urlscan.io logo urlscan.io
SecurityTrails logo

blog.cluster25.duskrise.com Open in urlscan Pro
2606:2c40::c73c:67e4  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Submission: On September 27 via manual from AU — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 3 countries across 21 domains to perform 65 HTTP transactions. The main IP is 2606:2c40::c73c:67e4, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.cluster25.duskrise.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 25th 2022. Valid for: a year.
This is the only time blog.cluster25.duskrise.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
8 2606:4700:20:... 13335 (CLOUDFLAR...)
6 2606:4700:310... 13335 (CLOUDFLAR...)
1 2600:141b:900... 20940 (AKAMAI-ASN1)
2 2607:f8b0:400... 15169 (GOOGLE)
2 52.209.76.227 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2606:2800:220... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.244.42.72 13414 (TWITTER)
1 2600:141b:900... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 13.107.42.14 8068 (MICROSOFT...)
1 2 104.18.100.194 13335 (CLOUDFLAR...)
65 23
20    2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.cluster25.duskrise.com
2    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2607:f8b0:4006:817::200a (Rockville, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2606:4700:20::681a:146 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-cookieyes.com
6    2606:4700:3108::ac42:2b2f (United States)

ASN13335 (CLOUDFLARENET, US)
global.localizecdn.com
1    2600:141b:9000::1725:7bba (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
platform.linkedin.com
2    2607:f8b0:4006:820::2008 (Rockville, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    52.209.76.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-76-227.eu-west-1.compute.amazonaws.com
log.cookieyes.com
4    2607:f8b0:4006:817::2003 (Rockville, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2606:2800:220:131d:1d30:1f1d:238b:1e56 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
1    2606:4700::6811:72b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
3    2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
2    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
2    2607:f8b0:4006:81d::200e (Rockville, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
1    104.244.42.72 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2600:141b:9000::1725:7b88 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    104.18.100.194 (None, )

ASN13335 (CLOUDFLARENET, US)
p.adsymptotic.com
Apex Domain
Subdomains		 Transfer
20 duskrise.com
blog.cluster25.duskrise.com
2 MB
8 cdn-cookieyes.com
cdn-cookieyes.com — Cisco Umbrella Rank: 24488
78 KB
6 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3166
px.ads.linkedin.com — Cisco Umbrella Rank: 394
www.linkedin.com — Cisco Umbrella Rank: 623
px4.ads.linkedin.com — Cisco Umbrella Rank: 6198
164 KB
6 localizecdn.com
global.localizecdn.com — Cisco Umbrella Rank: 23310
46 KB
4 gstatic.com
fonts.gstatic.com
65 KB
3 hubspot.com
app.hubspot.com — Cisco Umbrella Rank: 5559
forms.hubspot.com — Cisco Umbrella Rank: 3106
track.hubspot.com — Cisco Umbrella Rank: 2260
2 KB
3 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2156
16 KB
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 714
syndication.twitter.com — Cisco Umbrella Rank: 995
133 KB
2 adsymptotic.com
p.adsymptotic.com — Cisco Umbrella Rank: 492
465 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
554 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 152
88 KB
2 cookieyes.com
log.cookieyes.com — Cisco Umbrella Rank: 27686
305 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
111 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 797
5 KB
1 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4400
443 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 769
3 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3542
842 B
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3246
3 KB
1 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4853
23 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2138
20 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 40
1 KB
65 21
Domain Requested by
20 blog.cluster25.duskrise.com blog.cluster25.duskrise.com
8 cdn-cookieyes.com blog.cluster25.duskrise.com
cdn-cookieyes.com
6 global.localizecdn.com blog.cluster25.duskrise.com
global.localizecdn.com
4 fonts.gstatic.com fonts.googleapis.com
3 px.ads.linkedin.com 3 redirects
3 js.hs-banner.com blog.cluster25.duskrise.com
js.hs-banner.com
2 p.adsymptotic.com 1 redirects blog.cluster25.duskrise.com
2 www.google-analytics.com www.googletagmanager.com
2 platform.twitter.com blog.cluster25.duskrise.com
platform.twitter.com
2 connect.facebook.net blog.cluster25.duskrise.com
connect.facebook.net
2 log.cookieyes.com cdn-cookieyes.com
2 www.googletagmanager.com blog.cluster25.duskrise.com
www.googletagmanager.com
2 unpkg.com 1 redirects blog.cluster25.duskrise.com
1 track.hubspot.com
1 px4.ads.linkedin.com 1 redirects
1 www.linkedin.com 1 redirects
1 forms.hsforms.com blog.cluster25.duskrise.com
1 snap.licdn.com js.hsadspixel.net
1 syndication.twitter.com platform.twitter.com
1 forms.hubspot.com js.hscollectedforms.net
1 api.hubapi.com js.hsadspixel.net
1 app.hubspot.com blog.cluster25.duskrise.com
1 js.hsadspixel.net blog.cluster25.duskrise.com
1 js.hscollectedforms.net blog.cluster25.duskrise.com
1 js.hs-analytics.net blog.cluster25.duskrise.com
1 platform.linkedin.com blog.cluster25.duskrise.com
1 fonts.googleapis.com blog.cluster25.duskrise.com
65 27
Subject Issuer Validity Valid
blog.cluster25.duskrise.com
Cloudflare Inc ECC CA-3		 2022-05-25 -
2023-05-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.cdn-cookieyes.com
E1		 2022-08-16 -
2022-11-14		 3 months crt.sh
localizecdn.com
Cloudflare Inc ECC CA-3		 2021-11-07 -
2022-11-06		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-06-09 -
2023-06-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
log.cookieyes.com
Amazon		 2022-05-25 -
2023-06-23		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-07-06 -
2022-10-04		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-13 -
2023-06-13		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2022-03-08 -
2023-03-07		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2022-05-07 -
2023-05-07		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh

This page contains 2 frames:

Primary Page: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Frame ID: 904BBDA45F9134F162F11D0AD6BFB677
Requests: 62 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fblog.cluster25.duskrise.com
Frame ID: F7D9D43EFD0C09ABDF6202EF76E3542E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implantsSearchTwitterLinkedInFacebook

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

65
Requests

97 %
HTTPS

84 %
IPv6

21
Domains

27
Subdomains

23
IPs

3
Countries

2710 kB
Transfer

4395 kB
Size

26
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://unpkg.com/aos@next/dist/aos.js HTTP 302
  • https://unpkg.com/aos@3.0.0-beta.6/dist/aos.js
Request Chain 53
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3859058%26time%3D1664239687762%26url%3Dhttps%253A%252F%252Fblog.cluster25.duskrise.com%252F2022%252F09%252F23%252Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&cookiesTest=true&liSync=true&e_ipv6=AQKRnqXxe8hDmAAAAYN8alj_XvRl4lbhr3ptJG_w-suXeZDXm04D0YbO4XHsm1MX4PbKqI4xHc8vHu7dn5CBDH-icwpvMFY HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887 HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887&_expected_cookie=104847e4326112a3f239619bd02649a9

