XgjsSd2oi6eL5z3yRFNcmiWV56ehPA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-PLBDR7DK.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 781 B
2 KB 580ms
577ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-PLBDR7DK.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

a1e9b3da59fa84c73948363f79bd0cef61cdb495511606fa4c2d8a06ddc954d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "d480024738b25adf2a7e816ed250f955"
x-amz-version-id: PovNP8byXwJyFWixVyLVFATDcSUX4b8U
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CqtLASbOnk9ynzgQR-DoHx2-EYXDNbroAWRh2QktH-pNBomnVv3MJw==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="CqtLASbOnk9ynzgQR-DoHx2-EYXDNbroAWRh2QktH-pNBomnVv3MJw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 781
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-4DBXZSQR.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 10 KB
2 KB 585ms
582ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-4DBXZSQR.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

dda3ae667335cfd45ec00006177baa81cdcffd2584b76e84cbfe1819b7425484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"25f1dd66e1da9cb89702f7fd019e7878"
x-amz-version-id: FPXKCpIiSSwwBP8GrMSj6GOY5VrqeSxl
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yP8-_mGwzsm8a_uikrEolC4TzdWyXqNowoENI4pJNlz5RAW8FcK2cg==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="yP8-_mGwzsm8a_uikrEolC4TzdWyXqNowoENI4pJNlz5RAW8FcK2cg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-MKDKQIQE.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 20 KB
5 KB 596ms
592ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MKDKQIQE.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

a2cc6f4036b7ba96d44dc4a4489a50aad64157c4648bb10a37292575b85c02ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"a5a493f35b5ac2e85c369329993e4f36"
x-amz-version-id: R71EISFPpiR1jYMYNJisL2I0FlYMzgrv
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: pPBd5V2rq-j09kYQQfBM4gCQgKfEwWgutJR1NXOmrTgYjUjOvVYaaw==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="pPBd5V2rq-j09kYQQfBM4gCQgKfEwWgutJR1NXOmrTgYjUjOvVYaaw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-LCEZCQRN.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 700 B
2 KB 584ms
581ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-LCEZCQRN.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

c56899f4291eff03eed62b752565556777823419de3f2b5c9020c02a883ea8ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
etag: "f7f362a6b630f4f80759edc1e4b1ba32"
x-amz-version-id: 3SYtMtS7QA9FChiL179Z6sr7ywtZA0GM
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: R3WRvL8BicZ-vZ0pXnwHL4-nELvgnPPOFLdBiD8F2-ePHrS7ZyHbYA==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="R3WRvL8BicZ-vZ0pXnwHL4-nELvgnPPOFLdBiD8F2-ePHrS7ZyHbYA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 700
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 chunk-Q2JEALBM.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 4 KB
3 KB 595ms
592ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-Q2JEALBM.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

449b30c2317c76c281158fa547bb61f301dd9f675b54699a8bfc5040648fda2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"85385ac97b505762e460a1f6ab0d821f"
x-amz-version-id: 3.jqbYAa1urwIhTE30p6Ac0pRSY55jI8
age: 60807
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: gK0gZsSE-WEnIVAfAiJxRmT__mLOFqUBpaJEib6jOZhzFsxHC5Upfw==
date: Tue, 10 Dec 2024 16:04:02 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="gK0gZsSE-WEnIVAfAiJxRmT__mLOFqUBpaJEib6jOZhzFsxHC5Upfw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 script_main.DVS43U5Q.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 13 KB
7 KB 596ms
593ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

324a9989ddbb2f2467a735983838314194704fb724135401a55046f54e852cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"ba762ee88aa0962ee71c2f469bb7e8c6"
x-amz-version-id: tVo24YqlM1fa1zfMef1tHpYucOnAnJ.g
age: 57808
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 45AJdPaJhzycp7tqck48TeoAFQMlmq2UDOydtYfC64HsEmFEDRxEjA==
date: Tue, 10 Dec 2024 16:54:01 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 16:52:33 GMT
vary: Accept-Encoding,Origin
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="45AJdPaJhzycp7tqck48TeoAFQMlmq2UDOydtYfC64HsEmFEDRxEjA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 script Show response
events.framer.com/ 18 KB
7 KB 469ms
54ms Script
text/javascript 13.226.94.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events.framer.com/script

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.94.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-94-26.jfk52.r.cloudfront.net

Software

Resource Hash

89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amzn-remapped-content-length: 18177
timestamp: Wed, 11 Dec 2024 08:55:48 GMT
content-encoding: gzip
x-amz-apigw-id: CnoO4FnYIAMEdmA=
x-amzn-trace-id: Root=1-675953f8-4c876917395bf2d545498fd0
x-amzn-requestid: eaa98346-98d2-4928-81d4-11f73fc6cfb6
via: 1.1 de64f4ad73b175abdd31603ba9fb0aae.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-length: 6204
x-amz-cf-id: HGiDVwZvEzX7Cm922PDa2ADyicRCrZrodyygNToErLrGTNRsivISsg==
date: Wed, 11 Dec 2024 08:57:28 GMT
content-type: text/javascript
x-amz-cf-pop: JFK52-P10

GET
H2 200 Wbt9vg2M3MLSUK6C8ZimtsouOws.webp
framerusercontent.com/images/ 52 KB
53 KB 74ms
70ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Wbt9vg2M3MLSUK6C8ZimtsouOws.webp

