www.recordedfuture.com Open in urlscan Pro
104.18.43.111 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Submission: On August 07 via api (August 7th 2023, 9:24:41 am UTC) from IN — Scanned from DE

Summary HTTP 94 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 33 IPs in 4 countries across 27 domains to perform 94 HTTP transactions. The main IP is 104.18.43.111, located in and belongs to CLOUDFLARENET, US. The main domain is www.recordedfuture.com. The Cisco Umbrella rank of the primary domain is 425596.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 3rd 2023. Valid for: a year.

This is the only time www.recordedfuture.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	104.18.43.111 104.18.43.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.101.66.216 151.101.66.216	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
10	95.101.111.170 95.101.111.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:780... 2a02:26f0:780::210:a40a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:223... 2600:9000:223f:fa00:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:853b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20e... 2600:9000:20eb:f600:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	18.195.235.189 18.195.235.189	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c09::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
2	3.127.67.224 3.127.67.224	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:836e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:88ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:87ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:d6f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:d0c9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8b65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
94	33

34 104.18.43.111 (None, )

ASN13335 (CLOUDFLARENET, US)

www.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.66.216 (United States)

ASN54113 (FASTLY, US)

cms.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 95.101.111.170 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-170.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:a40a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:fa00:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:853b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:f600:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.235.189 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:23::1726:62a7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.67.224 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:836e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:88ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:87ba (United States)

ASN13335 (CLOUDFLARENET, US)

252628.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d6f3 (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d0c9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8b65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	recordedfuture.com www.recordedfuture.com — Cisco Umbrella Rank: 425596 cms.recordedfuture.com — Cisco Umbrella Rank: 768283	1 MB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5439 c.6sc.co — Cisco Umbrella Rank: 8622 ipv6.6sc.co — Cisco Umbrella Rank: 5612 b.6sc.co — Cisco Umbrella Rank: 3549	22 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 7948 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6964 track.hubspot.com — Cisco Umbrella Rank: 2254 forms.hubspot.com — Cisco Umbrella Rank: 4396	30 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 391 www.linkedin.com — Cisco Umbrella Rank: 539 px4.ads.linkedin.com — Cisco Umbrella Rank: 6039	5 KB
4	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 17765 recordedfuture.matomo.cloud — Cisco Umbrella Rank: 632514	127 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 55 region1.google-analytics.com — Cisco Umbrella Rank: 1869	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	261 KB
2	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 8861	2 KB
2	hs-sites.com 252628.hs-sites.com	8 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9399	589 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	239 B
2	google.de www.google.de — Cisco Umbrella Rank: 5576	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 115	410 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2577 www.google.com — Cisco Umbrella Rank: 3	667 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	157 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5423	5 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7970	1 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2192	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2187	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4274	86 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 414	581 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 704	396 B
1	t.co t.co — Cisco Umbrella Rank: 522	376 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 870	374 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2406	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 783	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 725	15 KB
94	27

	Domain	Requested by
34	www.recordedfuture.com	www.recordedfuture.com
7	b.6sc.co	www.recordedfuture.com
5	cms.recordedfuture.com	www.recordedfuture.com
3	px.ads.linkedin.com	3 redirects
3	www.googletagmanager.com	www.recordedfuture.com www.googletagmanager.com www.google-analytics.com
2	perf-na1.hsforms.com	www.recordedfuture.com
2	252628.hs-sites.com	js.hubspot.com www.recordedfuture.com
2	js.hubspot.com	js.hs-scripts.com 252628.hs-sites.com
2	epsilon.6sense.com	j.6sc.co
2	www.facebook.com	www.recordedfuture.com
2	www.google.de	www.recordedfuture.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	recordedfuture.matomo.cloud	cdn.matomo.cloud
2	cdn.matomo.cloud	www.recordedfuture.com
2	connect.facebook.net	www.recordedfuture.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	static.hsappstatic.net	252628.hs-sites.com
1	cdn2.hubspot.net	252628.hs-sites.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.com	www.recordedfuture.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	region1.analytics.google.com	www.googletagmanager.com
1	analytics.twitter.com	www.recordedfuture.com
1	t.co	www.recordedfuture.com
1	px4.ads.linkedin.com	www.recordedfuture.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	js.hs-scripts.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
94	39

This site contains links to these domains. Also see Links.

Domain
go.recordedfuture.com
app.recordedfuture.com
www.youtube.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
*.recordedfuture.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-03` - `2024-03-05`	a year	crt.sh
cms.recordedfuture.com R3	`2023-07-18` - `2023-10-16`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-16` - `2023-08-14`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M01	`2023-02-24` - `2023-12-25`	10 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.matomo.cloud Amazon RSA 2048 M02	`2023-06-21` - `2024-07-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Frame ID: 4AEDAA1FE56E3339E9E53D82B6381E0C
Requests: 90 HTTP requests in this frame

Frame: https://252628.hs-sites.com/hs-web-interactive-252628-125279382101
Frame ID: 6CB4D2F5C34AB97781A5AB612B33789A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware | Recorded Future

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

94
Requests

99 %
HTTPS

70 %
IPv6

27
Domains

39
Subdomains

33
IPs

4
Countries

2169 kB
Transfer

6128 kB
Size

28
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://go.recordedfuture.com/predict-2023
Title: Predict

Search URL Search Domain Scan URL

URL: https://app.recordedfuture.com/live/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo
Title: Book your team's demo

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/hubfs/reports/cta-2023-0727-1.pdf
Title: click here

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://twitter.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.instagram.com/recordedfuture/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3869953%26time%3D1691400275768%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com%252Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&cookiesTest=true&liSync=true&e_ipv6=AQIjUa9Bw6q7dgAAAYnPUAmWu5zNrOZIOgVHwHds-amepTM_3c-5CX8tzXR9LHvYX0x08Zn5

94 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware Show response
www.recordedfuture.com/ 68 KB
14 KB 295ms
251ms Document
text/html 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

285861c8834180d9cb6666cc503127048fb1adddac704cc6a6631310d5051f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
cache-control: s-maxage=30, stale-while-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7f2e77a6dc4c360c-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Aug 2023 09:24:35 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
traceresponse: 00-17790f96b9defad706eb449c52168c8a-f7607e2e4f76f084-00
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0 i-be21b5795622437d8136c8a0cedbd8d0
x-powered-by: Next.js
x-served-by: cache-fra-eddf8230046-FRA

GET
H2 200 brand_logo_long_black_f2ead5b5c6.svg
cms.recordedfuture.com/uploads/ 4 KB
2 KB 52ms
7ms Image
image/svg+xml 151.101.66.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/brand_logo_long_black_f2ead5b5c6.svg?w=1920

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d0ca87959e23cb77cff2f1d7fe2337ecc770de12b1d20762373321d7d287183

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cache-hits: 1
date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
age: 71
traceresponse: 00-17771ba2bbfbd793aaa6d63560c15277-0ae894683f3cf083-00
x-cache: HIT
content-length: 1262
x-served-by: cache-fra-eddf8230135-FRA
last-modified: Thu, 10 Mar 2022 10:37:46 GMT
etag: W/"6229d4fa-eab"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
expires: Tue, 01 Aug 2023 00:47:50 GMT

GET
H2 200 fonts.css
www.recordedfuture.com/fonts/ 873 B
410 B 136ms
135ms Stylesheet
text/css 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/fonts/fonts.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bf162c4ea46c13d096a81bc878e36ab1cc96a63ad8f674f58e25789103b5ee2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
cf-cache-status: MISS
content-encoding: gzip
traceresponse: 00-17790f96c8aceeb0e789600a04861623-ef8c3eacec22fb4e-00
x-cache: MISS
x-served-by: cache-fra-eddf8230097-FRA
last-modified: Wed, 02 Aug 2023 09:54:23 GMT
server: cloudflare
etag: W/"369-189b5ab8098"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a87e9a360c-FRA
x-cache-hits: 0

GET
H2 200 fd4a74fbfff6d1cb.css
www.recordedfuture.com/_next/static/css/ 43 KB
10 KB 28ms
27ms Stylesheet
text/css 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af25a55f8bf1179b4d106e460a5180ed66d6ae7ed64b3049b8c7814b8991ead

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
age: 2050505
traceresponse: 00-1771c58c46770eb0ee4651a93141c01a-40616bd03c58388d-00
cf-polished: origSize=44347
content-encoding: gzip
x-cache: HIT
x-served-by: cache-fra-eddf8230079-FRA
cf-bgj: minify
last-modified: Fri, 14 Jul 2023 15:26:03 GMT
server: cloudflare
etag: W/"ad3b-189550255a8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a87e9b360c-FRA
x-cache-hits: 1

GET
H2 200 ff47a6fa42190518.css
www.recordedfuture.com/_next/static/css/ 11 KB
4 KB 27ms
27ms Stylesheet
text/css 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/ff47a6fa42190518.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08edf1aa2715c8ef8081358b43d9704de7db1cba86339b7e343aa8b8c2b6b9a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
age: 2662219
traceresponse: 00-176f98a3454342e0a9246623bde5a06a-f98fd36633197620-00
cf-polished: origSize=11304
content-encoding: gzip
x-cache: HIT
x-served-by: cache-fra-eddf8230083-FRA
cf-bgj: minify
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"2c28-189308433e2"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a87e9c360c-FRA
x-cache-hits: 1