65 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ 		88 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
30eb3e047880a7f6c49e09d5a589e0754b9c31494cdb714fd4a691bdb7435dba
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
s-maxage=10800, max-age=0
cf-h2-pushed
</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>,</hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>
cf-ray
75103b58e95e1895-EWR
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 27 Sep 2022 00:48:06 GMT
edge-cache-tag
CT-79260248439,CT-79260248444,CT-79260486198,CT-85808518979,CG-79260149140,P-21649046,W-79035084646,W-79040734249,W-79040764526,W-79041596314,CW-79028926725,CW-79030654856,E-81444726666,E-81445138344,E-81445552143,E-81445623885,E-81445757079,E-81446103311,E-81446103729,E-81446893668,MENU-79035084646,MENU-79040734249,MENU-79040764526,MENU-79041596314,PGS-ALL,SW-4,GC-79026754360,GC-79039498641,TS-81445173521
etag
W/"2af59f2951cecb4fbaae0a8f2e0248b4"
last-modified
Sun, 25 Sep 2022 10:29:51 GMT
link
</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>; rel=preload; as=script,</hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15IVkFZEttWhrGnCOeycvuD3rUPfdVRp7usXey%2Fpz6%2BuGeLYsR1ijrCciaATQeKnArKl3%2B0Bde9Eh1kTZhDomghO40PePFD6JK3nF%2BThAzofYigvWq6vrQ1yraNDhspmX%2BNv89DPsVJgGekz%2B0xOowrq4EQdVlDA2g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
REVALIDATED
x-hs-combine-css
Disabled
x-hs-content-id
85808518979
x-hs-hub-id
21649046
x-hs-prerendered
Sun, 25 Sep 2022 10:29:51 GMT
x-powered-by
HubSpot
project.js
blog.cluster25.duskrise.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 ce4f3831bf14af9e436b429a8d39760c.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10599180
x-amz-server-side-encryption
AES256
cf-ray
75103b59baa01895-EWR
x-cache
Miss from cloudfront
x-hs-https-only
worker
content-encoding
br
x-amz-replication-status
COMPLETED
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glqUHJ31dVsb0ix3ho36KmpY3DLquAI3CVngujAeBXF%2F3UmlP980Du4wUbzbJh%2Fd2dAGfjLUEp1BzqqFhSzZXQPSpkMSySzvsXmALbdiPFd%2B0m8S9AprONuEqzGzvUHzu2ST0I0sEjZRzY8fKLDa83ZXWOL5Bgl%2FWg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control
public, max-age=31536000
x-amz-cf-pop
ATL51-C1
content-type
application/javascript
x-amz-cf-id
8Zf-Vxuiod14-I-gKVfLM4H1dC1ayfk1yxMxpHsdaYxvryipEkOrhg==
expires
Wed, 27 Sep 2023 00:48:06 GMT
project.js
blog.cluster25.duskrise.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 f8c9a5da2480a9656a18b3b7a10b0ed5.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
27762101
x-amz-server-side-encryption
AES256
cf-ray
75103b59baa41895-EWR
x-cache
Miss from cloudfront
x-hs-https-only
worker
content-encoding
br
x-amz-replication-status
COMPLETED
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QWti11Tw1ulf9jna%2BhzCSRYtR8DG6LyHEGURQyFw9I4msZbm1O9Q%2BCwJid8tIRxlcANDxBVszNhmzRDupdjAyikBIH7o6Mvt21MGeSupfzsG2Taavb9nBs10bH3hm6CfNo2nxxBNqMARMS%2F02YD19FtbZjs91OSlvA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control
public, max-age=31536000
x-amz-cf-pop
BOS50-C2
content-type
application/javascript
x-amz-cf-id
cAePgsfcSLo1GvPsX8--wg8z7Akiw-cEYbiwHewwCF4MNgPrlJuxrw==
expires
Wed, 27 Sep 2023 00:48:06 GMT
index.js
blog.cluster25.duskrise.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 6b40574acc577d1185c505c40886acc6.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4146096
x-amz-server-side-encryption
AES256
cf-ray
75103b59baa61895-EWR
x-cache
Hit from cloudfront
x-hs-https-only
worker
content-encoding
br
x-amz-replication-status
COMPLETED
last-modified
Wed, 27 Jul 2022 14:35:54 GMT
server
cloudflare
etag
W/"0d86ec7be24f2dff2308b8edf54c2f32"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhVkdEnuKHuGJsmrhI8lJNWiHBlKO2s87C%2Bkz8qhWMRPVF4Yi252FyNOMyTecxzs44%2FPF26%2BR2MZa9Q22rE6hHboqvNAyaJA6ZjrwvGDyza1TpfBWByufOnmp9JAU6Nwtkxj5%2B6%2Fxg7tgxZfP%2BA9%2F42aNdQ%2BYv05zA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
k79.hN9WG526nViFF800Vr3DxQF_q.yo
cache-control
public, max-age=31536000
x-amz-cf-pop
EWR52-C2
content-type
application/javascript
x-amz-cf-id
6n1wNWQz7QcFnvklu7qENpMlqjkmgdsmnh543vKBFHDH-DTkScbX1Q==
expires
Wed, 27 Sep 2023 00:48:06 GMT
jquery-1.7.1.js
blog.cluster25.duskrise.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 5dd7b838ea405f86fdd3f313ecc68490.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4147973
cf-ray
75103b59baa71895-EWR
x-cache
Miss from cloudfront
x-hs-https-only
worker
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dAsIbcMq13plBhgjQxfubIbVUF5E7Rm3SAXJ79gNXnCE7ZhrquLq4T8Mfv0JthHOBvbiMhz63uL4soNbXCRICY5k%2Bqe%2BgG%2FFXWzrnxbxZHzUWyptHRayyUSSDRDFE0oErLgApcitwyd%2BxL9SCleSojTBD3j33Xl7w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
EWR52-C2
content-type
application/javascript
x-amz-cf-id
53LYM4YzvkPN0cp43YPU4W6HuL2vqOY98ADmTMueVCX1tWwWgC1CqQ==
expires
Wed, 27 Sep 2023 00:48:06 GMT
aos.js
unpkg.com/aos@3.0.0-beta.6/dist/
Redirect Chain
  • https://unpkg.com/aos@next/dist/aos.js
  • https://unpkg.com/aos@3.0.0-beta.6/dist/aos.js
13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/aos@3.0.0-beta.6/dist/aos.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd1f9acf13b12f189da475e0f23c7c505767859ab620aac636964974093c281d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
10744974
content-encoding
br
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"35e8-44lQwbzmXp8EjjBbNWf/kKDJI+M"
fly-request-id
01F6J4AZ59X83SH41MX4XBE553
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75103b5a2b303350-EWR

Redirect headers

date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GDY69QNJNKFCJ7G9XRS8R9A1-lga
server
cloudflare
age
357
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
location
/aos@3.0.0-beta.6/dist/aos.js
cache-control
public, s-maxage=600, max-age=60
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
75103b59fae43350-EWR
access-control-allow-origin
*
main.min.css
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445552143/1660147887871/proX-C25-child/css/ 		58 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445552143/1660147887871/proX-C25-child/css/main.min.css
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a5b9f6e091aa96c2cce65d99580a34332bba2c1f43454ecd8533246336c7901
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147889665
date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
FDQNHEX2S785Z2E1
x-amz-id-2
EcciVO75PVFzX1EdCXmeulZEGW5IwSckuDt+brz8If1FX6QcoO5KgDfvxLek9CaVdg7Y1IqjhRw=
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:11:30 GMT
server
cloudflare
etag
W/"9d9a9821e0336a69c5082d430a1b7893"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMDRcUbUZrkwFq%2BLN%2F41kEK3OpQGhvp8mv168Ejs1C1C9ib2IBplcDCf9zt8WIelMrkuH9drvsI9GsoQR3QJIE74aqvJEdHcXBKOnbtybgVTNcIRDp9RaDwyTmw75FmFAGevEQgzgUnVUKNZhFaZLhX5mLRvlk7F0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
qU0PLcFIu0pXIqDiNQMw4CtRfLWHKlpb
cf-ray
75103b59cad91895-EWR
x-amz-cf-id
kkSIKfPLz3xrSamWXdGPbh_z434xYPxnt8pYcJK9_riSu0GHae4tCg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
_aos.min.css
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81446893668/1660147901209/proX-C25-child/css/vendor/ 		28 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81446893668/1660147901209/proX-C25-child/css/vendor/_aos.min.css
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ff72cdb0b76e451b768bd1269c38816636d1b8ae396b0f8604b986040527ca2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147902427
date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
FDQK9BZXNXYAKNSP
x-amz-id-2
pes3vQIeCHcRh2GH7cyeueVJp6yzRBRU7ifnwAjFJwbf/RXmLFv4frKxQlY7FyvPQtpcZsszmiA=
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:11:43 GMT
server
cloudflare
etag
W/"8375b66df42656e17c04a4a04d6b78b4"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6Nj1W6CoE%2F05gSfuOlxm8EA7J%2FRpoJDPrPKFsdDFWSo%2Fe4VvTP%2F5hbQZoGI98x%2B3icIyuh0waRyiNjElhmObwGkaMjMG1b3YrSjAR%2FCNs63rdB8vgDKbYJmzRjo%2F6iJLT3JyNlkNYCeX5W2Ol%2BgPMSxlWa%2FvriFwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
wHCW6SwpF4BPXs5VPnafajL3ria15QO6
cf-ray
75103b59cadb1895-EWR
x-amz-cf-id
k0PU_YrMAgZvWkya1KPiQXrw7OytqCqVtsLLW42E6gnvh0hgX3Q-IQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
child.min.css
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81446103729/1660147906944/proX-C25-child/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81446103729/1660147906944/proX-C25-child/child.min.css
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aa639789809d4c8c52d8294cf26e8f7fb5efddb135dd11638124bfa5075df85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147908318
date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 2a6e657acb4fd3f6aee2e3da45e44642.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
FDQYGJ4EYYW9G70D
x-amz-id-2
S1lJopWBTaYUbsY1l+nFFcsVELjJl+ObOpgSbg9WeOmAnZ5JV4qm3qZFE0tjvHZlubL2kkJ7+58=
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:11:49 GMT
server
cloudflare
etag
W/"431ab04ecb2f6d7a1c8c4890e675073c"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tK8gYdzb6FNOFWD42At5bB8o%2FsrSGrGBgGzEfeJ%2FS9gng0bbkv17dV8dn4nqzy6BjeMpZx4i14e2WyW%2BKAcdGvze8ngdMxAfZvil3LNd6WTxkwHNwXBcNgatDKKNyuN1Gi3sXK64PSU3aYI1c%2FMiSyVYso58d%2B7vg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
cbbvQ8VUJNieXCKqjhoYdaxAkyPMraXE
cf-ray
75103b59cadd1895-EWR
x-amz-cf-id
ZQ3uIX4hXo-uKdnbTkaS6OEUqnCPAtxR-qFuq2lo6SULPYMrI2zt4A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
css
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Halant:regular|Roboto:regular,100,700&display=swap
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2da458c2d92e5d49800d3ae1dd491c74b7692473b1dbc23979985b4287ae8e50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 27 Sep 2022 00:48:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 27 Sep 2022 00:48:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Sep 2022 00:48:06 GMT
bundle.min.js
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445138344/1660147917881/proX-C25-child/js/vendor/ 		82 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445138344/1660147917881/proX-C25-child/js/vendor/bundle.min.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
292b4619a5b4191631ec00edaef06beb8503f95b6095fc03631b74ac498722fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147918999
date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
2Y7W3HB1WQQ3Y9JD
x-amz-id-2
MIaPxtQgwq32SCGXMcnyM/+zmqeUpjszoTaw5Yb46QYVsx9+PdzAjQ75HQsfTLw29uPh8Xcpo8EByluODUwtKQ==
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:12:00 GMT
server
cloudflare
etag
W/"7799bd2d8e8f619362e25e538b347d18"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lNdqGq1JQGrWh%2BwvGJuoiuT%2F5dW9aM7Ewmg1EsOe15do4QSK%2FpaegNFcjTAqMFLy4NsBqpkPhLI6YUTjVtgYmcR2DhdDh3YRF21b16AbsMFxphenasDHe6W6RcPHES%2B0iRelNAWpd61jbvpVWvmCQtnoewEDEjZ8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
faFQ4msw6Ckh9wTpVvLPWoZDGX5Ex26_
cf-ray
75103b59cadf1895-EWR
x-amz-cf-id
-inJ8DgTE9xZGtpeSWsHY6ouK0IanBexQxVHVxO3Lq5G1xLbHOFQJA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
script.js
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/ 		94 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/script.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c56f6ca1f7b56a5d5b7ceba20fc5e0794b91d1fbe6f3c2628adc3ed1a21318ad