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

af40af5e1469d7ef41aee9645556b634ada06969e8a9babf4d4e17c38aad2caf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "294afbee86a7b816bb58ca4b178d9a09"
age: 673446
x-content-type-options: nosniff
x-amzn-requestid: 0a40e9b2-0af7-4bf3-be26-e644a48199c7
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Caa_7OFsyJWanxyd30gpZ6ep5942LEHxtinfhpyTBlfkLD3HB58SKQ==
date: Tue, 03 Dec 2024 13:53:22 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="Caa_7OFsyJWanxyd30gpZ6ep5942LEHxtinfhpyTBlfkLD3HB58SKQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-674f0d51-557acc861003e14f1c9dff39;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H2 200 yVA9Oy9wbaBjaChzIOH78YiSFE.webp
framerusercontent.com/images/ 8 KB
9 KB 104ms
101ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "7231b098b0757259dd2bbfd90a7fb0f9"
age: 671302
x-content-type-options: nosniff
x-amzn-requestid: 3de1bf36-0c6a-42e8-bf76-49da9ceef860
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9PdxQQWveEZhWpzhSfSieUhVaWstnUqQc1n_W75VmwutnvMqwrB7Tg==
date: Tue, 03 Dec 2024 14:29:06 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="9PdxQQWveEZhWpzhSfSieUhVaWstnUqQc1n_W75VmwutnvMqwrB7Tg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-674f15b1-78bc758e7f872fa50e191290;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H2 200 6odJFlTcHq1fzIBehjj2s4p9DY.webp
framerusercontent.com/images/ 7 KB
8 KB 137ms
134ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/6odJFlTcHq1fzIBehjj2s4p9DY.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

4dc2a5162f03c1768634a7d933f034a800807b5324368e398cdbfc038a06d395

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "b3fc6d3f97ac740ee5904dc1c19ead8d"
age: 673445
x-content-type-options: nosniff
x-amzn-requestid: bcf9756b-a7f3-480e-9de4-39e71cd81437
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 19PgyDXtpBtry8vYGYdQFsoXPreaUofoBKZwZ3yDX4k0riQK8yk1Xg==
date: Tue, 03 Dec 2024 13:53:23 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="19PgyDXtpBtry8vYGYdQFsoXPreaUofoBKZwZ3yDX4k0riQK8yk1Xg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-674f0d52-3771963431d7a22b4add2727;Parent=1f553ee76613da3a;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H2 200 cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp
framerusercontent.com/images/ 8 KB
9 KB 105ms
102ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp?scale-down-to=512

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

341f61d7c3838f9e303327f41376afcc21e5e7e5d5408b795be682dcd97cde43

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "e1a9183cb012ee35efa98e49b5e794c7"
age: 673445
x-content-type-options: nosniff
x-amzn-requestid: ccc06360-8d94-47a9-b091-1b302a6ae954
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: Whmmod-5Cqtnq_00qbvgn5Uk3tF7xiL-fwNMv74R-s9UwO8f8RObMw==
date: Tue, 03 Dec 2024 13:53:23 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="Whmmod-5Cqtnq_00qbvgn5Uk3tF7xiL-fwNMv74R-s9UwO8f8RObMw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-674f0d52-337d67ec3b1a02f00d068755;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H2 200 fOXtYSvzsNlw0tzPVKMsf72n0.png
framerusercontent.com/images/ 24 KB
25 KB 138ms
135ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/fOXtYSvzsNlw0tzPVKMsf72n0.png?scale-down-to=2048

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "a5fd6921c78d186fd22e12abbea6a593"
age: 16491605
x-content-type-options: nosniff
x-amzn-requestid: 9df5ba47-2ec8-4bec-96e9-11a9fef30e48
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: -86oTJ6-kC_cKJOmNnJvyrxuFVO-W82m7bW9CbR7ZfnCILT5wt4LUw==
date: Mon, 03 Jun 2024 11:57:23 GMT
content-type: image/avif
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="-86oTJ6-kC_cKJOmNnJvyrxuFVO-W82m7bW9CbR7ZfnCILT5wt4LUw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: root=1-665dafa2-42d508f768a18ae373bdb131;sampled=1;lineage=f456f256:0
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 1ZFS7N918ojhhd0nQWdj3jz4w.woff2
framerusercontent.com/assets/ 27 KB
28 KB 526ms
523ms Font
font/woff2 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/1ZFS7N918ojhhd0nQWdj3jz4w.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "9a2dbfafd3686aa72cb303a41be28527"
x-amz-version-id: FhKj_VGbf4ha4CqtjcCeHMQzi9fH8cVU
age: 12716551
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 5s6pxh6sQKZZhX1akh1QfdTANxEho-tZiP01hRtL8A3ixp4_J9vfzA==
date: Wed, 17 Jul 2024 04:34:58 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:12:44 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="5s6pxh6sQKZZhX1akh1QfdTANxEho-tZiP01hRtL8A3ixp4_J9vfzA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28004
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET
H2 200 Inter-Medium.latin-Y3IVPL46.woff2
app.framerstatic.com/ 19 KB
20 KB 218ms
77ms Font
font/woff2 18.238.49.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.framerstatic.com/Inter-Medium.latin-Y3IVPL46.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-59.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3600
etag: "f366e7b832c6d0e8a2038665895c0762"
x-amz-version-id: null
age: 26199157
access-control-allow-methods: GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: pzt07mpnpGxncRrysIMzWJqG-VG1giB5i6GrVeLOnLqzOAb0YJW1nA==
date: Mon, 12 Feb 2024 03:24:52 GMT
content-type: font/woff2
last-modified: Sat, 10 Feb 2024 20:56:17 GMT
x-frame-options: deny
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 ff278a71a35448622a3b931c58f6a0ae.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19904
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK52-P3
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2 200 vQyevYAyHtARFwPqUzQGpnDs.woff2
framerusercontent.com/assets/ 27 KB
28 KB 538ms
536ms Font
font/woff2 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "a14a424239fd9cb2e305f2243b1f6177"
x-amz-version-id: SH9la86RvjI0NEj8MqfrPHVtgDnLUhAV
age: 12716551
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: HYblZp9Oj3PsAZrU_W0Mj1DaaQ_ENwpBwFaqojZgoQBH-tbbsy6FEQ==
date: Wed, 17 Jul 2024 04:34:58 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:12:38 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="HYblZp9Oj3PsAZrU_W0Mj1DaaQ_ENwpBwFaqojZgoQBH-tbbsy6FEQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27404
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET
H2 200 DXD0Q7LSl7HEvDzucnyLnGBHM.woff2
framerusercontent.com/assets/ 27 KB
28 KB 537ms
535ms Font
font/woff2 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/DXD0Q7LSl7HEvDzucnyLnGBHM.woff2