GET
H2 200 webpack-cb7634a8b6194820.js Show response
www.recordedfuture.com/_next/static/chunks/ 2 KB
1 KB 28ms
26ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/webpack-cb7634a8b6194820.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b54dffddaa2eac539bd5b13d6f80c38da6076ce740db0c587a68e7e4f25c5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7131715
traceresponse: 00-175f99007ccc403e56315f5690e6c51d-934fe255e0d1ea1a-00
x-cache: HIT
content-length: 884
x-served-by: cache-fra-eddf8230138-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"6d1-185c5d490a8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea1360c-FRA
x-cache-hits: 1

GET
H2 200 framework-5f4595e5518b5600.js Show response
www.recordedfuture.com/_next/static/chunks/ 127 KB
41 KB 28ms
26ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/framework-5f4595e5518b5600.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7131715
traceresponse: 00-175f7e588fce7beac8392ba4b82a2349-a89f70afffa26733-00
x-cache: HIT
content-length: 42154
x-served-by: cache-fra-eddf8230042-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"1fbbb-185c5d48ffc"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea3360c-FRA
x-cache-hits: 1

GET
H2 200 main-d977f1d2acb21ba7.js Show response
www.recordedfuture.com/_next/static/chunks/ 101 KB
28 KB 41ms
39ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03c6a05bd0d89aa91521b0ebe9a14e367f6c41ebd64f585fbee07ba3a2124e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7131715
traceresponse: 00-175acf9667b084f1c9a838b7b98ef21f-74a9b8a9bba8903e-00
x-cache: HIT
content-length: 28865
x-served-by: cache-fra-eddf8230091-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"193e5-185c5d4900d"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea4360c-FRA
x-cache-hits: 1

GET
H2 200 _app-f3a9fbef2acd2619.js Show response
www.recordedfuture.com/_next/static/chunks/pages/ 112 KB
36 KB 38ms
36ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/_app-f3a9fbef2acd2619.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7f412d4a6f6fe630e7d33983fac32026910ef2cdc402083e70cf0a2a36ad9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2663927
traceresponse: 00-176f98c2fe2854bced9a212978787c78-5780940e589908b7-00
x-cache: MISS
content-length: 36756
x-served-by: cache-fra-eddf8230080-FRA
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"1bf1c-18930843335"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea5360c-FRA
x-cache-hits: 0

GET
H2 200 29107295-fbcfe2172188e46f.js Show response
www.recordedfuture.com/_next/static/chunks/ 70 KB
24 KB 58ms
56ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/29107295-fbcfe2172188e46f.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50f24e516ae1c0492e06b1c81d1fd961f22cb35a5f9f55ec8bb8f4a10b7f5d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7131715
traceresponse: 00-17592ebc053b267177b587af3a11a64e-e7d7d296405411d0-00
x-cache: HIT
content-length: 24696
x-served-by: cache-fra-eddf8230105-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"11809-185c5d48f92"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea6360c-FRA
x-cache-hits: 1

GET
H2 200 739-7431c646d629e331.js Show response
www.recordedfuture.com/_next/static/chunks/ 306 KB
93 KB 40ms
39ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/739-7431c646d629e331.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c683169cd96fc782d91c9f8a2e5b8ae206ebe6e04dde7f08f7d5fb84ba94df3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2663927
traceresponse: 00-176f988ed4762521ec22c692fc480e46-6ae9a38b3df720ff-00
x-cache: HIT
content-length: 94433
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"4c71c-189308432ad"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea7360c-FRA
x-cache-hits: 1

GET
H2 200 747-249042747fedb1b6.js Show response
www.recordedfuture.com/_next/static/chunks/ 59 KB
12 KB 26ms
24ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/747-249042747fedb1b6.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab89b479a5d75c6c1945ef9b6d0bfb62c98a0de5238373bd51293b08ba0b0905

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2660287
traceresponse: 00-176f98a33b0bfa49ffabd0a106eed1ef-133471f66f02d129-00
x-cache: HIT
content-length: 12030
x-served-by: cache-fra-eddf8230047-FRA
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"ebe0-189308432c5"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a87ea9360c-FRA
x-cache-hits: 1

GET
H2 200 511-648ec92dbdef899f.js Show response
www.recordedfuture.com/_next/static/chunks/ 44 KB
12 KB 50ms
49ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/511-648ec92dbdef899f.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00c034ee7b09a7528a563ff041040b478e11d17b6284f99cc8968013a63d8403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2660287
traceresponse: 00-176f98c304ee2fa1bade0944ae740efb-7c82bcc8fe579f5d-00
x-cache: HIT
content-length: 12324
x-served-by: cache-fra-eddf8230078-FRA
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"b047-18930843297"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a88ebc360c-FRA
x-cache-hits: 1

GET
H2 200 934-0bba04a242e907d2.js Show response
www.recordedfuture.com/_next/static/chunks/ 44 KB
11 KB 50ms
49ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/934-0bba04a242e907d2.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

322a83ad958a028fe8d8a0ab29c4d6a5e240e71e77d7a3a19ab3048b9a971515

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 906231
traceresponse: 00-1772d041871d1cbf4a324a4aef175b9d-b51183704aa9abd2-00
x-cache: HIT
content-length: 11076
x-served-by: cache-fra-eddf8230057-FRA
last-modified: Fri, 14 Jul 2023 15:26:03 GMT
server: cloudflare
etag: W/"aecf-189550254d3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a88ebd360c-FRA
x-cache-hits: 1

GET
H2 200 778-e91196d80286df64.js Show response
www.recordedfuture.com/_next/static/chunks/ 29 KB
5 KB 42ms
41ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/778-e91196d80286df64.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3347deb054fd4aeabc29970a4ca60846bff3a5f2c5123b2de52018b602b39d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2405441
traceresponse: 00-177082827a84cb521b693f59c15c11f9-3ec9250818a23b6a-00
x-cache: HIT
content-length: 5413
x-served-by: cache-fra-eddf8230138-FRA
last-modified: Mon, 10 Jul 2023 12:48:28 GMT
server: cloudflare
etag: W/"7255-1893fd8a0fb"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a88ebe360c-FRA
x-cache-hits: 1

GET
H2 200 %5B%5B...slug%5D%5D-625068445beffb2a.js Show response
www.recordedfuture.com/_next/static/chunks/pages/ 80 KB
16 KB 41ms
40ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-625068445beffb2a.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

349792fde8452f444e31aa14d0b121015e434748127a2f0fbe24f8cb1745ff37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2050505
traceresponse: 00-1771c58c447ee485eed9d500f22657ec-3b8f2299993c2591-00
x-cache: HIT
content-length: 16148
x-served-by: cache-fra-eddf8230089-FRA
last-modified: Fri, 14 Jul 2023 15:26:03 GMT
server: cloudflare
etag: W/"141db-18955025503"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a88ebf360c-FRA
x-cache-hits: 1

GET
H2 200 _buildManifest.js Show response
www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/ 1 KB
770 B 41ms
39ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/_buildManifest.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5368f096ff6b37f5a72e3a22a2b5e9eddf179229385d5c2ba3a46bae485f9060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: HIT
age: 428436
traceresponse: 00-177788a979d86c6278e5a552480efc38-2c99b4ff405b391a-00
x-cache: HIT
content-length: 513
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Wed, 02 Aug 2023 09:59:54 GMT
server: cloudflare
etag: W/"44d-189b5b08ed3"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a88ec0360c-FRA
x-cache-hits: 1

GET
H2 200 _ssgManifest.js Show response
www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/ 99 B
254 B 42ms
41ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/_ssgManifest.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11bc5c5457d219bd5836c09acf8b0b335ff4b6be3cb66d60e9478b09967c5029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
cf-cache-status: HIT
age: 428436
traceresponse: 00-177788a98ba6b9c96af9b3e6f06019b6-fc0259637ee1da71-00
content-encoding: gzip
x-cache: HIT
x-served-by: cache-fra-etou8220026-FRA
last-modified: Wed, 02 Aug 2023 09:59:54 GMT
server: cloudflare
etag: W/"63-189b5b08f00"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a88ec1360c-FRA
x-cache-hits: 1

GET
H2 200 _middlewareManifest.js Show response
www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/ 92 B
312 B 72ms
71ms Script
application/javascript 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/HNYVwXnzsnh6BFTGV11MP/_middlewareManifest.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
cf-cache-status: HIT
age: 428436
traceresponse: 00-177788e0280f1fcf506d18bd0bdd00d5-74f2ed4222449498-00
content-encoding: gzip
x-cache: HIT
x-served-by: cache-fra-eddf8230066-FRA
last-modified: Wed, 02 Aug 2023 09:59:54 GMT
server: cloudflare
etag: W/"5c-189b5b08ee0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a88ec2360c-FRA
x-cache-hits: 1