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:06 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
524848
etag
W/"17809-5e8917d5c85c3-gzip"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mW94LG7A6YS2N0T9g4yfCQMohGX6lj229XfWYA5Wv9jxiTDGpqle2XJJi34N0YpW4p7iUduVAZo%2BjqSGXfvVoNwR%2FsRcyO7PGcGQpaZMi2%2FdOzfw7AvFK7lP5uBKCVRueBLBT7KjPrFWOpYe9Gfv"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b59f89a8c3f-EWR
localize.js
global.localizecdn.com/ 		59 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://global.localizecdn.com/localize.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6f8f5a247489b7df70b3ed677ee61d6c16c93f6b5109f6919272a7d0d27c362
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-x-amz-meta-v
461
date
Tue, 27 Sep 2022 00:48:06 GMT
via
1.1 d671204b8bf6c2b9056c338588204020.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
186990
x-amz-server-side-encryption
AES256
cf-ray
75103b5a0b6fc43b-EWR
x-cache
Hit from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 27 Jul 2022 14:29:16 GMT
server
cloudflare
etag
W/"f937a111b82f58ce64d22a6eb24c3cbf"
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-version-id
zICVQyBlCzZcnHC4xSz9rWz0K9YHNFB_
vary
Accept-Encoding
cache-control
public, max-age=259200
x-amz-cf-pop
EWR52-C1
content-type
application/javascript
x-amz-cf-id
OxUtzFVr9XOiT8EoLM8IL_fClWs8PdWUOn2S9r2kODeE2zIQGguODg==
cf-bgj
minify
in.js
platform.linkedin.com/ 		509 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:9000::1725:7bba New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
6a83808ecf60a19a6dbc539b5e58dc96cb3eafa5e01ac8bfe393cf3f91b9b822

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-li-uuid
AAXpnVFK7qE7bI7EpuJ0ww==
date
Tue, 27 Sep 2022 00:48:06 GMT
content-encoding
gzip
x-cdn-client-ip-version
IPV6
server
Play
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
x-li-pop
prod-ltx1-x
x-li-proto
http/1.1
content-length
163279
x-cdn
AKAM
x-li-fabric
prod-ltx1
expires
Tue, 27 Sep 2022 00:59:26 GMT
DuskRise%20Logo%20White.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/DuskRise%20Logo%20White.png?width=120&height=28&name=DuskRise%20Logo%20White.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6efe842bdc73599b3e49e4202d1947dd5c105773adaa7d47ba23eaf0e8d4c67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 7c325f2607fc0c1ae15500b51b245812.cloudfront.net (CloudFront)
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
71326
cf-polished
origFmt=png, origSize=3144
edge-cache-tag
F-79514225069,P-21649046,FLS-ALL
cache-tag
F-79514225069,P-21649046,FLS-ALL
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
content-disposition
inline; filename="DuskRise%20Logo%20White.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
1552
x-amz-server-side-encryption
AES256
last-modified
Wed, 21 Sep 2022 22:03:19 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"dd55754b8aeb325a7ac08915bc7f8c1d"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0YTeFGKjwem5i6KyAaCBvq%2BS47hAN%2Brov3trNnHq%2BozjNG8x3ZbFlUK3ufjNgpv8z3xL%2FF5l1AqnP%2B%2B97xowEH6Rz8NsbJaaDl3UZNERiInhC0iwNKmg2kFAo4gpHkgLPTcaZLomElcJMOmFIsVt2AVudLmhYUf0QA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD55-P5
accept-ranges
bytes
cf-ray
75103b5bce951895-EWR
x-amz-cf-id
jh9XKMpylBWtOcFkD8dDuHQgY9mmnieN5VdVqOZPg3begJbPccHlnA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
DuskRise%20Logo%20Dark.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/DuskRise%20Logo%20Dark.png?width=120&height=28&name=DuskRise%20Logo%20Dark.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
caa6aa2751659ac0bfd513628598d466e1adcbea75211e851c4cdfd86e9a8798
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
82231
cf-polished
origFmt=png, origSize=3231
edge-cache-tag
F-79512353897,P-21649046,FLS-ALL
cache-tag
F-79512353897,P-21649046,FLS-ALL
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
content-disposition
inline; filename="DuskRise%20Logo%20Dark.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
1550
x-amz-server-side-encryption
AES256
last-modified
Wed, 21 Sep 2022 22:03:35 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"054714927cd30a48ae06ae66a0bda5a9"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H9ksfUfd9d1k4fpHijQlP6ZBLgBdI757XKVv%2Fz4cUuWFnRTE51xjnLWk3l4uySH%2BOcEHMbW8rv9dKT2IZjQwwsfk0mmbowGNnToeNApk9YMGBXhTzwmI%2BMtmLXZmscOyC6%2B%2BCePt6RTeAFZXqzLm3f3GtZtEgPxNAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-P1
accept-ranges
bytes
cf-ray
75103b5bce971895-EWR
x-amz-cf-id
HXtzrKWMF9Elj3qriEzKZrQvMe0V76cVO5_6lLkvRrT9lqIyY-vE-g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
child.min.js
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445623885/1660147899096/proX-C25-child/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445623885/1660147899096/proX-C25-child/child.min.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3e90892ae2dd12863b6eb5637682591ddea66a3d61f904e37f63231f8961c94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147899517
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
CMPG73E0PBMEM64P
x-amz-id-2
gel3axHid71IJVeBqlTzf9RtJW1dR+MZE7zbinnrIIHPTrLmTgYp5jNeG/XKpkjAvv3dMZHhEOw=
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:11:40 GMT
server
cloudflare
etag
W/"909f27832faffd3c97611d9296eeddcf"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQxBLXD7KdH9SfFEeamhduCxKoo4d9z8amtfWNMxOZQGpxRmP8OXIoUJriWtXXc3Sl7Ktx%2B7xm9gQ89D2PFgYgwhlFKS3oBfC6x%2FWPvzk%2FTXNEFQrNpg%2FLYXBKI2odsQsMcGJY9V3dZ4db8ZGvqDZU6BDFoD0Tqzww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
_lJajZuxzIGM.0J_vEQ1SA6osGFu3r3R
cf-ray
75103b5b8e1d1895-EWR
x-amz-cf-id
CKnzq1SuWLQXXPjfdX_tEEYbzxPZZVQujV4E-8v5qAPu35PDWJgaDw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
aos.min.js
blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445757079/1660147889950/proX-C25-child/js/vendor/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hub/21649046/hub_generated/template_assets/81445757079/1660147889950/proX-C25-child/js/vendor/aos.min.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2e36df0748d27e28aaf174930c75d9b9df7e77cf31845d2be01f672983e9e44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1660147890495
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
MG51QEJ9VSCKXRYF
x-amz-id-2
8+591L/o1vaciPWOCojEvzG5ToYa/r8djMEJeFYwgP+Wk8f7tRAGlBQM/5TpXRThBr5PfBagy/0=
x-amz-replication-status
COMPLETED
last-modified
Wed, 10 Aug 2022 16:11:31 GMT
server
cloudflare
etag
W/"fa3e7a84d3f18352c3d73a02dacda0c8"
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDWR1PeFgnedgJwM9UjWQHBiMPwgPGK4JI8wD1WLcn4FyrMFhLzKGn8wSpdORz7spgfNCXkATRUPOkF96rnwFIuCezoMQ1uFL5f7Y8rG%2BNDdDYBtTbkRnmFOE4XxziLWnnxhT8nVaKNqk%2BPaxPbC2ENd%2BVPnndzrrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
j7_FB8.F3Jyel05xfsEkAVFjFUVfLWp2
cf-ray
75103b5b9e3b1895-EWR
x-amz-cf-id
yg_x6PaFwyf0k-nY3UoBf3HoFSc2FJ-gz2STjh9bofaqwipdB4JRhg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
21649046.js
blog.cluster25.duskrise.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/hs/scriptloader/21649046.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
add9bf5659e2177721378540fb0f5b7ad4a29440dd2aaa4b7d3f7cc6af2dde3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
ef1ae458-9a80-4b39-a9e3-c4b859f69654
x-hs-https-only
worker
strict-transport-security
max-age=31536000
last-modified
Mon, 26 Sep 2022 23:38:52 GMT
server
cloudflare
x-trace
2B042491D3157B225FB1A35BBA87B824DA33BF4A34000000000000000000
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAL1k4ADK6hZ7ppkiQ7JwxOQ8XTu%2BRp4aj9lJc4to7mZn4XXlB1uLVWuarydFLRtWt7g8co0%2B8fe%2B9W%2FxObNmU88LbqPgRSLxP4lw5u5Ta5b%2FUSqGpRr50wxme7V4CQ1i%2FFtHUhVJ%2FsIpdJzB2RDob58IQHrfkA3VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.cluster25.duskrise.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
75103b5bce981895-EWR
expires
Tue, 27 Sep 2022 00:49:07 GMT
gtm.js
www.googletagmanager.com/ 		93 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KQQ4DXJ
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fc72f81092c176dcc190ce9df03cbaced6717f6f63b01fccf2a458ed09073744
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37026
x-xss-protection
0
last-modified
Tue, 27 Sep 2022 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
report-to
{"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
cross-origin-opener-policy-report-only
same-origin; report-to="gfe-default_product_name"
expires
Tue, 27 Sep 2022 00:48:07 GMT
log
log.cookieyes.com/api/v1/ 		2 B
153 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://log.cookieyes.com/api/v1/log
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.76.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-76-227.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryV9kFZf2CyRjnhxV5