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://hunt.io/

Response headers

access-control-max-age: 3000
etag: "757ca4a792b8c7bbe09f6e6cee76e727"
x-amz-version-id: bCCG3uSnAgT3MLzz1ZSQU2cVkYB4Lve.
age: 12771862
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: G2KIJqaJT8rP6LWI8cjL_SXhiLQbX3-9t7JdhgRDcs3Anny5rItTWA==
date: Tue, 16 Jul 2024 13:13:07 GMT
content-type: font/woff2
last-modified: Mon, 15 Jul 2024 14:11:33 GMT
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="G2KIJqaJT8rP6LWI8cjL_SXhiLQbX3-9t7JdhgRDcs3Anny5rItTWA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27992
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: aws:kms

GET
H/1.1 200
OK figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp
public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/ 17 KB
18 KB 160ms
58ms Image
image/webp 54.231.199.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp
Requested by: Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.231.199.162 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 22e5cfd55973895f60a7f6bf877482dc964962f8dd778612fc149bed56112bc1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

x-amz-id-2: lgkyIyjevRkedXydNeB3Ylyis2hRbA6AlLc6WLUTEATpMUPjXhIqPKuXfZ5lfr9PrNs0sB7pVEk=
ETag: "5a63fbd9ea0b1ac71babd58c221894d8"
x-amz-request-id: NYHX4K5965JNHRC9
Accept-Ranges: bytes
Content-Length: 17688
Date: Wed, 11 Dec 2024 08:57:29 GMT
Last-Modified: Tue, 03 Dec 2024 14:45:58 GMT
Content-Type: image/webp
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK figure_2_associations_tab_showing_six_additional_ip_addresses_sharing_the_same_watermark_hunt__1x.webp
public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/ 15 KB
16 KB 277ms
99ms Image
image/webp 54.231.199.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/figure_2_associations_tab_showing_six_additional_ip_addresses_sharing_the_same_watermark_hunt__1x.webp
Requested by: Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.231.199.162 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9753c83f61822ce350ea508e36e2ee9395589100a0b3afa9df41a4c1a0910408

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

x-amz-id-2: 75ORf1G2rFXMIPdaew94sOk84jmRXXigrjSgfIbDuxNCKbA04HrkJP2Mhmt+ZXqKJECdgPkW2Nc=
ETag: "0b70d4de7b2cec3732dfb1f26c2f4528"
x-amz-request-id: NYHM7J5NS36TWGJH
Accept-Ranges: bytes
Content-Length: 15826
Date: Wed, 11 Dec 2024 08:57:29 GMT
Last-Modified: Tue, 03 Dec 2024 14:45:56 GMT
Content-Type: image/webp
Server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 657ms
46ms Fetch
text/plain 142.251.41.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CKJY21YJ7N&gtm=45je4ca0v9166211784za200&_p=1733907448025&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=560408486.1733907448&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733907448&sct=1&seg=0&dl=https%3A%2F%2Fhunt.io%2Fblog%2Frare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity&dt=Rare%20Watermark%20Links%20Cobalt%20Strike%204.10%20Team%20Servers%20to%20Ongoing%20Suspicious%20Activity&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=669
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.41.14 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s40-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://hunt.io
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 08:57:29 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 anonymous
events.framer.com/ 0
380 B 124ms
119ms Ping
application/json 13.226.94.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Requested by: Host: events.framer.com
URL: https://events.framer.com/script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.94.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-94-26.jfk52.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://hunt.io/

Response headers

x-amz-apigw-id: CnoO6FD4IAMECrw=
x-amzn-trace-id: Root=1-675953f8-5f0a9c90178a18b56446758e;Parent=53fec692550d7e20;Sampled=0;Lineage=1:c457ad49:0
x-amzn-requestid: 20f45e16-577b-4514-90d4-848560a394df
via: 1.1 de64f4ad73b175abdd31603ba9fb0aae.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: p2wPn_AgxKiw70OK7ZVsFGay_Y9I76GvEIOHe64dWT5Jd8RQQaBi-A==
date: Wed, 11 Dec 2024 08:57:28 GMT
content-type: application/json
x-amz-cf-pop: JFK52-P10