GET
H2 200 insikt_group_logo_updated_3_300x48_b5390f4ff2.png
cms.recordedfuture.com/uploads/ 2 KB
2 KB 456ms
414ms Image
image/png 151.101.66.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/insikt_group_logo_updated_3_300x48_b5390f4ff2.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a18bee42454d2847fd47b2e4fc37156fe94b9e9263653bdb5d30b0b4e8e04070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Sun, 06 Aug 2023 04:03:44 GMT
date: Mon, 07 Aug 2023 09:24:35 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
age: 0
traceresponse: 00-1778af3a2e226025dd4df876428e32c5-1a9e4050da73a842-00
x-cache: HIT
fastly-io-info: ifsz=2186 idim=300x48 ifmt=png ofsz=2186 odim=300x48 ofmt=png
fastly-stats: io=1
content-length: 2186
fastly-io-warning: Failed to shrink image
x-served-by: cache-fra-eddf8230135-FRA
etag: "EbYSum01FIklEjAVbBxNbvSeI3ULDZ+M77H+n4IBChg"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 bluebravo_adapts_to_target_diplomatic_entities_with_graphicalproton_malware_body_7fd84c011b.png
cms.recordedfuture.com/uploads/ 54 KB
55 KB 880ms
839ms Image
image/png 151.101.66.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/bluebravo_adapts_to_target_diplomatic_entities_with_graphicalproton_malware_body_7fd84c011b.png

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3ceb5f56e595ed360d3c527abbe0f6a5362e17b32ec1abc6bf0e688321566509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Mon, 07 Aug 2023 09:29:35 GMT
date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
age: 0
traceresponse: 00-17790f96dcbc8d6a5d02f3e7eaa7fa8a-c5dbbe5bf3517d83-00
x-cache: MISS
fastly-io-info: ifsz=55722 idim=1600x1289 ifmt=png ofsz=55722 odim=1600x1289 ofmt=png
fastly-stats: io=1
content-length: 55722
fastly-io-warning: Failed to shrink image
x-served-by: cache-fra-eddf8230135-FRA
etag: "yW4pW4ulqsbmL728lcfhhXwK4NRTiV0vnS/AZ8smwYc"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 495d4afe192ab4d5f4a550a952f4c54e9aac52f1b502772b594770db983995c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Inter-Regular.86422bf3.ttf
www.recordedfuture.com/_next/static/media/ 303 KB
144 KB 57ms
56ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Regular.86422bf3.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

494a9c8817786531126dd245c93f8a85aa6afa405c7b8a2e45b667538470ce7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7130421
traceresponse: 00-175b39afc2bd082404784325609b0ef5-7f3ca75bced7166c-00
x-cache: HIT
content-length: 147167
x-served-by: cache-fra-eddf8230051-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"4ba44-185c5d49135"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8bef5360c-FRA
x-cache-hits: 1

GET
H2 200 Inter-Bold.0b1aaf81.ttf
www.recordedfuture.com/_next/static/media/ 309 KB
154 KB 37ms
36ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Bold.0b1aaf81.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ad83f2446566c5ecf7c261cc07884a5d5f71965b5df8fd7bb809f83a42bf470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7130421
traceresponse: 00-175b39afb1a0730873a038265352c0a8-1206ba8d974c77fe-00
x-cache: HIT
content-length: 157388
x-served-by: cache-fra-eddf8230080-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"4d2c4-185c5d490f3"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8bef8360c-FRA
x-cache-hits: 1

GET
H2 200 icomoon.ttf
www.recordedfuture.com/icons/fonts/ 5 KB
3 KB 150ms
149ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/icons/fonts/icomoon.ttf?j8daoh

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1bffb95aa906bfc9cfdc78a26496ba5b627521e1c9ee09edcf1cd7464405905

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: MISS
traceresponse: 00-17790f96cb57769bffe1d1904726a80a-a93b933f955048d0-00
x-cache: MISS
content-length: 3149
x-served-by: cache-fra-eddf8230067-FRA
last-modified: Wed, 02 Aug 2023 09:54:23 GMT
server: cloudflare
etag: W/"152c-189b5ab8098"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=0
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8befa360c-FRA
x-cache-hits: 0

GET
H2 200 Inter-SemiBold.ebaf29e9.ttf
www.recordedfuture.com/_next/static/media/ 308 KB
153 KB 56ms
55ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-SemiBold.ebaf29e9.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f036a45770ce2ad43dfee7f4eac8f8b3784608a24ff00c63dd56704434e014e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: HIT
age: 906230
traceresponse: 00-17759cd2253d4a4bbf843e3057fe5057-8922498831be5cc0-00
x-cache: HIT
content-length: 156755
x-served-by: cache-fra-eddf8230042-FRA
last-modified: Fri, 14 Jul 2023 15:26:03 GMT
server: cloudflare
etag: W/"4d16c-1895502565e"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8befb360c-FRA
x-cache-hits: 1

GET
H2 200 Inter-ExtraBold.d19caa02.ttf
www.recordedfuture.com/_next/static/media/ 309 KB
154 KB 55ms
55ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-ExtraBold.d19caa02.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb3140db2839cabd3662044ef7791206df377b2211046abc71dd039f05fe082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7130421
traceresponse: 00-175b41b6f55aa493f33cd939a1c429eb-a183efac89d324ea-00
x-cache: HIT
content-length: 157010
x-served-by: cache-fra-eddf8230038-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"4d52c-185c5d49108"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8befd360c-FRA
x-cache-hits: 1

GET
H2 200 Inter-Medium.6ee661b3.ttf
www.recordedfuture.com/_next/static/media/ 307 KB
152 KB 39ms
39ms Font
font/ttf 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Medium.6ee661b3.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b1f949528f7a3a2d2ff3b6df67c6c1b5cb8f62a2eba6eb5e06adff2d5795f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/_next/static/css/fd4a74fbfff6d1cb.css
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7130421
traceresponse: 00-175d6574e2560b17ddcc8f2f9cdd6a8d-66bd3e9f96563643-00
x-cache: HIT
content-length: 155503
x-served-by: cache-fra-eddf8230061-FRA
last-modified: Wed, 18 Jan 2023 17:02:00 GMT
server: cloudflare
etag: W/"4cd58-185c5d49121"
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a8beff360c-FRA
x-cache-hits: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 300 KB
95 KB 139ms
55ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72a13147d4bfd1b0f482b0920ddb87493b61c38ab49893cc914ae5215d4c4a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97044
x-xss-protection: 0
last-modified: Mon, 07 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Aug 2023 09:24:35 GMT

GET
H2 200 resources Show response
cms.recordedfuture.com/api/ 18 KB
18 KB 1307ms
1289ms XHR
application/json 151.101.66.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cms.recordedfuture.com/api/resources?populate[0]=cardImage&populate[1]=cardImage.desktop&populate[2]=cardImage.mobile&populate[3]=cardImage.tablet&populate[4]=countryTags&populate[5]=downloadResource&populate[6]=downloadResource.type&populate[7]=eventResource&populate[8]=eventResource.type&populate[9]=industryTags&populate[10]=integrationResource&populate[11]=integrationResource.tags&populate[12]=newsAndResearchResource&populate[13]=newsAndResearchResource.researchPreviewImage&populate[14]=newsAndResearchResource.researchPreviewImageDesktop&populate[15]=newsAndResearchResource.researchPreviewImageMobile&populate[16]=newsAndResearchResource.researchPreviewImageTablet&populate[17]=newsAndResearchResource.type&populate[18]=page&populate[19]=productTags&populate[20]=threatTags&populate[21]=topicTags&filters[$or][0][downloadResource][type][key][$in]=&filters[$or][1][eventResource][type][key][$in]=&filters[$or][2][newsAndResearchResource][type][key][$in][0]=research&filters[$and][0][$or][0][showFrom][$null]=true&filters[$and][0][$or][1][showFrom][$lte]=2023-08-07T09%3A24%3A35Z&pagination%5BpageSize%5D=4&pagination%5Bpage%5D=1&sort%5B0%5D=eventResource.startDate%3Aasc&sort%5B1%5D=publishedAt%3Adesc

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/739-7431c646d629e331.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Strapi <strapi.io>

Resource Hash

918f73d4163b7fcef204d993cd4b553ce13f7c0035d4039ee2857e46e144f3bf

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-permitted-cross-domain-policies: none
via: 1.1 varnish
traceresponse: 00-17790f96e7f72a63784a1d239bd94339-581c72aa29ae7814-00
x-powered-by: Strapi <strapi.io>
age: 0
x-dns-prefetch-control: off
x-cache: MISS
content-length: 17965
x-served-by: cache-fra-eddf8230047-FRA
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
x-download-options: noopen
x-debug-info: eyJyZXRyaWVzIjowfQ==
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 bluebravo_adapts_to_target_diplomatic_entities_with_graphicalproton_malware_main_header_aa4e8487a2.jpg
cms.recordedfuture.com/uploads/ 136 KB
136 KB 740ms
740ms Image
image/jpeg 151.101.66.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/bluebravo_adapts_to_target_diplomatic_entities_with_graphicalproton_malware_main_header_aa4e8487a2.jpg?w=1920