Response headers

access-control-allow-origin
*
date
Tue, 27 Sep 2022 00:48:07 GMT
x-powered-by
Express
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-length
2
content-type
text/plain; charset=utf-8
banner.js
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/ 		90 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/banner.js
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ea6570d545af67d4a0c8bee0f769307c062ead84d747b8eda78b6936707eb3e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
303886
etag
W/"168a5-5e8917d5c7623-gzip"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYpqGbsL%2BhlbsvGyuiA5o0chgbl%2FU%2BcL21YtJ2GGNUg7xfLp2cZLHvx4kBpD8%2BFL%2F7ZMfiLdRuTGeYzmjCtY7CzeD54SU2r0tHsuC1pjqIF4ycPjKNWGH7PRh4Mq9xP3EqrJWTlwq4cmge9BLkaH"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b5bccd98c3f-EWR
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant:regular|Roboto:regular,100,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 10:24:38 GMT
x-content-type-options
nosniff
age
311009
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Sep 2023 10:24:38 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant:regular|Roboto:regular,100,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sat, 24 Sep 2022 22:36:37 GMT
x-content-type-options
nosniff
age
180690
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Sep 2023 22:36:37 GMT
tu
global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/ 		498 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/tu?v=461
Requested by
Host: global.localizecdn.com
URL: https://global.localizecdn.com/localize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7118ca8d94ed397cefe966fab2741c1c85bdbdbea45a58106939dd1a5980938c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 9f08c6ca19a0337d28f09e25b9ff37c4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-amz-cf-pop
EWR50-C1
x-cache
Miss from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
no-cache
server
cloudflare
etag
W/"1f2-6qfK38oczNGutJQteyiWwurasSo"
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
75103b5c0d8e9e02-EWR
x-amz-cf-id
phortozTHB-bNM75teditl0Q2WBGn4Du4OMlt6RRjHdqD6oOseGDNA==
expires
0
g
global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/ 		12 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/g?v=0&l=source
Requested by
Host: global.localizecdn.com
URL: https://global.localizecdn.com/localize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6ab56bdf555b338e70db435668d6f4c5d53ebd28806a46e6560ca199862ca68
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 5dccc983b54773fbbd262d2029a805d6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
71325
x-cache
Hit from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 26 Sep 2022 04:59:22 GMT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
text/plain
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=172800
x-amz-cf-pop
EWR50-C1
cf-ray
75103b5c0d929e02-EWR
x-amz-cf-id
vBltNElLFaQsyIJvSMTo3vQVQEU0-fogg6aGQh1HjrbTGSHOR5AlEg==
DR-blog-hd_04.png
blog.cluster25.duskrise.com/hubfs/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hubfs/DR-blog-hd_04.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6feab7ffb5ea07093de9741f3f7d910f0457bd5f04591d8be1d15dae4c7d94cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-80218314363,P-21649046,FLS-ALL
age
300185
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80218314363,P-21649046,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="DR-blog-hd_04.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
S7C0C8TNP6HZVTR4
cf-bgj
imgq:85,h2pri
etag
"ba8c67f98b1f2d5e00f984d3c87dc227"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-hs-https-only
worker
x-amz-meta-created-unix-time-millis
1658834855447
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 c36b03c9737c294317e3651e77ee0c4a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
JFK50-P6
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=2199859
x-cache
RefreshHit from cloudfront
cache-tag
F-80218314363,P-21649046,FLS-ALL
x-amz-meta-index-tag
all
content-length
1328020
x-amz-id-2
AuMhIwd+VDLTg44Pxop4+BJC8tvWNlOKin/GIvKKa/JD6k95Fg3nanceoIRgrLMXoR7X17T+zJ8=
last-modified
Tue, 26 Jul 2022 11:27:36 GMT
server
cloudflare
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2AQjd%2Fryde9BzeJp41SeAQcoTjz4pvVDG7%2B05y7v7sTlqnJkqgjRoDueY8Oloj%2F766ULV%2F7b469LpIRUQuX%2FKFwXCiSvmbNIQudyNiORAse8cBwnd7Q9uk4OEdEHIgm%2FoBoSS5u4ijoh%2B0ixEczCrPk1LDHaBVDCg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
5wyAH3A7QSCJ5ShgMKMYld6FYfhQqc2s
accept-ranges
bytes
cf-ray
75103b5c0f241895-EWR
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
ot99OrLO57983DfO0SLXpA_rWrvTPB6aJcOODFJk93y0tLzDS2kxsw==
KFOkCnqEu92Fr1MmgVxIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant:regular|Roboto:regular,100,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 10:24:47 GMT
x-content-type-options
nosniff
age
311000
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15764
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Sep 2023 10:24:47 GMT
intro_img-Jul-15-2022-01-50-00-33-AM.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/intro_img-Jul-15-2022-01-50-00-33-AM.png?width=1200&name=intro_img-Jul-15-2022-01-50-00-33-AM.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6906d0f3d92e8bd6bc17c5b745be543dcb99ad71b7451f2234b654217339b9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

age
300185
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80868098637,P-21649046,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="intro_img-Jul-15-2022-01-50-00-33-AM.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
cf-bgj
imgq:85,h2pri
etag
"85a1c381962f510db8da4105544fa664"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1659451112058
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=71498
x-cache
Hit from cloudfront
cache-tag
F-80868098637,P-21649046,FLS-ALL
x-amz-meta-index-tag
all
content-length
45552
x-amz-replication-status
COMPLETED
last-modified
Tue, 02 Aug 2022 14:38:33 GMT
server
cloudflare
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2agAeSRBYHDwxhyOrP3fW%2BAcfF%2BRu1Ulef4WnsXHGlWBkY0w21Daq5Ojr5VAhOChTiPmTexGpxM%2BvzDhA33cWS4ou9O7yYX1motufla7605UOrIgJYQCfA1DlcDCzsSpocMiMakXQxUPeLMA8%2BsaW%2BbYm73HVuY1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
75103b5c5ff71895-EWR
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
9gI9sCM1s3PZVw8VaPaR22wKb13q7qRIgtLbevnXh1mdIDHCFEtIJw==
interpr.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		128 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/interpr.png?width=1006&name=interpr.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec4b0a91505b527c8e251be2f124eb954bf002003c659a88b4451bc11b1ab27c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