GET
H2 200 psEar9BZHC3V1ST6mGHxVJQfBxc.png
framerusercontent.com/images/ 391 B
1 KB 38ms
36ms Other
image/png 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/images/psEar9BZHC3V1ST6mGHxVJQfBxc.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "939ec6fdc5062f6529950c37ab817812"
age: 16914063
x-content-type-options: nosniff
x-amzn-requestid: b0ac55ce-81d8-4ec5-a63d-b4e0230c1b65
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: v2_z0_epWK9TcO1w79bzwVLpwtSJ8dga3JKWa_rkucc_pDru9aup0g==
date: Wed, 29 May 2024 14:36:26 GMT
content-type: image/png
vary: Accept
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-rid;desc="v2_z0_epWK9TcO1w79bzwVLpwtSJ8dga3JKWa_rkucc_pDru9aup0g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: root=1-66573d6a-4e285cd21e7c73b36b481c52;sampled=1;lineage=f456f256:0
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
referrer-policy: strict-origin-when-cross-origin
via: 1.1 43034476d4f59b84d702b480b160bb88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 206 wvsIsx8BB-indexes-default.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 3 KB
4 KB 39ms
37ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

f5b8526bb0e6c1a53d014fca1808aebfb9abaa825ba0e7f54c32562023e255b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=6919-10110
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61119
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="C82zLm2VvXznyi5-QyExtF2cIVIoLRMlJIwJPNwuusaUxI1h_o5Hbw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:50 GMT
content-type: application/octet-stream
x-amz-cf-id: C82zLm2VvXznyi5-QyExtF2cIVIoLRMlJIwJPNwuusaUxI1h_o5Hbw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 6919-10110/276280
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 3192
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 3 KB
4 KB 36ms
35ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

22b07807afbc388ecd51abfcbecb67055935c2e3b93ac4283a5becedd5e70621

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=235-3430
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61118
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="jhB_wdEdiGPohmEhGvPH2dO3UPQmtC6UaSjTSzpuTmbVTSw_IGUu5A==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:51 GMT
content-type: application/octet-stream
x-amz-cf-id: jhB_wdEdiGPohmEhGvPH2dO3UPQmtC6UaSjTSzpuTmbVTSw_IGUu5A==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 235-3430/245022
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 3196
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 200 wvsIsx8BB-chunk-default-dict.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 31 KB
32 KB 36ms
36ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-dict.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

25aeb8cf020d602895b80560676fabfa34b3c350195a0660572b6c87d8c0c37d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61118
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="wqA3yzPCavOjj5zTTuqUQ7bFL-tT2aItdZXBcsAYRQ_I2yoBSaqejA==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:51 GMT
content-type: application/octet-stream
x-amz-cf-id: wqA3yzPCavOjj5zTTuqUQ7bFL-tT2aItdZXBcsAYRQ_I2yoBSaqejA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 32000
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 206 wvsIsx8BB-indexes-default.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 1 KB
2 KB 36ms
35ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

9cc352a4d050c98f080c4ab6550f54f4d383c9509c902b666e64548d83a62471

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=0-1241
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61119
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="VD-qcFsGl0kaFTv_Y31TSA_Z9sqEy5XNp9gA7_OM3InTmKcY43n5nw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:50 GMT
content-type: application/octet-stream
x-amz-cf-id: VD-qcFsGl0kaFTv_Y31TSA_Z9sqEy5XNp9gA7_OM3InTmKcY43n5nw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 0-1241/276280
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 1242
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3

200

Sun.js Show response
framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/
Redirect Chain

https://framer.com/m/phosphor-icons/Sun.js@0.0.53
https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js

5 KB
2 KB

34ms
34ms

Script
text/javascript

18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js

Protocol

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

e77e2400288b5496592bb75f3d2c61871d947b1705f8a2d98c4bdea3a8ebbadd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://framerusercontent.com/

Response headers

access-control-expose-headers: Content-Range
content-encoding: gzip
age: 543445
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="zTYZx2fdMj-WP-TetUwvCzT-mnDbkkxLSjvT1Bzj9IJi_MuxhHOAnw==",cdn-downstream-fbl=0
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 05 Dec 2024 02:00:05 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-id: zTYZx2fdMj-WP-TetUwvCzT-mnDbkkxLSjvT1Bzj9IJi_MuxhHOAnw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

Redirect headers

access-control-expose-headers: Content-Range
age: 713
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: UQ1V2goK2Toqj5ODZ10mHaUrwrxS0jRYGhBXbybiw6XxlIU4aG7lcg==
date: Wed, 11 Dec 2024 08:45:37 GMT
content-type: text/html; charset=utf-8
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=3600
location: https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js
referrer-policy: strict-origin-when-cross-origin
via: 1.1 5ec6b37107376867228d2ed46a794602.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 109
x-xss-protection: 0
x-amz-cf-pop: EWR53-C1

GET
H3

200

Moon.js Show response
framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/
Redirect Chain

https://framer.com/m/phosphor-icons/Moon.js@0.0.53
https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js

4 KB
2 KB

34ms
34ms

Script
text/javascript

18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js

Protocol

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

cf51594b76c66c43206e9aa471baec6a92594ea6b8cbead1b40f445468de76e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://framerusercontent.com/