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c89ddf19b90173370258f933a28f131fcd695738eaf99b5abb9089d2123dfe80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: Mon, 07 Aug 2023 09:29:35 GMT
date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
age: 0
traceresponse: 00-17790f96e857a98b0c8107fdaf5c9ec6-2924206e2f930b0c-00
x-cache: MISS
fastly-io-info: ifsz=139004 idim=1600x600 ifmt=jpeg ofsz=139004 odim=1600x600 ofmt=jpeg
fastly-stats: io=1
content-length: 139004
fastly-io-warning: Failed to shrink image
x-served-by: cache-fra-eddf8230135-FRA
etag: "R37Yoo56ZUhEEhZIcWUDfSE+Qdvym0cTshOpltkgWxM"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 careers.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 68 KB
12 KB 479ms
479ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/careers.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95db463cb9231d8e645a0b9f33b0be51eb3e48cae028efdceca7640248614880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e395c85805808f4188b5b68d-1ff9a086d162ee75-00
x-cache: MISS
content-length: 12601
x-served-by: cache-fra-eddf8230115-FRA
server: cloudflare
etag: "1108a-cZ417yypQSWonZxrxsDXtebVuEo"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f913360c-FRA
x-cache-hits: 0

GET
H2 404 contact.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 53 KB
10 KB 740ms
740ms Fetch
text/html 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/contact.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

0c2715c06cd68a3e55864885dcc25e88a3081efca06ae1c90b650351ae2d7f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e8edb62a76d590c5d1ff1ac7-3f9135912558563e-00
x-powered-by: Next.js
content-encoding: gzip
x-cache: MISS
x-served-by: cache-fra-eddf8230046-FRA
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a9f914360c-FRA
x-cache-hits: 0

GET
H2 200 en.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/ 101 KB
17 KB 450ms
450ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a474971c24cd8ed8b7eebf01f0cbfd28c562a9d8383c5a589fba9d614ad80f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e28fc9f801854e2a9daec596-b8c04660c2f43419-00
x-cache: MISS
content-length: 17455
x-served-by: cache-fra-eddf8230070-FRA
server: cloudflare
etag: "193a4-LJ2HrSONgNI//CaMeJCRQYyzXcU"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f915360c-FRA
x-cache-hits: 0

GET
H2 200 platform.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 77 KB
15 KB 245ms
245ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/platform.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd86c071cf4d1d1e70c82fbb57ccb4db4b4c97331a9311e25c3503d40911f23e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96d7936dd1df6ea8f7d1b87f42-233f6f67d7bdd413-00
x-cache: MISS
content-length: 14712
x-served-by: cache-fra-eddf8230052-FRA
server: cloudflare
etag: "135a9-8EyGXd6BDa8+NVgr4PXcmQlFD8M"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f917360c-FRA
x-cache-hits: 0

GET
H2 200 bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 42 KB
9 KB 442ms
442ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72bc753d76ef18570d984d25abad5c90b581632841d43cd5f81ffbe015c948d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e938ec9e76e1a96967b5bdd6-5bb43a8e11a58ced-00
x-cache: MISS
content-length: 8653
x-served-by: cache-fra-eddf8230074-FRA
server: cloudflare
etag: "a672-ktX9xQaWzrD1jzU9bnYmrsteIRI"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f918360c-FRA
x-cache-hits: 0

GET
H2 404 research.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 53 KB
10 KB 860ms
859ms Fetch
text/html 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/research.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

be21203bc4aa28a899398f5b135c4b84adc566d5e665b40c38a049e5a2098023

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e9449ddbd063019abaa7d86e-79951b9c09e621dd-00
x-powered-by: Next.js
content-encoding: gzip
x-cache: MISS
x-served-by: cache-fra-eddf8230022-FRA
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a9f919360c-FRA
x-cache-hits: 0

GET
H2 404 resources.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 53 KB
10 KB 738ms
738ms Fetch
text/html 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/resources.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

3b122b30a503b22002bb0af5e99f6b9d268c8b82970107fc3dfb35f80d065ef2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e31926b22e8652cadfd281a7-3219f1dc79159cf1-00
x-powered-by: Next.js
content-encoding: gzip
x-cache: MISS
x-served-by: cache-fra-eddf8230121-FRA
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77a9f91a360c-FRA
x-cache-hits: 0

GET
H2 200 client-success.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/services-support/ 39 KB
8 KB 373ms
373ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/services-support/client-success.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ace369062b30f424ebe2296fd06cc0e1f139042ff08d38e570366bb606e633f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e3ba21e7b8fa55928b382d86-e1a6bee74ee68640-00
x-cache: MISS
content-length: 7908
x-served-by: cache-fra-eddf8230088-FRA
server: cloudflare
etag: "9c02-GChjZ6P6L6nVU5yKOejoySCbG+0"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f91b360c-FRA
x-cache-hits: 0

GET
H2 200 company.json Show response
www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/ 41 KB
8 KB 458ms
458ms Fetch
application/json 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/company.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edb3abf16ec5ffa460160eeabacb561499e09607ae77f680456650588b5065cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 0
traceresponse: 00-17790f96e9d0d0134862e0c54e9e0f47-f6a40d899f93c712-00
x-cache: MISS
content-length: 8335
x-served-by: cache-fra-eddf8230114-FRA
server: cloudflare
etag: "a254-VWkK4jGRou1L+izGlzwXyd7NmcA"
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=30, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 7f2e77a9f91d360c-FRA
x-cache-hits: 0

GET
H2 200 ff47a6fa42190518.css Show response
www.recordedfuture.com/_next/static/css/ 11 KB
4 KB 24ms
23ms Fetch
text/css 104.18.43.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/ff47a6fa42190518.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-d977f1d2acb21ba7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08edf1aa2715c8ef8081358b43d9704de7db1cba86339b7e343aa8b8c2b6b9a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-content-type-options: nosniff
age: 2662219
traceresponse: 00-176f98a3454342e0a9246623bde5a06a-f98fd36633197620-00
cf-polished: origSize=11304
content-encoding: gzip
x-cache: HIT
x-served-by: cache-fra-eddf8230083-FRA
cf-bgj: minify
last-modified: Fri, 07 Jul 2023 13:21:57 GMT
server: cloudflare
etag: W/"2c28-189308433e2"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 7f2e77aa294d360c-FRA
x-cache-hits: 1

GET
H2 200 64dc3ec5-330c-4652-88d3-147ee65e90ba.js Show response
j.6sc.co/j/ 4 KB
4 KB 50ms
14ms Script
application/javascript 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/64dc3ec5-330c-4652-88d3-147ee65e90ba.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7b0b9f163454a2d476c3930174ed354b5d661060c2a2581e434f8b0b74392d76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
x-amz-version-id: XiK7k1K4G4_9UcBg2.S65sIFd54SfIcU
date: Mon, 07 Aug 2023 09:24:35 GMT
last-modified: Fri, 31 Mar 2023 18:59:38 GMT
server: AmazonS3
x-amz-cf-pop: MNL52-P2
x-amz-server-side-encryption: AES256
etag: "29e881d3528b8d3d0ef42c057d73a114"
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 3771
x-amz-cf-id: k3Q-mv3ZCdPBuI3rKV1357vKE8oNLAmXvuC3_kbSaUATdKYIVBkfyw==
expires: Mon, 07 Aug 2023 09:24:35 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 38ms
10ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220061-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 139ms
43ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Aug 2023 07:49:45 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5690
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 07 Aug 2023 09:49:45 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 32ms
9ms Script
application/x-javascript 2a02:26f0:780::210:a40a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=76221
accept-ranges: bytes
content-length: 4862

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 07 Aug 2023 09:24:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47151
x-xss-protection: 0
pragma: public
x-fb-debug: LyJRpnOgfV9CnVboBnp94K+HREQJVY07JhIe8R5IL4kQKzlXfduC1oL0BMRHbGJjMndeTL2QSEHC2U0HtN8AMA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 container_nbhoRDM8.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 239 KB
69 KB 51ms
11ms Script
application/javascript 2600:9000:223f:fa00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_nbhoRDM8.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:fa00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dff9ccbda7359156ca8f9e56f487906fd012102b2bfe2e15530d0dcf07dae91a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 06:19:39 GMT
x-amz-version-id: hPKpL.h__8sDZCjR64a8gwKcklnBPZyJ
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11097
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 17 Apr 2023 01:17:13 GMT
server: AmazonS3
etag: W/"911173a91f35aca688510054c7f2945e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=691200
x-amz-cf-id: TDBzi8GT862uW1FtYAyM9qct8yAwNNXETOeW12zyvapPaktmuzS0eA==

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 199 KB
58 KB 50ms
11ms Script
application/javascript 2600:9000:223f:fa00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:fa00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fb145f1185850a1f9937c5d5afb3260adbcef791d0a94e1c09b54aa00808982

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 06:08:14 GMT
x-amz-version-id: T3VVylcW4ZUVSABprJtJmBafSdXY4jAi
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11782
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 07 Feb 2023 02:15:06 GMT
server: AmazonS3
etag: W/"3e98a39e2d8f2b464999b40df3c2172d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=691200
x-amz-cf-id: iD1-Bqtxou3mfBcaVDOWB4HyT4X_udQEvPtTojluQdHQ43hAIejZmw==

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 2 KB
1 KB 463ms
432ms Script
application/javascript 2606:4700::6812:853b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/252628.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:853b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

519cf2638e097a13648f84fc86453c5d11a6ab6c9d5fda3468b3b3c6c3cc1cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 99d8523d-bb86-4f67-abbc-46da3c8f3d42
x-envoy-upstream-service-time: 32
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 99d8523d-bb86-4f67-abbc-46da3c8f3d42
last-modified: Mon, 07 Aug 2023 09:17:29 GMT
server: cloudflare
x-trace: 2B5C4DB83618B74D4FC361C470F33F46D46901BAD8000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-mv678
cf-ray: 7f2e77ab8d992bf0-FRA
expires: Mon, 07 Aug 2023 09:25:36 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 247 KB
84 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

16e646e9a61c90e0e0f5dca4958e0b24c342bc85d1ee037c5598e85cd664e2e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86138
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 07 Aug 2023 09:24:35 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3869953/domain/recordedfuture.com/ 36 B
374 B 65ms
8ms XHR
application/json 2600:9000:20eb:f600:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3869953/domain/recordedfuture.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f600:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 08:58:39 GMT
content-encoding: gzip
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 1556
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: MMEM2EOW3z391_1zUgf3o7X47CllgdK43KBhMIF2mwPf2XZR-PCnQw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3869953%26time%3D1691400275768%26url%3Dhttps%253A%252F%252Fwww.recordedfuture.com...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware...