age
300184
x-amz-server-side-encryption
AES256
edge-cache-tag
F-85809960542,P-21649046,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="interpr.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
cf-bgj
imgq:85,h2pri
etag
"16637e0bcd8e3a2e3f4ac56af2c91fd1"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1663923055092
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 066fc17b108820c747336d8f45e8ea54.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=243874
x-cache
RefreshHit from cloudfront
cache-tag
F-85809960542,P-21649046,FLS-ALL
x-amz-meta-index-tag
all
content-length
131052
x-amz-replication-status
COMPLETED
last-modified
Fri, 23 Sep 2022 08:50:56 GMT
server
cloudflare
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqWATC3UjYSSzZMrLA0%2BHh%2FXfyA5TcGey35WCuJ%2FTAzz5EZhot%2BQktN61Wd7pJVD6iRiaAnCHa2cPlKzboPzmZA%2Br%2BtFmpeuV7QmqryzehgD3Tl6J5JManwQO5gfZ7mlpcj0ZVRYonYtIuVH%2Bbbv%2BStOOpoY8xlP3w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
75103b5c5ff91895-EWR
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
Or_TJrwdxvIypZWuevH8qjqckfWSJ5yDcr14oJ2KOnGJeQJjxtTWTA==
powershell.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		205 KB
206 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/powershell.png?width=993&name=powershell.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c98e10a97c2d7c5c09881034daae37cc7dfebe44f4207ce5a4e4e11ac9415b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

age
300185
x-amz-server-side-encryption
AES256
edge-cache-tag
F-85811412612,P-21649046,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="powershell.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
cf-bgj
imgq:85,h2pri
etag
"071eb8f78933243b48a34fa1947738fa"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1663923369328
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=437668
x-cache
Hit from cloudfront
cache-tag
F-85811412612,P-21649046,FLS-ALL
x-amz-meta-index-tag
all
content-length
210238
x-amz-replication-status
COMPLETED
last-modified
Fri, 23 Sep 2022 08:56:10 GMT
server
cloudflare
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQqPCVd%2BhTY8BTRcpQHjM228Wly%2F4j9qo%2FKU5tPspE%2FQAM6xRtehKZLkpHbTx4Ft7U%2BXQmxcR%2BaYATDRXbQ4wFBWAwblXmJWOQaev1Html7Z0RVlX1JHXbK4z7jRPUf9OFr2nStyVR3WZrV%2F%2Fy0NFHZI31rGI52W4g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
75103b5c5ffb1895-EWR
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
1eyyq5uuzcAXTjmW6qXMiGvOWbgVeZi2f6o0uJACJ_9UsNX2LeEixg==
u-4-0qaujRI2Pbsn2Nhn.woff2
fonts.gstatic.com/s/halant/v13/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/halant/v13/u-4-0qaujRI2Pbsn2Nhn.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant:regular|Roboto:regular,100,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0254f240fa42b8648742588db97d7703f35618852ac834936eedd939c58ee1d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 00:02:26 GMT
x-content-type-options
nosniff
age
348341
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18632
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 17:02:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Sep 2023 00:02:26 GMT
va.png
blog.cluster25.duskrise.com/hs-fs/hubfs/ 		152 KB
153 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cluster25.duskrise.com/hs-fs/hubfs/va.png?width=992&name=va.png
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
55fe1ad746415980d0e3660052e8dd8674382d85436605cc59e2732d5d0fa227
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

age
177498
x-amz-server-side-encryption
AES256
edge-cache-tag
F-85812408728,P-21649046,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="va.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
cf-bgj
imgq:85,h2pri
etag
"bada8a85d93fd431e98babc4caf4a835"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1663924762216
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 7c325f2607fc0c1ae15500b51b245812.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=286829
x-cache
RefreshHit from cloudfront
cache-tag
F-85812408728,P-21649046,FLS-ALL
x-amz-meta-index-tag
all
content-length
155996
x-amz-replication-status
COMPLETED
last-modified
Fri, 23 Sep 2022 09:19:23 GMT
server
cloudflare
strict-transport-security
max-age=31536000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t1HErQjuLuH2UuYWaAWkfHRBin6GpiAfNGUJCytlwqTVW8pxdnvrU0zMR0YyL1QS3hPPNBWaPKMor8nCLEQ1mwx9G2e9ALTP4gM5TT4Fa0q80AvdlJnN4xrsYg%2FgMHqhrOoH%2BGQFmP2AvGDRKqchkd8FtC8B9Gj1g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
75103b5d39be1895-EWR
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
pQuctSWQadIukIxTSPEX0cB8fTSqCtmRuf8DlTIb4ttTK8F-64-ylA==
g
global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/ 		48 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/g?v=535&l=en
Requested by
Host: global.localizecdn.com
URL: https://global.localizecdn.com/localize.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba81ce19ea615c5c73bc0503cb43aad2f13b3637d8d62009fc6e5243f40a0343
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 04d5f6961d9b76b97c908d8ed9816378.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
35483
x-cache
Hit from cloudfront
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 26 Sep 2022 14:56:44 GMT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
text/plain
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=5184000
x-amz-cf-pop
EWR50-C1
cf-ray
75103b5d4cd532c7-EWR
x-amz-cf-id
r-01nD4clntf_uDKSAxSBKBDn-igPQaRq_BpCNr-VZn1EbzE_jUFlQ==
js
www.googletagmanager.com/gtag/ 		213 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LWCDVL0Y5Z&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KQQ4DXJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
52040e3167da4cefc9961760326f22d31c45beb7d443be475bfff86921a50304
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
75654
x-xss-protection
0
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
report-to
{"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
cross-origin-opener-policy-report-only
same-origin; report-to="gfe-default_product_name"
expires
Tue, 27 Sep 2022 00:48:07 GMT
all.js
connect.facebook.net/en_GB/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
484c4549f244539ebcd60fd22af6c17bfd0fcad66ce9bb34dcee99cb1f66d043
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
R3FgUUViB2fRLTJ/6YL45w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
em0B9ibpqYOXY15vQPiz0SAg1fKAXZb6JXuR9ZFYy+VooaJz/knj0dAYsYcPECPkTl5ascrJw+dLwW9StUueAg==
x-fb-trip-id
1512268381
x-fb-content-md5
c284d59a5c5fa515add90e05601eba7f
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 27 Sep 2022 00:48:07 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"f5b913053c5f86fafa03070f166dddf2"
timing-allow-origin
*
expires
Tue, 27 Sep 2022 00:56:51 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1D1D) /
Resource Hash
8f4fc0f336126492b535be2e0b29fbb538a3079547d19a81368aec9268a54f26

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 00:48:07 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
1171
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Methods
GET
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
29220
x-amzn-internal-status
304
Last-Modified
Wed, 31 Aug 2022 20:41:50 GMT
Server
ECS (nyb/1D1D)
Etag
"f116c7e6b28e2aebeb60ade5bdc8e2b4+gzip"
Access-Control-Max-Age
3000
x-tw-cdn
VZ
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
21649046.js
js.hs-analytics.net/analytics/1664239500000/ 		63 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1664239500000/21649046.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/hs/scriptloader/21649046.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4b5bfee05c0ab1e950bde7f767a7a545e7ff49d30cfbb23ddec36fa6173573c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
B8XNB9Z5EDHREG3F
x-amz-server-side-encryption
AES256
cf-ray
75103b5e9f1ac3f3-EWR
x-amz-id-2
3iU7Zow/yLx2MSwewtBG0c+qiflxpo07fWPmaRDoTYHuGmXMWCyiXFoqUN4hflaPdM4Y1k/pusg=
last-modified
Thu, 22 Sep 2022 18:07:53 GMT
server
cloudflare
etag
W/"69ed7aec83401240f875443b54d48e4d"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Tue, 27 Sep 2022 00:53:07 GMT
collectedforms.js
js.hscollectedforms.net/ 		65 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/hs/scriptloader/21649046.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5678810bf1c13d60bc4d55a3ca96c163ffc01f865c4e4a64001fc32ffcd367cb