Response headers

access-control-expose-headers: Content-Range
content-encoding: br
age: 300038
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="GEICHveyGo6b8jmGFi55vRb6zgq8P-iqVP6aFa3sbW_D8pU4MO_3LQ==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Sat, 07 Dec 2024 21:36:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-id: GEICHveyGo6b8jmGFi55vRb6zgq8P-iqVP6aFa3sbW_D8pU4MO_3LQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

Redirect headers

access-control-expose-headers: Content-Range
age: 2591
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: sEAhxPFvP5b-56dcAjP8fxe9UH6teHCVxz4VikKq6xXikchvGuhoHA==
date: Wed, 11 Dec 2024 08:14:19 GMT
content-type: text/html; charset=utf-8
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=3600
location: https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js
referrer-policy: strict-origin-when-cross-origin
via: 1.1 5ec6b37107376867228d2ed46a794602.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 110
x-xss-protection: 0
x-amz-cf-pop: EWR53-C1

GET
H3 206 wvsIsx8BB-indexes-default.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 596 B
1 KB 34ms
33ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

f0f40885a14cd51f7d572952787c67b7c3e51399c2107171bb1bf741d22a6989

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=13806-14401
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61119
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Y9Bflb22nRXlGuoXHdqWAC4UuuxFwL1vJv4ig-Udd6MGXGziukQc7w==",cdn-downstream-fbl=0
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:50 GMT
content-type: application/octet-stream
x-amz-cf-id: Y9Bflb22nRXlGuoXHdqWAC4UuuxFwL1vJv4ig-Udd6MGXGziukQc7w==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 13806-14401/276280
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 596
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 110 B
639 B 39ms
36ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

8325c92af7e207e6c38a127ba11d6ec35faffd2aefd4dfb06019bd5bb1289243

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=4-113
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61118
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Y9yZaGYUpsuru0gSfZiVLh02cnInvtfyDsxMFfsLb4sn9prOu2hYDg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:51 GMT
content-type: application/octet-stream
x-amz-cf-id: Y9yZaGYUpsuru0gSfZiVLh02cnInvtfyDsxMFfsLb4sn9prOu2hYDg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 4-113/245022
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 110
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 10 KB
11 KB 40ms
39ms Fetch
multipart/byteranges 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

ff5855d4eead5faec5c4f5b5e551ef26ff3097b518c779bba5ec3aa8bd1394cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=51476-56009,157655-160448,167285-170009
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61118
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="05xfAf3LmdlD7R-9nc7aQwsqFJL5Z47P4Tt3BPLeH2saWu_9eXFa0g==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:51 GMT
content-type: multipart/byteranges; boundary=CloudFront:016227672A999517520AAEC66932DAFB
x-amz-cf-id: 05xfAf3LmdlD7R-9nc7aQwsqFJL5Z47P4Tt3BPLeH2saWu_9eXFa0g==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 10504
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

OPTIONS
H3 200 wvsIsx8BB-chunk-default-0.framercms
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 0
0 34ms
34ms Preflight 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: range
Access-Control-Request-Method: GET
Origin: https://hunt.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Range
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range
access-control-max-age: 600
age: 60805
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 10 Dec 2024 16:04:04 GMT
referrer-policy: strict-origin-when-cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="1FUH2rGMIL_RcIGGMRWfJzMULqhLgcWBglQzEIpAG-Aod74thuUJdA==",cdn-downstream-fbl=2
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
x-amz-cf-id: 1FUH2rGMIL_RcIGGMRWfJzMULqhLgcWBglQzEIpAG-Aod74thuUJdA==
x-amz-cf-pop: JFK52-P5
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 0

GET
H3 206 wvsIsx8BB-chunk-default-0.framercms Show response
framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/ 121 B
651 B 35ms
34ms Fetch
application/octet-stream 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

b9f9ff04701407e5098517bed58cd91737b23cb35f8d9b2a9554b46dca8d8e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=114-234
Referer: https://hunt.io/

Response headers

access-control-expose-headers: Content-Range
age: 61118
access-control-allow-methods: GET, HEAD, OPTIONS
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="7mH9h4puPKryU3smKSk6Y26HZa9HpajgyUseF_9T6auXJkfJrUa3iA==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 15:58:51 GMT
content-type: application/octet-stream
x-amz-cf-id: 7mH9h4puPKryU3smKSk6Y26HZa9HpajgyUseF_9T6auXJkfJrUa3iA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, immutable
timing-allow-origin: *
Content-Range: bytes 114-234/245022
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
Content-Length: 121
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 200 2iZKHFgbhhPbSXPJTCZSAjibSz0.webp
framerusercontent.com/images/ 72 KB
73 KB 50ms
49ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/2iZKHFgbhhPbSXPJTCZSAjibSz0.webp

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

f64db61461a61be895b05212054704844b4d20a9da93fc0349b2f0e8046002a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "7ea5391ef5d57b06e20f5613414f4349"
age: 69029
x-content-type-options: nosniff
x-amzn-requestid: fe09f424-6c55-4446-8e37-76a364637f7e
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="2z8FOx5xPs4AKPMuC8pZ6R4kBjcI_pX7AHo4FoTOAzJO9Xe8t-KNtw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 13:47:01 GMT
content-type: image/avif
vary: Accept
x-amz-cf-id: 2z8FOx5xPs4AKPMuC8pZ6R4kBjcI_pX7AHo4FoTOAzJO9Xe8t-KNtw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-67584651-01f645fe4ab0c3500efc6e41;Parent=57bba260d735a1c8;Sampled=0;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 9bafc5788cf742a553f677679fa9ca76.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 200 XFsFr3Y6HDDfkPLgSPRuhldm2g.webp
framerusercontent.com/images/ 67 KB
68 KB 46ms
46ms Image
image/avif 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/XFsFr3Y6HDDfkPLgSPRuhldm2g.webp