0
265 B

209ms
156ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&cookiesTest=true&liSync=true&e_ipv6=AQIjUa9Bw6q7dgAAAYnPUAmWu5zNrOZIOgVHwHds-amepTM_3c-5CX8tzXR9LHvYX0x08Zn5
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: BE0C60CC4A974EAF84C3ED4D385D2521 Ref B: FRAEDGE1720 Ref C: 2023-08-07T09:24:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYCUdCojxo4AjtR0ggJYA==

Redirect headers

date: Mon, 07 Aug 2023 09:24:35 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: BB72235EC8AD45A3A3274A04744D53F6 Ref B: FRAEDGE1718 Ref C: 2023-08-07T09:24:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953&time=1691400275768&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&cookiesTest=true&liSync=true&e_ipv6=AQIjUa9Bw6q7dgAAAYnPUAmWu5zNrOZIOgVHwHds-amepTM_3c-5CX8tzXR9LHvYX0x08Zn5
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYCUdClUqwnoTUt7UjceA==

GET
H2 200 194163687656043 Show response
connect.facebook.net/signals/config/ 384 KB
110 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/194163687656043?v=2.9.121&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cb940e980969d00d1e942e1dd060818e74604edd5012c44fba1636f782299800

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 07 Aug 2023 09:24:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 111854
x-xss-protection: 0
pragma: public
x-fb-debug: SOsAAQG4x9aljae54uGbA8CEW38fFoxHnDBV5o3jOKbKJvM/Zx1s80EjMvAwSfBsJ8Z+8ZNvVQXMpn0/QJL7Hg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
376 B 206ms
179ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=0e2aeb43-22c4-45e6-b9a5-2ffda977dd61&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe5be7a6-2545-4685-ad10-8f745b22208a&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv0r6&type=javascript&version=2.3.29

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 172
date: Mon, 07 Aug 2023 09:24:35 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 7b09fba5e832b021
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 822a4d1663a5a0f7a293c2c0172e4a729c2e1907e87a046c4848ddbe02a44682
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
396 B 220ms
186ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=0e2aeb43-22c4-45e6-b9a5-2ffda977dd61&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fe5be7a6-2545-4685-ad10-8f745b22208a&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv0r6&type=javascript&version=2.3.29

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 179
date: Mon, 07 Aug 2023 09:24:35 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: d046bc7dff3b8ed5
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 98e1f33b4a18c4be6214ab494d92fede50ea27d70104fe8255a789b6eed25287
content-length: 43

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 12ms
11ms Script
application/javascript 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/64dc3ec5-330c-4652-88d3-147ee65e90ba.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Mon, 07 Aug 2023 09:24:35 GMT

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
173 B 94ms
58ms Ping
text/plain 18.195.235.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2FBlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future&idsite=1&rec=1&r=008316&h=9&m=24&s=35&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&_id=&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=y7UgEy&pf_net=44&pf_srv=251&pf_tfr=1&pf_dm1=10&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.recordedfuture.com
date: Mon, 07 Aug 2023 09:24:35 GMT
access-control-allow-credentials: true
server: Apache
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 53ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MHTMF48BZH&gtm=45je3820&_p=1218448440&_gaz=1&cid=1283807331.1691400276&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691400275&sct=1&seg=0&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&dt=BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 58ms
20ms Ping
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MHTMF48BZH&cid=1283807331.1691400276&gtm=45je3820&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 154ms
69ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MHTMF48BZH&cid=1283807331.1691400276&gtm=45je3820&aip=1&z=1886002920

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 24ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=194163687656043&ev=PageView&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&rl=&if=false&ts=1691400275890&sw=1600&sh=1200&v=2.9.121&r=stable&ec=0&o=30&fbp=fb.1.1691400275888.1365789139&cs_est=true&it=1691400275785&coo=false&exp=a1&rqm=GET

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 07 Aug 2023 09:24:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
291 B 18ms
17ms Script
application/javascript 18.195.235.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=7b98TE&url=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware
Requested by: Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 1c429e414f76840fa567cd92e25f02818f6fa0b567c4bb87cfa8eea541448ece

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
content-encoding: gzip
server: Apache
content-length: 119
vary: X-Forwarded-Port-Override,X-Forwarded-Proto-Override,Accept-Encoding,User-Agent
content-type: application/javascript

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
581 B 144ms
99ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:36 GMT
an-x-request-uuid: 13e1abf0-0901-4b5e-b89c-292950f07bb1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.146; 185.213.155.146; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
198 B 17ms
7ms XHR
text/html 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:35 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.recordedfuture.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
315 B 55ms
8ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3d45fdf57e5fd666b1ff640d125a0f6e7a8edfac5055af0885b29ff442d85007

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:35 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.recordedfuture.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:6:f011::2e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1691400275946_388391911_1112935663_25_1206_6_0_219";dur=1
content-length: 20
expires: Mon, 07 Aug 2023 09:24:35 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
227 B 45ms
44ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1218448440&t=pageview&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&ul=en-us&de=UTF-8&dt=BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1251169713&gjid=189839203&cid=1283807331.1691400276&tid=UA-9153858-2&_gid=2021085576.1691400276&_r=1&_slc=1&gtm=45He3820n81539N74N&z=2015155302

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

db6c3664e11a5ec989a24355283651ed9ba24ea25a3ad9e64b527be527c9f7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 249ms
249ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=51e10e3a-8e8a-4164-82ce-3126a0c073e8&session=c608f445-d90f-4cd2-8fc9-00ebd36c6d64&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A2e%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20report%20is%20a%20summary%20of%20threat%20activity%20linked%20to%20the%20Russian%20advanced%20persistent%20threat%20(APT)%20group%20BlueBravo%20(APT29%2C%20Midnight%20Blizzard)%20uncovered%20since%20January%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&pageViewId=b2d4be4f-08d9-4644-8c78-728ffe9600ec&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&v=1.1.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 19ms
18ms XHR
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-9153858-2&cid=1283807331.1691400276&jid=1251169713&gjid=189839203&_gid=2021085576.1691400276&_u=YADAAEAAAAAAACAAI~&z=418005170

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
81 KB 54ms
54ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZF4S0B1R7S&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e740ece71995e1edd028b574516207452e7d61be29d32ed3966c65ed306fc6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83325
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 07 Aug 2023 09:24:36 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 218ms
218ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=51e10e3a-8e8a-4164-82ce-3126a0c073e8&session=c608f445-d90f-4cd2-8fc9-00ebd36c6d64&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22f2675e8089b7d209a58fce8ad312f51c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2247c555096cc32557d3e6e7a333d7cb3ea692cee1%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2264dc3ec5-330c-4652-88d3-147ee65e90ba%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2009%3A24%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20report%20is%20a%20summary%20of%20threat%20activity%20linked%20to%20the%20Russian%20advanced%20persistent%20threat%20(APT)%20group%20BlueBravo%20(APT29%2C%20Midnight%20Blizzard)%20uncovered%20since%20January%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&pageViewId=b2d4be4f-08d9-4644-8c78-728ffe9600ec&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&v=1.1.5

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 147ms
63ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-9153858-2&cid=1283807331.1691400276&jid=1251169713&_u=YADAAEAAAAAAACAAI~&z=699736692

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 66ms
65ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-9153858-2&cid=1283807331.1691400276&jid=1251169713&_u=YADAAEAAAAAAACAAI~&z=699736692

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
589 B 27ms
13ms XHR
application/json 3.127.67.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b

Request headers

Referer: https://www.recordedfuture.com/
accept-language: de-DE,de;q=0.9
Authorization: Token 47c555096cc32557d3e6e7a333d7cb3ea692cee1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
X-6s-CustomID: WebTag 64dc3ec5-330c-4652-88d3-147ee65e90ba

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.recordedfuture.com
access-control-allow-credentials: true
content-length: 399

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 36ms
9ms Preflight 3.127.67.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.recordedfuture.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.recordedfuture.com
access-control-max-age: 1800
date: Mon, 07 Aug 2023 09:24:36 GMT
server: nginx