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
45071
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.292/bundles/project.js&cfRay=750bef010e181971-EWR
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
75103b5e8fb8196c-EWR
last-modified
Tue, 13 Sep 2022 10:41:10 UTC
server
cloudflare
etag
W/"7a468b833be86c01bc8dfd455308f792"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
5afLcxIjU5LfvvyyfvxzjsWXufXHSL1t
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD12-P3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
rvI0iBVqQXuWEn6cZYbDRkRB8QibtIEWtDcj3ADf8XmqKzA0y67tsQ==
x-hs-target-asset
collected-forms-embed-js/static-1.292/bundles/project.js
fb.js
js.hsadspixel.net/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/hs/scriptloader/21649046.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:72b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbe5717b2e530ed3889fef7a3f64bd8703892af4df7a50ebdab50877d714ccb1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 2affb7ecc0abefae57d3bdc8fe4130a2.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
413
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.293/bundles/pixels-release.js&cfRay=751031467893c44f-EWR
x-cache
Hit from cloudfront
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 23 Sep 2022 05:23:07 UTC
server
cloudflare
etag
W/"46dd82490c71a41bce1eabb2e38c89c0"
vary
Accept-Encoding
x-amz-version-id
7KJ54BFzipn1nE_Td6RfTtNOqayLQBYG
cache-control
max-age=600
x-hs-cache-status
MISS
x-amz-cf-pop
IAD12-P1
cf-ray
75103b5e9df11927-EWR
x-amz-cf-id
DhjVgrGitIb7R3zTw8xyn7j-d0gif8_RQVkI6sNSkYkNJ_E32Mm5ow==
x-hs-target-asset
adsscriptloaderstatic/static-1.293/bundles/pixels-release.js
21649046.js
js.hs-banner.com/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/21649046.js
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/hs/scriptloader/21649046.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27b8655bdb6180fac610cd765735cf239d537c55fbb2a9b798efdf1f99410184

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
MQW2M0J1EKYGEC8M
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
pnhaoAilF4jhYpjmuaeOO8vCHDFMSqFk2apE+uYvJx8M0XyNGT0bWttqvc3RDRYyay5LqwsSzgA=
timing-allow-origin
*
last-modified
Mon, 19 Sep 2022 14:45:44 GMT
server
cloudflare
etag
W/"d44589c8d400298f4f27c61c9eda1a38"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
U0BHnrt.1gzbf695759nHOTObX.3fFCn
access-control-allow-origin
https://blog.cluster25.duskrise.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
75103b5e69561764-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Tue, 27 Sep 2022 00:53:07 GMT
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
685 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=21649046&callback=jsonpHandler
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode
false
server
cloudflare
x-hubspot-correlation-id
9ac78d5a-8c44-4d0d-b891-6594f5a39da6
x-trace
2B3765322D7C987F6901443EA2C190491D93F68B2B000000000000000000
date
Tue, 27 Sep 2022 00:48:07 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
cf-cache-status
DYNAMIC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=75103b5e9da28c15&resource=unknown"}]}
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
75103b5e9da28c15-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
tl.gif
global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/ 		43 B
457 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/tl.gif?l=source&c=9423000
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 ce0d380336eb1f624e574285078b47f6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
BYPASS
x-amz-cf-pop
EWR50-C1
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
75103b5edbc219cb-EWR
x-amz-cf-id
MS-dX8fdAHSqz1MS0gVpyc7lJ2nYFJ2Ejzy66XtI-5pxYhtB0_BCbg==
expires
0
tl.gif
global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/ 		43 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://global.localizecdn.com/api/lib/cEqXuK0bL5ZC6/tl.gif?l=en&c=5557897
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
via
1.1 724c8c129f28bfce25c0430050f1ae72.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
BYPASS
x-amz-cf-pop
EWR50-C1
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
75103b5edbbf19cb-EWR
x-amz-cf-id
PNs1kWxCZxwiG76FR04vqCmx-UE0qtSy5fhdQukwoPdLX0IiL0Ia_A==
expires
0
collect
www.google-analytics.com/g/ 		0
535 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-LWCDVL0Y5Z&gtm=2oe9l0&_p=1099125705&gcs=G100&gdid=dZTQ1Zm&cid=2082305707.1664239688&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&sid=1664239687&sct=1&seg=0&dl=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&dt=In%20the%20footsteps%20of%20the%20Fancy%20Bear%3A%20PowerPoint%C2%A0mouse-over%20event%20abused%20to%20deliver%20Graphite%20implants&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LWCDVL0Y5Z&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 00:48:07 GMT
server
Golfe2
report-to
{"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
content-type
text/plain
access-control-allow-origin
https://blog.cluster25.duskrise.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
cross-origin-opener-policy-report-only
same-origin; report-to="gfe-default_product_name"
expires
Fri, 01 Jan 1990 00:00:00 GMT
all.js
connect.facebook.net/en_GB/ 		316 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js?hash=ea6e6720e7a35a8b8c7d56664f0d0502
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
93b48e45f8d10f651455e2e56b95348ef0fad0f028045423b1e43da1c9a2a96b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Origin
https://blog.cluster25.duskrise.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
LuuUED3d3gqImL13bzCGvA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
87240
x-fb-rlafr
0
x-fb-debug
8PfK7OCjTLBI0oRmag5ger8T7yV1LKVkx8F+GYYjrJIKwosYdA2EZKNUqJrI/GS7dZcbgwHJb8/kYprjym+IIg==
x-fb-content-md5
b09ecfe7c3604f18724509a370d33686
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 27 Sep 2022 00:48:07 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"74d8d746cc985f5f8c0ab84f7c39f8ab"
timing-allow-origin
*
priority
u=3,i
expires
Tue, 26 Sep 2023 23:08:45 GMT
widget_iframe.c4bdc17e77719578b594d5555bee90db.html
platform.twitter.com/widgets/ Frame F7D9 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fblog.cluster25.duskrise.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyb/1DCD) /
Resource Hash
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
2261091
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105445
Content-Type
text/html; charset=utf-8
Date
Tue, 27 Sep 2022 00:48:07 GMT
Etag
"50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified
Wed, 31 Aug 2022 20:40:57 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nyb/1DCD)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
domain-collection
js.hs-banner.com/cookie-banner-public/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blog.cluster25.duskrise.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://blog.cluster25.duskrise.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
75103b5fa843c402-EWR
content-length
0
content-type
application/octet-stream
date
Tue, 27 Sep 2022 00:48:07 GMT
server
cloudflare
timing-allow-origin
*
domain-collection
js.hs-banner.com/cookie-banner-public/v1/ 		0
136 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/21649046.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/json

Response headers

timing-allow-origin
*
date
Tue, 27 Sep 2022 00:48:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
55cabc28-fc17-4f71-9c64-88e82ec72b05
x-trace
2B8CB917FB52F41EB02325B43E5D144FFC8317E616000000000000000000
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://blog.cluster25.duskrise.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
cf-ray
75103b5fe8c1c402-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 		66 B
842 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=21649046
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c4f383e46b1194a769045c5affa2d5f248a9e7cbfa29c1df32683fe096f44a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
749f0866-8671-42bd-9303-d5d2637aee14
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B8C0FED8ED5D6C5A1B1951F9DABD6AC3AA7616DC4000000000000000000
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75BWtylRXj1eVYfv0fXp%2FdO7KFqAaCsgRPsHUCa%2BG1Su0Snk0YuwuCdIrtqNz3G%2FK5UfPWbJoQRhFf%2Bu2YOovAPdSMyM%2B5uhTdwTuiudSehbcL6KwHWzi42abBSEOcYLPwRfc%2F5nVpAj9Ico"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.cluster25.duskrise.com
access-control-allow-credentials
false
cf-ray
75103b5fd86be6e0-EWR
access-control-allow-headers
*
json
forms.hubspot.com/collected-forms/v1/config/ 		116 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/collected-forms/v1/config/json?portalId=21649046&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bf14f8550bc4e43b733c39eab3d99b92da73a890e1c113da40b699d2316bde7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
f83577ce-ff13-4443-ab7f-781fccc00b3f
cf-ray
75103b603df778d5-EWR
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2YsUmhEb5dMinLMjixp0VCQIL541An%2BNPBt2GBBKq9g5ypw%2B1DvdSauKXRhQmh%2Fd%2BD6v07HxFJlcLRuWVcKcr%2Bc4jRLKoMtE%2BL%2Bd6XPeaMZx4JMXFPeb36ck5OOCUqc9LUpR9EvFaMv4WPALOOD"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.cluster25.duskrise.com
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
settings
syndication.twitter.com/ Frame F7D9 		772 B
648 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=74a14edf326209bcf11c3ee001853f1a056b2d80
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fblog.cluster25.duskrise.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
4cade7790f0e957017d53eee9cdb1e514dd78dc433130818cd5e2ac93b9aef54
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-US,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time
6
date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
gzip
last-modified
Tue, 27 Sep 2022 00:48:07 GMT
server
tsa_b
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
f4cbaa5983bffa9c
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
ce303077fd4bab4ac3190c9eec62156acd64add51f5df0da5331859a9efa2423
content-length
328
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:9000::1725:7b88 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
content-encoding
gzip
last-modified
Fri, 12 Aug 2022 20:23:36 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=36963
accept-ranges
bytes
content-length
3063
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
46e00906-2215-4b6f-9c5a-4267b24831e8
x-trace
2BFA3641807AD3317474213A96E40C46E83492F068000000000000000000
x-robots-tag
none
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
75103b60adb819f3-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35
/
p.adsymptotic.com/d/px/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3859058%26time%3D1664239687762%26url%3Dhttps%253A%252F%252Fblog.cluster25.duskris...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3859058&time=1664239687762&url=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphit...
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887&_expected_cookie=104847e4326112a3f239619b...
43 B
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887&_expected_cookie=104847e4326112a3f239619bd02649a9
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Server
104.18.100.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

p3p
CP='NON DSP COR CONi OUR BUS CNT'
date
Tue, 27 Sep 2022 00:48:08 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75103b629a15185d-EWR
content-length
43
content-type
image/gif