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

Resource Hash

baec8ef28ee7d04e84305e579a7a397af272c2b2694b3e2879ea01a14c16a76a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hunt.io/

Response headers

etag: "71eb302e38ef24d00d5643fd1bc5d3f7"
age: 416277
x-content-type-options: nosniff
x-amzn-requestid: c6d044ef-f595-45f2-b700-9b4097e2c470
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="hRDqVbvhRZLY_3bBwiu5sghZek5BHWubxsRDVFKflxSzo2CfJ5AI3w==",cdn-downstream-fbl=3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Fri, 06 Dec 2024 13:19:33 GMT
content-type: image/avif
vary: Accept
x-amz-cf-id: hRDqVbvhRZLY_3bBwiu5sghZek5BHWubxsRDVFKflxSzo2CfJ5AI3w==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-amzn-trace-id: Root=1-6752f9e0-60292b0832e951d5426436f8;Sampled=1;Lineage=1:f456f256:0
referrer-policy: strict-origin-when-cross-origin
via: 1.1 9bafc5788cf742a553f677679fa9ca76.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5

GET
H3 200 Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 97 KB
13 KB 36ms
35ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

bece75fc8837c8a539530ef23fa0597efe496fb7d07b7087ed78f7a4a6ea0ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"e2db15eaef96000994d25addf69aa280"
x-amz-version-id: TuU0iBqXN12EcJ9rCUkddc1jDvyMs6Y6
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="DVGQiaQ35vkbqvTSk0UhF0OYRIt4hO6PdC_iqWpYGi-PD08ND4OMJQ==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: DVGQiaQ35vkbqvTSk0UhF0OYRIt4hO6PdC_iqWpYGi-PD08ND4OMJQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 41 KB
8 KB 37ms
37ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

e96570316195a9f6d9ae66ad55325d340e90ca1563bff1972640b2e0435002f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"2a7526581ccd8f89b484d69b0f7f8c1c"
x-amz-version-id: fZbPqa9.hb2i.lXabIGLTFRAPE7YEmMp
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="yJkAUv-4PUv2SxJBFxF7l2HhyUp5dR5uKoFYH3RYZU_Cj6_0DgQ6Eg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: yJkAUv-4PUv2SxJBFxF7l2HhyUp5dR5uKoFYH3RYZU_Cj6_0DgQ6Eg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 45 KB
8 KB 38ms
37ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

831ed047a786cb3bd6a4a3ee93e8457242ee53207b0d04c3b66a3f9899dd78bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"a8b232442f006891ea01135e0614294c"
x-amz-version-id: J12_kG32aYPIUpE0p2Bu8834nWBwkEFE
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="wu3xsFOUVHChJMlQ0uOIq11Dupcr0hnYEDMPE04Ydn8NeUFSRHacng==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: wu3xsFOUVHChJMlQ0uOIq11Dupcr0hnYEDMPE04Ydn8NeUFSRHacng==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 74 KB
11 KB 38ms
37ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

dae44b82855ff15075c37f13f6492e3407e86c9bf27bf8c06b5e7f6dc7739238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"035ebdba59ce6411283ae98079fa0855"
x-amz-version-id: RxPt1Gs1Cd39ubTDC1YGriLuRNXRYZyI
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="DWN8TmZksrOI4K_NJpC4mS0jHV1YeisuhJwwrzRSSuc52wH-sF58tQ==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:53 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: DWN8TmZksrOI4K_NJpC4mS0jHV1YeisuhJwwrzRSSuc52wH-sF58tQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 91 KB
13 KB 38ms
38ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs

Requested by

Host: framerusercontent.com
URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

7734581c037aa18ef75406de8fe8447d0194e730d674fa4670495be8982f366d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"db314f045a5d16008ccacbbbd422ba78"
x-amz-version-id: J7iHWFMQExIuX0uZntwxdPDTrOSWE9I5
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="QWwLrWyqvdBbOZmF0rTA81tc1mQBu34ZgcJ_yxmZ9YOdnqoaVQeTHw==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: QWwLrWyqvdBbOZmF0rTA81tc1mQBu34ZgcJ_yxmZ9YOdnqoaVQeTHw==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: PENDING
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-W7PAJESI.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 997 B
2 KB 35ms
34ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-W7PAJESI.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

fd2c9f5458dff3221f07b1f32bb05b7d9fbf9e9f435448ed14ed1c273d0e493e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs

Response headers

access-control-max-age: 0
etag: "7840196577db9a0c47d25a45b1404bd5"
x-amz-version-id: rZzGzmQf2m1qGMZetHMM9Ni1D68QMvdt
age: 1095069
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="VUrzIUmqq24WNZ5pCWvJx4u3kg5ep2mNscTtOHuugIneX9S57KZ0NA==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 28 Nov 2024 16:46:22 GMT
content-type: text/javascript
last-modified: Thu, 28 Nov 2024 16:33:32 GMT
vary: Origin
x-amz-cf-id: VUrzIUmqq24WNZ5pCWvJx4u3kg5ep2mNscTtOHuugIneX9S57KZ0NA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 997
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-3OHOHP5K.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 1 KB
1 KB 38ms
36ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-3OHOHP5K.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