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 18ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-ZF4S0B1R7S&gtm=45je3820&_p=1218448440&ul=en-us&sr=1600x1200&cid=1283807331.1691400276&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&dt=BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future&sid=1691400276&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZF4S0B1R7S&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 09:24:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.recordedfuture.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 62ms
23ms Script
application/javascript 2606:4700::6811:836e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 62057
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js&cfRay=7f288c9e7cc41d90-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"039461df2d1d43031520c7d3a853f79e"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js
date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: RIqU3aMZg9szNHjfbC8NSxVkuKgO4.TB
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e30849ee-c814-4a9d-bfba-2d5558966f6d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-request-id: e30849ee-c814-4a9d-bfba-2d5558966f6d
last-modified: Thu, 03 Aug 2023 01:17:49 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-s8xd8
cf-ray: 7f2e77ae9e89bbb5-FRA
x-amz-cf-id: aOF6OddQDsa358cecQ3VSpnX1gI8gcsISzTAKO85W36BbAscc9QGjA==

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1691400000000/ 67 KB
21 KB 191ms
160ms Script
text/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1691400000000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3de1c2755def9517e7bde89c278860cbc98b57291765f12f291e3832e9866d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: XEA6STJG7EX5F2S6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: ea39f1e0-7f31-44be-a280-731fca1304a3
x-envoy-upstream-service-time: 16
x-amz-id-2: uuBYFDiTlGPVzK+KNR3wkLEA8lJZ+I3GhQyMtwcY1KvOl3ThHdwbjG1K5w/lDKMi5Pw5FwJTqWU=
x-evy-trace-listener: listener_https
x-request-id: ea39f1e0-7f31-44be-a280-731fca1304a3
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 20 Jul 2023 15:53:38 GMT
server: cloudflare
etag: W/"c365920d73adc4a3c91a99b921d37ee4"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7f2e77ae8b2b1c01-FRA
expires: Mon, 07 Aug 2023 09:29:36 GMT

GET
H2 200 252628.js Show response
js.hs-banner.com/ 60 KB
16 KB 38ms
17ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9239f316beef45cfc6ba7c2b31298e0da40af5924c7c20894960238ede334d68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: 1DTjZqz8w6c0vLd7dsrtWpmr4CMJx9XZ
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: YF1FRMJKKD41XXRY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
age: 299
x-envoy-upstream-service-time: 43
x-amz-id-2: ZaRpAGwSS00pY/LzuvuLFmnt6EWZFLHI2m6EZKtUR7G/WzJYTc45CxwZ+2Hr9gb0ZICOkHZ3AP8=
x-evy-trace-listener: listener_https
x-request-id: c330222a-534e-45ed-bdc0-0f0c28bb3aaa
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 17 Apr 2023 14:55:34 GMT
server: cloudflare
etag: W/"07022bb1d6cfa926ffae0fefc0ebffb7"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://go.recordedfuture.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-rc2n7
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7f2e77ae7ac735e7-FRA
expires: Mon, 07 Aug 2023 09:24:37 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 62 KB
19 KB 179ms
149ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18a126264ccf1b57353c1716284f1938d97f6c9c1107b42f0f5f1119fdc8bd5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Origin: https://www.recordedfuture.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.405/bundles/project.js&cfRay=7f2e77ae89941db0-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"e50552ef5fa3c8468ae54211ce4b32f6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.405/bundles/project.js
date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: 4regXpB5ZVq4jYlMfK8HxsaBt3Cun5OH
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 73bb352c-3c4f-4179-9685-1758d62471ac
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 73bb352c-3c4f-4179-9685-1758d62471ac
last-modified: Thu, 27 Jul 2023 03:59:43 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNC1IaOJBaJRp5qwd23FO%2BrH56tjd0zZu1NKycTJ1fYciTmqJSI4bbBP9zRDzjmXc%2FUxuQo%2BcngBN6tIk%2FDGlgclEMLBX%2BV2ZiQhtw8x7nGOBDM06wcL03BQtfeoK6rsUGWw2vVJvwZSFZRD"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-8rxrz
cf-ray: 7f2e77ae89941db0-FRA
x-amz-cf-id: m3ciJR741aLXyaGUjgx62jlHUPrpa8TSrmYF6pPrcLcb9Wsm7DNSqw==

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 8ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=194163687656043&ev=Microdata&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&rl=&if=false&ts=1691400276392&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future%22%2C%22meta%3Adescription%22%3A%22This%20report%20is%20a%20summary%20of%20threat%20activity%20linked%20to%20the%20Russian%20advanced%20persistent%20threat%20(APT)%20group%20BlueBravo%20(APT29%2C%20Midnight%20Blizzard)%20uncovered%20since%20January%202023.%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22BlueBravo%20Adapts%20to%20Target%20Diplomatic%20Entities%20with%20GraphicalProton%20Malware%20%7C%20Recorded%20Future%22%2C%22og%3Adescription%22%3A%22This%20report%20is%20a%20summary%20of%20threat%20activity%20linked%20to%20the%20Russian%20advanced%20persistent%20threat%20(APT)%20group%20BlueBravo%20(APT29%2C%20Midnight%20Blizzard)%20uncovered%20since%20January%202023.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fcms.recordedfuture.com%2Fuploads%2Fbluebravo_adapts_to_target_diplomatic_entities_with_graphicalproton_malware_social_tile_e19bbe1b52.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.121&r=stable&ec=1&o=30&fbp=fb.1.1691400275888.1365789139&it=1691400275785&coo=false&es=automatic&tm=3&exp=a1&rqm=GET

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 07 Aug 2023 09:24:36 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 682 B
1 KB 194ms
190ms Fetch
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=252628&currentUrl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9feda95e943e1a2f0e86954570e3d53e8b3e8a0e995dd585eba886c6393fe82b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c691aed3-8e1b-4495-a2c5-024bcde2577a
content-encoding: br
x-envoy-upstream-service-time: 71
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c691aed3-8e1b-4495-a2c5-024bcde2577a
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTzPrTx9LGTOlWMgNPPsbdIKlAlHY%2BbLwvRjbEuvZOJavd9xlVdUYY6BlOWHJqD%2Ffe1VMc2zozekobqeFjrL8gXOtbieETZ%2Fo%2BVOfGaskn1R0OYEMOqxm%2F5o5C5TlmFPJlFVPoyrSU8VD0rgaNteST8FICo3K6%2F2iwM%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f2e77af9b441db0-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft

GET
H2 200 hs-web-interactive-252628-125279382101 Show response
252628.hs-sites.com/ Frame 6CB4 22 KB
7 KB 109ms
78ms Document
text/html 2606:4700::6810:87ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://252628.hs-sites.com/hs-web-interactive-252628-125279382101

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:87ba , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2456845081e2e86628fcf5fae44fb7735cada2e65cf6aaa9fff05aa7b6427d43

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.recordedfuture.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-125279382101,P-252628,PGS-ALL,SW-2
cf-cache-status: HIT
cf-ray: 7f2e77b0feaa364b-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Mon, 07 Aug 2023 09:24:36 GMT
edge-cache-tag: CT-125279382101,P-252628,PGS-ALL,SW-2
last-modified: Mon, 07 Aug 2023 08:34:51 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 73
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-bots-td/envoy-proxy-547bf9f566-88dt6
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 125279382101
x-hs-hub-id: 252628
x-hubspot-correlation-id: 54619111-dcb7-400f-90de-044d4f9daf91
x-request-id: 54619111-dcb7-400f-90de-044d4f9daf91
x-robots-tag: none
x-trace: 2B029547695B910C494AE959C0CCEFD9C54059D925000000000000000000

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 175ms
131ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 09:24:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 3978e4e1-e8d6-4f7d-a57d-e43d29e76273
x-envoy-upstream-service-time: 9
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3978e4e1-e8d6-4f7d-a57d-e43d29e76273
Last-Modified: Mon, 07 Aug 2023 09:24:36 GMT
Server: cloudflare
X-Trace: 2B84F3C0704318BCBF305C545E89030260BB97A8E5000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-dfxrz
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7f2e77b11daa6983-FRA

GET
H2 200 project.js Show response
252628.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ Frame 6CB4 1 KB
953 B 34ms
33ms Script
application/javascript 2606:4700::6810:87ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://252628.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:87ba , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://252628.hs-sites.com/hs-web-interactive-252628-125279382101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 16171334
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f2e77b18f97364b-FRA
x-amz-cf-id: ZmuEZCCdZrm5xyAia8nJAfKJsHaYaoSZxaKdSs-yqLaOz8YTH1JBVw==
expires: Tue, 06 Aug 2024 09:24:36 GMT

GET
H2 200 module_-53649664999_Button_interactive.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1691156284870/ Frame 6CB4 114 B
1 KB 63ms
39ms Stylesheet
text/css 2606:4700::6812:d0c9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1691156284870/module_-53649664999_Button_interactive.min.css
Requested by: Host: 252628.hs-sites.com
URL: https://252628.hs-sites.com/hs-web-interactive-252628-125279382101
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d0c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://252628.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 243956
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"be7a4b154e718de7dee2ae186bac4fb8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691156284870
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 09:24:36 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 02a99004-4f66-477e-89f3-a352e18cffe3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 160
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 02a99004-4f66-477e-89f3-a352e18cffe3
last-modified: Fri, 04 Aug 2023 13:38:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2FSvC5a3f7RuiHHmh8nw094ZQLcAIsoVct4dADKgnJrNwWmN8lc75W%2F0JfSjzitcQOPzKGmA%2F2oeIxO1RAz1EHLGLTx%2FjJduzUIwrsPgt%2BXOVhTiC01iMY6sBVbdNZEQ5l8o8p7HbxNUBLL3WKM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 7f2e77b1aeff18b9-FRA