Redirect headers

location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=80b02d18-26f0-4fe5-9985-eee645665887&_expected_cookie=104847e4326112a3f239619bd02649a9
date
Tue, 27 Sep 2022 00:48:08 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75103b624978185d-EWR
content-length
0
wJy1fq_T.json
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/ 		42 B
595 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/wJy1fq_T.json
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cca73345e2876bca107cc15fcfaf502bd7a675c895687d43895e3fd4cfeab7e9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
380289
etag
W/"2a-5e8917d5c9563"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJ5G9uZFZ%2FOxEItaQwM3tkenfHmtOj%2B25aLyL3OoLKIXBjmTVJlwTlfEYkyCgcZVun7m1tsv57mDI1tmRkSvBtClRBEIRrkj4PyEiDDAiaASoXAPRrminmJVfUHyEYc8BwvxZ9446pVQNZBoGFsm"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b62f870c42f-EWR
__ptq.gif
track.hubspot.com/ 		45 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=492729889&v=1.1&a=21649046&pi=85808518979&ct=blog-post&ccu=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&cpi=85808518979&cgi=79260149140&lpi=85808518979&lvi=85808518979&lvc=en&pu=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&t=In+the+footsteps+of+the+Fancy+Bear%3A+PowerPoint%C2%A0mouse-over+event+abused+to+deliver+Graphite+implants&cts=1664239688132&vi=a7c758c2f87fb13bc25811ce2f694a02&nc=true&u=188567351.a7c758c2f87fb13bc25811ce2f694a02.1664239688128.1664239688128.1664239688128.1&b=188567351.1.1664239688128&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
4750666e-3a36-442f-8aeb-05339ba60021
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
x-robots-tag
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FkTSmnzJHZyAebLL5ETfjlklLZaXhTba4M8TfXEw9HauWzwPRnA74b1UpxHYap083oRQBbx3dxbB2dPEi%2FfoBSmj8Om5SlJsZTFit7ECbvEdA0j3rdacKdXFwywTTA2fdx9ZRIq04U2WZfq%2Ft7gL"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
75103b62e8268c15-EWR
7IqOgsT3.json
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/config/ 		28 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/config/7IqOgsT3.json
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9a8e51bf3bec3d38836b54e78fad316805076ac1710df0603796f280e51e77

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
380289
etag
W/"6eaf-5e8917d5c85c3"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HhrIjphBCAulG3TUr2u5y%2BpyNcGhLDVBa2%2FWS%2B2qZVrAdyPtK6L8QG3FrCW0qtjPWANpbk%2FfX%2Bm4Rjaw9q8CuhSyzcUN9%2FPqsobafYdrqgoMkoNB0L9meK%2FteewmIm%2FAi9ZjKz%2FyYqLWO7aUkUN"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b6318e3c42f-EWR
BnmX7zcN.json
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/translations/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/translations/BnmX7zcN.json
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3aae0dc5bdab2ce8404137a05fef9187564b1daf3b1f4da75ff691dbb46490bb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
304152
etag
W/"799-5e8917d5c85c3"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oof6fIz4rlilQc91PpOZlQetcW%2BHW5yoDCsF4JRMNU4HzidyUt3yls9p3Mnwi9jN6yKn0yDnGQUTwkF7RqYzUHfkz095eZVpFH%2FQspcMBLDLE1QCJUrWnGjnycZFwY5Uk8iOqlJs9vVhQqO9HnJp"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b633934c42f-EWR
alFA5AmN.json
cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/audit-table/ 		6 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/audit-table/alFA5AmN.json
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92e67ff230a92c523ab499de9fb3039e587dbbc749f8d6e1530c197184c7473d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Sep 2022 16:27:34 GMT
server
cloudflare
age
380289
etag
W/"185e-5e8917d5c7623"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BmUuvtIN85wEP58WBSjSA8X5lC4OnVWRE1fsmVK07zY8tQg3AD6qGQ0JlhM2GfrhxGHr4bJ9j%2FQLveNesQ84EZG9idA%2B%2BYAVC3g7KhdyrI9%2FTPmlSG9wC%2FG%2FHB7YNPwBDT84kG7T6lMY%2Fc7jiqg"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b635978c42f-EWR
close.svg
cdn-cookieyes.com/assets/images/ 		1 KB
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-cookieyes.com/assets/images/close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Mar 2022 04:40:50 GMT
server
cloudflare
age
393620
etag
W/"541-5da3a66c769d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wX83qH%2FdDl2w%2FPV6RQxoFYQvVXO6uPwFhbofC0%2FPdzWZn3jt7wR8hna4GKmue8X4EP4%2B75h9ev%2BM51aBT1GnFwHMafEKK8hooJ8pTX3mbwRSGjPtEpyKan05plCzxc08T8L91KNKMtU7Vrv5Xx%2Fd"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b63883e8c3f-EWR
poweredbtcky.svg
cdn-cookieyes.com/assets/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-cookieyes.com/assets/images/poweredbtcky.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
911f58b8d14bd6f73a83fd774e44bec97e896317c7093dc83e96921e64f1fbd5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 00:48:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 15 Mar 2022 04:41:24 GMT
server
cloudflare
age
393607
etag
W/"eb2-5da3a68c50d09"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkkyOeoQbb4kFzOfemDNgQhdxrizeGznOoFloj5Hinh3DgX9MVDp4Zr6C0pkYEKnfm7wawQUNnMg0GtChN5Bpeb30NO4q%2BMu3jk%2FR%2B1p3zBmSlBvv7CSwMVi1XTrdpaInB0u0NZIJxKTs3GVfn7C"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=604800, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
75103b6388428c3f-EWR
log
log.cookieyes.com/api/v1/ 		2 B
152 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://log.cookieyes.com/api/v1/log
Requested by
Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/e7cc3163caf9554c71e95b8e/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.76.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-76-227.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryk318ZTZzgzAQ57gv

Response headers

access-control-allow-origin
*
date
Tue, 27 Sep 2022 00:48:08 GMT
x-powered-by
Express
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-length
2
content-type
text/plain; charset=utf-8
perf
blog.cluster25.duskrise.com/_hcms/ 		2 B
516 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.cluster25.duskrise.com/_hcms/perf
Requested by
Host: blog.cluster25.duskrise.com
URL: https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-type
application/json

Response headers

cf-ray
75103b758a311895-EWR
date
Tue, 27 Sep 2022 00:48:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
5215c8d6-bb47-436d-ac4e-03698a3662ae
x-trace
2B2829DF331307E4DADECFFC70C64C45525162511C000000000000000000
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAo8iWnp3wRqZ1PwB2nJHh2CMIXJvHwaL18iqydwVJ%2Fygd5COgTiKGbY4bQjFhrNWMzIJnpUablXtjcFCX9tgxlmoI42HNq1UfYG%2B5nU4zfCOqH0X4tI%2BmTk4QLVjUvFEYUdHhTMD1be%2F4ZHi%2BgjOtydqg8AAGETOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-hs-https-only
worker
strict-transport-security
max-age=31536000
x-robots-tag
none
content-length
2
collect
www.google-analytics.com/g/ 		0
19 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-LWCDVL0Y5Z&gtm=2oe9l0&_p=1099125705&gcs=G111&gdid=dZTQ1Zm&cid=2082305707.1664239688&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=2&sid=1664239687&sct=1&seg=0&dl=https%3A%2F%2Fblog.cluster25.duskrise.com%2F2022%2F09%2F23%2Fin-the-footsteps-of-the-fancy-bear-powerpoint-graphite%2F&dt=In%20the%20footsteps%20of%20the%20Fancy%20Bear%3A%20PowerPoint%C2%A0mouse-over%20event%20abused%20to%20deliver%20Graphite%20implants&en=user_engagement&ep.ga_temp_client_id=2082305707.1664239688&_et=71
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LWCDVL0Y5Z&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 00:48:12 GMT
server
Golfe2
report-to
{"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
content-type
text/plain
access-control-allow-origin
https://blog.cluster25.duskrise.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
cross-origin-opener-policy-report-only
same-origin; report-to="gfe-default_product_name"
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| AOS function| GLightbox function| Glide function| LazyLoad object| _hsp function| hsLoadGtm boolean| useGoogleConsentMode function| gtag boolean| _hsGoogleConsentRunOnce object| dataLayer boolean| _hsGtmLoadOnce object| cookieyes object| Localize function| $ function| jQuery function| hsjQuery object| google_tag_manager object| google_tag_data object| regeneratorRuntime function| revisitCkyConsent function| performBannerAction object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| _hsq function| jsonpHandler function| onYouTubeIframeAPIReady object| gaGlobal object| FB object| __twttrll object| twttr object| __twttr boolean| PIXELS_RAN boolean| _hspb_ran boolean| _hspb_loaded object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded object| __buffer object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk boolean| _hstc_ran string| __hsUserToken number| expireDateTime