85423271cadc50e7a8873249d3ece6c62b3180112ac657e66347ce4241d31dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"0d3db3f4c9f52ed4383abbcc60719616"
x-amz-version-id: RGc_Ws_DDVt19gqO4V500uKpAg8wxHba
age: 3677496
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="a5EhGNKy_eZZB_ZcIpsT1YuC_HRyl3FE1AM7eOkoKuzcFMBTV_E_Ag==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 19:25:55 GMT
content-type: text/javascript
last-modified: Tue, 29 Oct 2024 18:16:43 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: a5EhGNKy_eZZB_ZcIpsT1YuC_HRyl3FE1AM7eOkoKuzcFMBTV_E_Ag==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-75KC3OJW.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 999 B
2 KB 37ms
36ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-75KC3OJW.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

f8c7aece584727904d9ece558d571f0a745d505013a200a9e4382d293401e840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs

Response headers

access-control-max-age: 0
etag: "c8efc240356389f13cecc167c1012996"
x-amz-version-id: o4YHMjQ.oXSy6VZhcWaxh8uLt6h88EWw
age: 1095069
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="OjpEuFwIDHsd2n9DgxECjGSL_bpCFausTQtQrF9zmQ-vdgtjUU75dg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 28 Nov 2024 16:46:22 GMT
content-type: text/javascript
last-modified: Thu, 28 Nov 2024 16:33:32 GMT
vary: Origin
x-amz-cf-id: OjpEuFwIDHsd2n9DgxECjGSL_bpCFausTQtQrF9zmQ-vdgtjUU75dg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 999
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-2GYV7IVM.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 933 B
2 KB 84ms
83ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2GYV7IVM.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs

Response headers

access-control-max-age: 0
etag: "24298ba8391c7d23a5170e0e38318a28"
x-amz-version-id: nM5DVGYiJT7UxUVYI7NEVyrlnbzS87ge
age: 9484827
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="UvZSWu3DFBVJI9pwHQdsJ8zn38FFHeJ9LTPQO60fKRc3aGwV8xRPYg==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Fri, 23 Aug 2024 14:17:04 GMT
content-type: text/javascript
last-modified: Fri, 23 Aug 2024 14:15:07 GMT
vary: Origin
x-amz-cf-id: UvZSWu3DFBVJI9pwHQdsJ8zn38FFHeJ9LTPQO60fKRc3aGwV8xRPYg==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 933
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-2MP2Z6KV.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 993 B
2 KB 38ms
37ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2MP2Z6KV.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs

Response headers

access-control-max-age: 0
etag: "a0270dad90dd051af03ad27f756ce88b"
x-amz-version-id: Xa6i0f68HFqGuYAYsjcBEL8VNbvS_6X7
age: 4115356
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="_88g5lEijo6S2Hu-NK7HKKRkP3fiodNtrEAlNdwmrKX7zFan1FbPeA==",cdn-downstream-fbl=1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Thu, 24 Oct 2024 17:48:15 GMT
content-type: text/javascript
last-modified: Thu, 24 Oct 2024 17:21:26 GMT
vary: Origin
x-amz-cf-id: _88g5lEijo6S2Hu-NK7HKKRkP3fiodNtrEAlNdwmrKX7zFan1FbPeA==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 993
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 chunk-BLPGJRRP.mjs Show response
framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/ 16 KB
4 KB 38ms
38ms Script
text/javascript 18.238.80.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-BLPGJRRP.mjs

Requested by

Host: hunt.io
URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity

Protocol

Security

QUIC, , AES_128_GCM

Server

18.238.80.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-80-54.jfk52.r.cloudfront.net

Software

CloudFront /

Resource Hash

2559a88e000cccc51219cf9871ce1762dad455a8a76d0cb1d13821e0664b39dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hunt.io
Referer: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs

Response headers

access-control-max-age: 0
content-encoding: br
etag: W/"b00a0c4ceb4d020cc933396dce6edc73"
x-amz-version-id: whlBBe8CPrdLXcapmb6u3O2ZCaaaKoNX
age: 60804
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cdn-cache-hit,cdn-pop;desc="JFK52-P5",cdn-hit-layer;desc="EDGE",cdn-rid;desc="gQuisyaafpOB9lJ8nDE3CkcCs7EG4d9h3MXiafFO03F5Mj9Jx97vJQ==",cdn-downstream-fbl=2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 16:04:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 15:58:52 GMT
vary: Accept-Encoding,Origin
x-amz-cf-id: gQuisyaafpOB9lJ8nDE3CkcCs7EG4d9h3MXiafFO03F5Mj9Jx97vJQ==
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 87f2baff7d21f066e818884baff3fc4a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-xss-protection: 0
x-amz-cf-pop: JFK52-P5
server: CloudFront
x-amz-server-side-encryption: AES256

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hunt.io/	1970-01-21 11:14:27	Name: _ga_CKJY21YJ7N Value: GS1.1.1733907448.1.0.1733907448.0.0.0
			.hunt.io/	1970-01-21 11:14:27	Name: _ga Value: GA1.1.560408486.1733907448