GET
H3 200 web-interactives-container.js Show response
js.hubspot.com/ Frame 6CB4 19 KB
7 KB 57ms
33ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-container.js

Requested by

Host: 252628.hs-sites.com
URL: https://252628.hs-sites.com/hs-web-interactive-252628-125279382101

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c01a2226c99d007d450aadbbda80682408e0332b47a95d474993a856f167fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://252628.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 360
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-container/static-2.404/bundles/project.js&cfRay=7f2e6ee679fc548e-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"2d5ba339ddf76a8e670d9f7c5d41cc09"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-container/static-2.404/bundles/project.js
date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: e4TV8p93g.ya.YXHnKg4kcT3PU1igUBm
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 9fbf7e6b-81c7-48d0-8bfb-07d6e597f548
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-container-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9fbf7e6b-81c7-48d0-8bfb-07d6e597f548
last-modified: Thu, 27 Jul 2023 03:59:43 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bdsi7XX9YQqnT%2FhjYBKSbG3RdWJffEt%2BaPkmXIK8zyAQmL9mYyG3AtGdIzaQSzZFgj5G9h%2FIHSkY8srgYhsLrb5RNEVVH7OEwnTadfwFFE7L4ob567MpzZv9YJiINNiUENrWtowijyZWhC06"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-htvsg
cf-ray: 7f2e77b1a8d72c6a-FRA
x-amz-cf-id: DRPQLMPdcLLaIxbOqgRwqz9mxGUr58xBsUu1RlC-2z7pbzqpP8mT8g==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.372/ Frame 6CB4 12 KB
5 KB 35ms
16ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.372/embed.js

Requested by

Host: 252628.hs-sites.com
URL: https://252628.hs-sites.com/hs-web-interactive-252628-125279382101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://252628.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:36 GMT
x-amz-version-id: y7ND9ey1AdjRUW5XrlhHQ1urKE3DE81O
via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 417947
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 20:39:52 GMT
server: cloudflare
etag: W/"fa27a9379786a382617de08f3ae57836"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zN6ojh51lwL1v1YbsteKj%2B6UT85j21olqo%2Bt6WkwYmsgq9fE1RGWWJAA6HO1r8nfuWN9BmY%2FhbQ6QvEAtZFS1sp2We%2FqxitlDF6fGxAUJFFtlZc0bw7%2BRkQQsjEoJbJPt81aKofzrPfTtFxjSUP6bo22Z1U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f2e77b20afd1ca9-FRA
x-amz-cf-id: ZejM7o2IGdqbpx3kpYe0vgkIk1BYOQ1Z2uEMcCLzMK_i0fnF7zQJ0Q==
expires: Tue, 06 Aug 2024 09:24:36 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
964 B 164ms
144ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware&t=BlueBravo+Adapts+to+Target+Diplomatic+Entities+with+GraphicalProton+Malware+%7C+Recorded+Future&cts=1691400276891&vi=f7a79e27408174bc7bc71657719fdd1e&nc=true&u=57501621.f7a79e27408174bc7bc71657719fdd1e.1691400276888.1691400276888.1691400276888.1&b=57501621.1.1691400276888&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 03f2a52e-53d4-489c-96c1-442b849b53cc
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 03f2a52e-53d4-489c-96c1-442b849b53cc
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dgkt%2FtQ%2FceQv%2B4WAjMKJ8%2BEBMlo8dIWul9uTIN%2FdoI3uAoNQaiugY5TERoGN7mGB24rEgBFtAsoGzwRGnPbpn8ChqLeQCN4291rACxDpFFsE5stavDLzT1PILDk%2BQKhTo%2FGLQZ3WWDwSJGLw7%2Bvr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f2e77b2bb3d9237-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
669 B 137ms
120ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7dfebc2d-6480-4dc6-af41-e22f4d50d40f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7dfebc2d-6480-4dc6-af41-e22f4d50d40f
last-modified: Mon, 07 Aug 2023 09:24:37 GMT
server: cloudflare
x-trace: 2B624DBD4BB39A7B73F9DFE6D95B0A25058AEEF976000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 7f2e77b2bbda2bd5-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 202ms
202ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
816 B 184ms
175ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=252628&utk=f7a79e27408174bc7bc71657719fdd1e&__hstc=57501621.f7a79e27408174bc7bc71657719fdd1e.1691400276888.1691400276888.1691400276888.1&__hssc=57501621.1.1691400276888&currentUrl=https%3A%2F%2Fwww.recordedfuture.com%2Fbluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e55059cf933af2e97001649af5ae26b763a7aaabd2af122803b49ae33a8101e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3e227ea2-1ded-44a9-8d70-e71227d20cba
content-encoding: br
x-envoy-upstream-service-time: 50
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3e227ea2-1ded-44a9-8d70-e71227d20cba
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.recordedfuture.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rodFKNsxWV4hNlLkDBN5FNhzj7gITwnGpNAcxnBAH1brMWtLNqu92lGEgkZYJZ1AHHhA%2Fb12c%2B93%2BZWQ9wWnMvmH0ksusszXPhrXA3%2Bq0jHsD5iPNlZCOg%2BFvL8ZpjMeUO38KutAU9WJEH7hhTBY"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f2e77b2c8a71db0-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-f4t27

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 221ms
221ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 204ms
203ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:39 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 203ms
203ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:40 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 202ms
201ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 09:24:41 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.recordedfuture.com/	1969-12-31 23:59:59	Name: _cfuvid Value: WeDmM595orag3UyEirab7tnc59jGcs561gefY6E8BDQ-1691400275253-0-604800000
.recordedfuture.com/	1970-01-20 15:59:36	Name: _gcl_au Value: 1.1.1918039044.1691400276
.recordedfuture.com/	1970-01-20 23:26:00	Name: _ga_MHTMF48BZH Value: GS1.1.1691400275.1.0.1691400275.60.0.0
www.recordedfuture.com/	1970-01-20 13:51:26	Name: ln_or Value: eyIzODY5OTUzIjoiZCJ9
.recordedfuture.com/	1970-01-20 15:59:36	Name: _fbp Value: fb.1.1691400275888.1365789139
.linkedin.com/	1970-01-20 15:59:36	Name: li_sugr Value: 63b2cd6b-e8fa-42c6-b9bf-88cce70bc6c3
.linkedin.com/	1970-01-20 22:35:36	Name: bcookie Value: "v=2&6d5c4aa5-009c-49c0-8eac-f935e008b0a8"
.linkedin.com/	1970-01-20 13:51:26	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3055:u=1:x=1:i=1691400275:t=1691486675:v=2:sig=AQF4QeSYXXElCZbHORlXlgnzvsVzMFw9"
.recordedfuture.com/	1970-01-20 23:26:00	Name: _ga Value: GA1.2.1283807331.1691400276
.recordedfuture.com/	1970-01-20 13:51:26	Name: _gid Value: GA1.2.2021085576.1691400276
.recordedfuture.com/	1970-01-20 13:50:00	Name: _gat_UA-9153858-2 Value: 1
www.recordedfuture.com/	1970-01-20 23:26:00	Name: _gd_visitor Value: 51e10e3a-8e8a-4164-82ce-3126a0c073e8
www.recordedfuture.com/	1970-01-20 13:50:14	Name: _gd_session Value: c608f445-d90f-4cd2-8fc9-00ebd36c6d64
.t.co/	1970-01-20 23:26:00	Name: muc_ads Value: 243f251c-f7b7-4254-b4bb-745090cd737e
.twitter.com/	1970-01-20 23:26:00	Name: personalization_id Value: "v1_iQXJUPojHmkizdSiU+CE4Q=="
www.recordedfuture.com/	1970-01-20 14:00:05	Name: _an_uid Value: 0
.linkedin.com/	1970-01-20 14:33:12	Name: UserMatchHistory Value: AQIGdUX041zchAAAAYnPUAhkOQ2Vqz__BUqoyCWDjyrXqceykTwX-huH5CspOFp1mI4dpGD9UkB0KQ
.linkedin.com/	1970-01-20 14:33:12	Name: AnalyticsSyncHistory Value: AQLEX29ZiDV7CwAAAYnPUAhk_ICjnHCbj3iEFwR08olWczGqcqunBgMbpT49XbIl52F04MFIRiY3eO2xreVPUQ
.recordedfuture.com/	1970-01-20 23:26:00	Name: _ga_ZF4S0B1R7S Value: GS1.2.1691400276.1.0.1691400276.0.0.0
.6sc.co/	1970-01-20 23:26:00	Name: 6suuid Value: aad01702a06f010054b8d0640a010000ee9f1900
.www.linkedin.com/	1970-01-20 22:35:36	Name: bscookie Value: "v=1&20230807092436fc2943ba-81f4-4079-8d90-8b473941c534AQF0rJwfBKaqPrv55WEo7iQBidRDI6Xb"
.linkedin.com/	1970-01-20 18:09:12	Name: li_gc Value: MTswOzE2OTE0MDAyNzY7MjswMjGHIEoCdxNxXVd5uoJqNWls9iqXKHwcyzRtsMhWbjP33A==
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: 3e612f7a99baa9daf89d8340e494d96288bfdb82-1691400276
.hubspot.com/	1970-01-20 13:50:02	Name: __cf_bm Value: 7vqHr07jywmawOn7HCssI067tOKuJ1h9CYS0zHgdAzA-1691400276-0-AcVRpjpy/NHJwhYcmSmLf8D57zgyOIaCq8qZ5Ue4Q4ffvaAR6zq8xyVkKFrAm6tInuaNg/MHDPecMzglF2bJJGQ=
.recordedfuture.com/	1970-01-20 18:09:12	Name: __hstc Value: 57501621.f7a79e27408174bc7bc71657719fdd1e.1691400276888.1691400276888.1691400276888.1
.recordedfuture.com/	1970-01-20 18:09:12	Name: hubspotutk Value: f7a79e27408174bc7bc71657719fdd1e
.recordedfuture.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.recordedfuture.com/	1970-01-20 13:50:02	Name: __hssc Value: 57501621.1.1691400276888

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/resources.json Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/contact.json Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.recordedfuture.com/_next/data/HNYVwXnzsnh6BFTGV11MP/en/research.json Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

252628.hs-sites.com
analytics.twitter.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.matomo.cloud
cdn2.hubspot.net
cms.recordedfuture.com
connect.facebook.net
cta-service-cms2.hubspot.com
epsilon.6sense.com
forms.hubspot.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.hubspot.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
recordedfuture.matomo.cloud
region1.analytics.google.com
region1.google-analytics.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
t.co
track.hubspot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.recordedfuture.com
104.18.43.111
104.244.42.3
104.244.42.5
13.107.42.14
146.75.120.157
151.101.66.216
18.195.235.189
185.89.211.84
2001:4860:4802:34::36
2600:9000:20eb:f600:2:53b2:240:93a1
2600:9000:223f:fa00:c:7d55:b3c0:93a1
2606:4700::6810:87ba
2606:4700::6810:88ce
2606:4700::6811:836e
2606:4700::6811:d6f3
2606:4700::6812:19c4
2606:4700::6812:853b
2606:4700::6812:8b65
2606:4700::6812:d0c9
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82f::2004
2a00:1450:400c:c09::9a
2a02:26f0:480:23::1726:62a7
2a02:26f0:780::210:a40a
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
3.127.67.224
95.101.111.170
00c034ee7b09a7528a563ff041040b478e11d17b6284f99cc8968013a63d8403
03c6a05bd0d89aa91521b0ebe9a14e367f6c41ebd64f585fbee07ba3a2124e89
08edf1aa2715c8ef8081358b43d9704de7db1cba86339b7e343aa8b8c2b6b9a9
0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab
0c2715c06cd68a3e55864885dcc25e88a3081efca06ae1c90b650351ae2d7f9a
11bc5c5457d219bd5836c09acf8b0b335ff4b6be3cb66d60e9478b09967c5029
16e646e9a61c90e0e0f5dca4958e0b24c342bc85d1ee037c5598e85cd664e2e6
18a126264ccf1b57353c1716284f1938d97f6c9c1107b42f0f5f1119fdc8bd5f
1af25a55f8bf1179b4d106e460a5180ed66d6ae7ed64b3049b8c7814b8991ead
1c429e414f76840fa567cd92e25f02818f6fa0b567c4bb87cfa8eea541448ece
1d0ca87959e23cb77cff2f1d7fe2337ecc770de12b1d20762373321d7d287183
1e55059cf933af2e97001649af5ae26b763a7aaabd2af122803b49ae33a8101e
2456845081e2e86628fcf5fae44fb7735cada2e65cf6aaa9fff05aa7b6427d43
285861c8834180d9cb6666cc503127048fb1adddac704cc6a6631310d5051f3b
2ace369062b30f424ebe2296fd06cc0e1f139042ff08d38e570366bb606e633f
2ad83f2446566c5ecf7c261cc07884a5d5f71965b5df8fd7bb809f83a42bf470
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
322a83ad958a028fe8d8a0ab29c4d6a5e240e71e77d7a3a19ab3048b9a971515
3347deb054fd4aeabc29970a4ca60846bff3a5f2c5123b2de52018b602b39d67
349792fde8452f444e31aa14d0b121015e434748127a2f0fbe24f8cb1745ff37
3b122b30a503b22002bb0af5e99f6b9d268c8b82970107fc3dfb35f80d065ef2
3b54dffddaa2eac539bd5b13d6f80c38da6076ce740db0c587a68e7e4f25c5b6
3bf162c4ea46c13d096a81bc878e36ab1cc96a63ad8f674f58e25789103b5ee2
3c01a2226c99d007d450aadbbda80682408e0332b47a95d474993a856f167fd2
3ceb5f56e595ed360d3c527abbe0f6a5362e17b32ec1abc6bf0e688321566509
3d45fdf57e5fd666b1ff640d125a0f6e7a8edfac5055af0885b29ff442d85007
48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d
494a9c8817786531126dd245c93f8a85aa6afa405c7b8a2e45b667538470ce7a
495d4afe192ab4d5f4a550a952f4c54e9aac52f1b502772b594770db983995c2
50f24e516ae1c0492e06b1c81d1fd961f22cb35a5f9f55ec8bb8f4a10b7f5d51
519cf2638e097a13648f84fc86453c5d11a6ab6c9d5fda3468b3b3c6c3cc1cdd
5368f096ff6b37f5a72e3a22a2b5e9eddf179229385d5c2ba3a46bae485f9060
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6fb145f1185850a1f9937c5d5afb3260adbcef791d0a94e1c09b54aa00808982
6fb3140db2839cabd3662044ef7791206df377b2211046abc71dd039f05fe082
72a13147d4bfd1b0f482b0920ddb87493b61c38ab49893cc914ae5215d4c4a7d
72bc753d76ef18570d984d25abad5c90b581632841d43cd5f81ffbe015c948d4
7b0b9f163454a2d476c3930174ed354b5d661060c2a2581e434f8b0b74392d76
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e89e1175a6145d737446d673ffa073f4c469c8fe3972f5287b1e7e9b241282b
918f73d4163b7fcef204d993cd4b553ce13f7c0035d4039ee2857e46e144f3bf
9239f316beef45cfc6ba7c2b31298e0da40af5924c7c20894960238ede334d68
95db463cb9231d8e645a0b9f33b0be51eb3e48cae028efdceca7640248614880
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
9feda95e943e1a2f0e86954570e3d53e8b3e8a0e995dd585eba886c6393fe82b
a0b1f949528f7a3a2d2ff3b6df67c6c1b5cb8f62a2eba6eb5e06adff2d5795f3
a18bee42454d2847fd47b2e4fc37156fe94b9e9263653bdb5d30b0b4e8e04070
a3de1c2755def9517e7bde89c278860cbc98b57291765f12f291e3832e9866d0
a474971c24cd8ed8b7eebf01f0cbfd28c562a9d8383c5a589fba9d614ad80f7f
ab89b479a5d75c6c1945ef9b6d0bfb62c98a0de5238373bd51293b08ba0b0905
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
be21203bc4aa28a899398f5b135c4b84adc566d5e665b40c38a049e5a2098023
c683169cd96fc782d91c9f8a2e5b8ae206ebe6e04dde7f08f7d5fb84ba94df3d
c89ddf19b90173370258f933a28f131fcd695738eaf99b5abb9089d2123dfe80
cb940e980969d00d1e942e1dd060818e74604edd5012c44fba1636f782299800
cd86c071cf4d1d1e70c82fbb57ccb4db4b4c97331a9311e25c3503d40911f23e
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d7f412d4a6f6fe630e7d33983fac32026910ef2cdc402083e70cf0a2a36ad9db
db6c3664e11a5ec989a24355283651ed9ba24ea25a3ad9e64b527be527c9f7b3
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
dff9ccbda7359156ca8f9e56f487906fd012102b2bfe2e15530d0dcf07dae91a
e1bffb95aa906bfc9cfdc78a26496ba5b627521e1c9ee09edcf1cd7464405905
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e740ece71995e1edd028b574516207452e7d61be29d32ed3966c65ed306fc6c0
edb3abf16ec5ffa460160eeabacb561499e09607ae77f680456650588b5065cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f036a45770ce2ad43dfee7f4eac8f8b3784608a24ff00c63dd56704434e014e8
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.recordedfuture.com Open in urlscan Pro 104.18.43.111 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

94 Requests

99 %HTTPS

70 %IPv6

27 Domains

39 Subdomains

33 IPs

4 Countries

2169 kBTransfer

6128 kBSize

28 Cookies

8 Outgoing links

Redirected requests

94 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.recordedfuture.com Open in urlscan Pro
104.18.43.111 Public Scan

Screenshot
Live screenshot

Full Image

94
Requests

99 %
HTTPS

70 %
IPv6

27
Domains

39
Subdomains

33
IPs

4
Countries

2169 kB
Transfer

6128 kB
Size

28
Cookies

94 HTTP transactions
2 data transactions