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.framerstatic.com
events.framer.com
framer.com
framerusercontent.com
hunt.io
public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
13.225.63.28
13.226.94.26
142.251.35.168
142.251.41.14
18.238.49.59
18.238.80.54
52.223.52.2
54.231.199.162
0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b
1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859
1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3
195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f
19d418a2f626fc1c0356c26eb11f3ee19295720ac760dc28463e75bfafabb1d4
20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a
22b07807afbc388ecd51abfcbecb67055935c2e3b93ac4283a5becedd5e70621
22e5cfd55973895f60a7f6bf877482dc964962f8dd778612fc149bed56112bc1
24bd03c6988e57312952d42ebbd11a362b0be97ff666d3d6ac8f3597174c56b6
2559a88e000cccc51219cf9871ce1762dad455a8a76d0cb1d13821e0664b39dd
25aeb8cf020d602895b80560676fabfa34b3c350195a0660572b6c87d8c0c37d
2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f
324a9989ddbb2f2467a735983838314194704fb724135401a55046f54e852cde
341f61d7c3838f9e303327f41376afcc21e5e7e5d5408b795be682dcd97cde43
4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b
449b30c2317c76c281158fa547bb61f301dd9f675b54699a8bfc5040648fda2d
4dc2a5162f03c1768634a7d933f034a800807b5324368e398cdbfc038a06d395
6fa7b05626f316594c613602ef5bed9327ca1941725837795dfc47414fb05cb5
735103ff08357f02f897a41eaaddab0492f9962697b44c7d5937cd6fe999dd67
7734581c037aa18ef75406de8fe8447d0194e730d674fa4670495be8982f366d
831ed047a786cb3bd6a4a3ee93e8457242ee53207b0d04c3b66a3f9899dd78bb
8325c92af7e207e6c38a127ba11d6ec35faffd2aefd4dfb06019bd5bb1289243
85423271cadc50e7a8873249d3ece6c62b3180112ac657e66347ce4241d31dc9
89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4
8b91ee4af78a9558d2bbbc889b190d7c47647405fabc8ae5be1c014d6c938228
9753c83f61822ce350ea508e36e2ee9395589100a0b3afa9df41a4c1a0910408
9cc352a4d050c98f080c4ab6550f54f4d383c9509c902b666e64548d83a62471
a1e9b3da59fa84c73948363f79bd0cef61cdb495511606fa4c2d8a06ddc954d8
a2cc6f4036b7ba96d44dc4a4489a50aad64157c4648bb10a37292575b85c02ba
a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c
a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891
af40af5e1469d7ef41aee9645556b634ada06969e8a9babf4d4e17c38aad2caf
af7863f53048fe6d665e912eb1a7438502bcd90275756bd57746711efd07ad1e
b9f9ff04701407e5098517bed58cd91737b23cb35f8d9b2a9554b46dca8d8e13
bad9ed8e37d8d1aee7eacb1761e4bf4a7ac110eec89a7e92ff35545023c37cd7
baec8ef28ee7d04e84305e579a7a397af272c2b2694b3e2879ea01a14c16a76a
bece75fc8837c8a539530ef23fa0597efe496fb7d07b7087ed78f7a4a6ea0ceb
c56899f4291eff03eed62b752565556777823419de3f2b5c9020c02a883ea8ae
c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf
ca91ca3baad1db28d57e2e66c1636b41d0b1ebeec150cd744ed7612cfade3310
cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685
cf51594b76c66c43206e9aa471baec6a92594ea6b8cbead1b40f445468de76e0
d1964a0c53200006e756ef0d0e32cea07deff44d89075cf26ae2afe3d85f43e2
dae44b82855ff15075c37f13f6492e3407e86c9bf27bf8c06b5e7f6dc7739238
dcb6c51ec0458017b4fc8364df113fc4556a9346ce84daafda08bc73fcd27539
dda3ae667335cfd45ec00006177baa81cdcffd2584b76e84cbfe1819b7425484
e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77e2400288b5496592bb75f3d2c61871d947b1705f8a2d98c4bdea3a8ebbadd
e7ded5e12508f728778cdc968bf945badfc120ce873943924e0a6dd516871c7e
e96570316195a9f6d9ae66ad55325d340e90ca1563bff1972640b2e0435002f2
f0f40885a14cd51f7d572952787c67b7c3e51399c2107171bb1bf741d22a6989
f5b8526bb0e6c1a53d014fca1808aebfb9abaa825ba0e7f54c32562023e255b4
f64db61461a61be895b05212054704844b4d20a9da93fc0349b2f0e8046002a8
f8c7aece584727904d9ece558d571f0a745d505013a200a9e4382d293401e840
f9fbd05138bb30d248ee1602c336c0d8f2a577b751048088a88d00e1135a0712
fd2c9f5458dff3221f07b1f32bb05b7d9fbf9e9f435448ed14ed1c273d0e493e
ff5855d4eead5faec5c4f5b5e551ef26ff3097b518c779bba5ec3aa8bd1394cb

hunt.io Open in urlscan Pro 52.223.52.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

59 Requests

97 %HTTPS

0 %IPv6

7 Domains

8 Subdomains

8 IPs

1 Countries

1559 kBTransfer

5340 kBSize

2 Cookies

7 Outgoing links

Redirected requests

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

hunt.io Open in urlscan Pro
52.223.52.2 Public Scan

Screenshot
Live screenshot

Full Image

59
Requests

97 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

8
IPs

1
Countries

1559 kB
Transfer

5340 kB
Size

2
Cookies

59 HTTP transactions
1 data transactions