26 Cookies

Domain/Path Name / Value
.blog.cluster25.duskrise.com/ Name: __cfruid
Value: d2d9dbd04f16c349da0751e558ba7dacf4346318-1664239686
.blog.cluster25.duskrise.com/ Name: __cf_bm
Value: i3vRwlLfXvpi0Yy0USyfWosqIfG5CRrOPU7AKGWAOL4-1664239686-0-Ae2brHYrdlnL7BwjMglrhS6LmZ1GfGWMQVl4ZSWXB/bL1gbGa42hyffIguXMbC81lA+avTpkqym1BToWnws1Eu4=
.duskrise.com/ Name: cookieyesID
Value: SWVjQ0VhR2dKRHltNnd0N0pSRUZxbDdZbkN1ekdBclM
.hubspot.com/ Name: __cf_bm
Value: FLLcsCoC3puvp6axJ3dqdbTr1v0B6w.xcRvtzziStWE-1664239687-0-AYxbFHeah+QsY7r8x7zQMOCiRcAceoli/kv3RVIf8W96+FHJoKWiW8cWzdhUh37gqfZKP5Z33+9xZZ/GbcM3DVE=
.duskrise.com/ Name: _ga
Value: GA1.1.2082305707.1664239688
.duskrise.com/ Name: _ga_LWCDVL0Y5Z
Value: GS1.1.1664239687.1.0.1664239687.0.0.0
.linkedin.com/ Name: li_sugr
Value: 80b02d18-26f0-4fe5-9985-eee645665887
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&e654c5ed-d842-4ca7-8c08-2a930681ad71"
.linkedin.com/ Name: lidc
Value: "b=VGST08:s=V:r=V:a=V:p=V:g=2412:u=1:x=1:i=1664239687:t=1664326087:v=2:sig=AQHFp46qV_HWhU1M_N8HbvkvrvoVbfnc"
.linkedin.com/ Name: UserMatchHistory
Value: AQKDui7jnNUZ2QAAAYN8ali3fUrn5LwugyYP4GzXTdvxsLB3XjxygF6MZen760I7U36kFR70CzcdJA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQIpymWGCCfVswAAAYN8ali3MhAj7jdrWfb3bEq0O9E7S-UWffvurDyuazNultZc9MD_kn4oLn4DS31HKpIxaw
.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.www.linkedin.com/ Name: bscookie
Value: "v=1&202209270048073ffc7552-afad-4168-8073-70910dc8ba3bAQESDy7UNQEYi7hIw3GU0b6I-vri07nv"
.adsymptotic.com/ Name: U
Value: 104847e4326112a3f239619bd02649a9
.duskrise.com/ Name: __hstc
Value: 188567351.a7c758c2f87fb13bc25811ce2f694a02.1664239688128.1664239688128.1664239688128.1
.duskrise.com/ Name: hubspotutk
Value: a7c758c2f87fb13bc25811ce2f694a02
.duskrise.com/ Name: __hssrc
Value: 1
.duskrise.com/ Name: __hssc
Value: 188567351.1.1664239688128
.duskrise.com/ Name: cky-consent
Value: no
.duskrise.com/ Name: cookieyes-necessary
Value: yes
.duskrise.com/ Name: cookieyes-functional
Value: no
.duskrise.com/ Name: cookieyes-analytics
Value: no
.duskrise.com/ Name: cookieyes-performance
Value: no
.duskrise.com/ Name: cookieyes-advertisement
Value: no
.duskrise.com/ Name: cookieyes-other
Value: no

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
app.hubspot.com
blog.cluster25.duskrise.com
cdn-cookieyes.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
global.localizecdn.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
log.cookieyes.com
p.adsymptotic.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
syndication.twitter.com
track.hubspot.com
unpkg.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
104.18.100.194
104.244.42.72
13.107.42.14
2600:141b:9000::1725:7b88
2600:141b:9000::1725:7bba
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:2c40::c73c:67e4
2606:4700:20::681a:146
2606:4700:3108::ac42:2b2f
2606:4700:4400::6812:21ab
2606:4700::6810:5805
2606:4700::6810:7daf
2606:4700::6811:44b0
2606:4700::6811:72b0
2606:4700::6811:7fab
2606:4700::6811:cacc
2606:4700::6813:9a53
2606:4700::6813:9b53
2607:f8b0:4006:817::2003
2607:f8b0:4006:817::200a
2607:f8b0:4006:81d::200e
2607:f8b0:4006:820::2008
2620:1ec:21::14
2a03:2880:f012:10c:face:b00c:0:3
52.209.76.227
0254f240fa42b8648742588db97d7703f35618852ac834936eedd939c58ee1d5
0b9a8e51bf3bec3d38836b54e78fad316805076ac1710df0603796f280e51e77
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18
1a5b9f6e091aa96c2cce65d99580a34332bba2c1f43454ecd8533246336c7901
27b8655bdb6180fac610cd765735cf239d537c55fbb2a9b798efdf1f99410184
292b4619a5b4191631ec00edaef06beb8503f95b6095fc03631b74ac498722fe
2da458c2d92e5d49800d3ae1dd491c74b7692473b1dbc23979985b4287ae8e50
2ea6570d545af67d4a0c8bee0f769307c062ead84d747b8eda78b6936707eb3e
30eb3e047880a7f6c49e09d5a589e0754b9c31494cdb714fd4a691bdb7435dba
3aae0dc5bdab2ce8404137a05fef9187564b1daf3b1f4da75ff691dbb46490bb
484c4549f244539ebcd60fd22af6c17bfd0fcad66ce9bb34dcee99cb1f66d043
4c98e10a97c2d7c5c09881034daae37cc7dfebe44f4207ce5a4e4e11ac9415b4
4cade7790f0e957017d53eee9cdb1e514dd78dc433130818cd5e2ac93b9aef54
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
52040e3167da4cefc9961760326f22d31c45beb7d443be475bfff86921a50304
55fe1ad746415980d0e3660052e8dd8674382d85436605cc59e2732d5d0fa227
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5678810bf1c13d60bc4d55a3ca96c163ffc01f865c4e4a64001fc32ffcd367cb
5aa639789809d4c8c52d8294cf26e8f7fb5efddb135dd11638124bfa5075df85
5bf14f8550bc4e43b733c39eab3d99b92da73a890e1c113da40b699d2316bde7
6a83808ecf60a19a6dbc539b5e58dc96cb3eafa5e01ac8bfe393cf3f91b9b822
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6feab7ffb5ea07093de9741f3f7d910f0457bd5f04591d8be1d15dae4c7d94cb
7118ca8d94ed397cefe966fab2741c1c85bdbdbea45a58106939dd1a5980938c
7c4f383e46b1194a769045c5affa2d5f248a9e7cbfa29c1df32683fe096f44a0
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f4fc0f336126492b535be2e0b29fbb538a3079547d19a81368aec9268a54f26
911f58b8d14bd6f73a83fd774e44bec97e896317c7093dc83e96921e64f1fbd5
92e67ff230a92c523ab499de9fb3039e587dbbc749f8d6e1530c197184c7473d
93b48e45f8d10f651455e2e56b95348ef0fad0f028045423b1e43da1c9a2a96b
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
9ff72cdb0b76e451b768bd1269c38816636d1b8ae396b0f8604b986040527ca2
a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b
add9bf5659e2177721378540fb0f5b7ad4a29440dd2aaa4b7d3f7cc6af2dde3b
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
ba81ce19ea615c5c73bc0503cb43aad2f13b3637d8d62009fc6e5243f40a0343
bbe5717b2e530ed3889fef7a3f64bd8703892af4df7a50ebdab50877d714ccb1
c3e90892ae2dd12863b6eb5637682591ddea66a3d61f904e37f63231f8961c94
c56f6ca1f7b56a5d5b7ceba20fc5e0794b91d1fbe6f3c2628adc3ed1a21318ad
c6efe842bdc73599b3e49e4202d1947dd5c105773adaa7d47ba23eaf0e8d4c67
caa6aa2751659ac0bfd513628598d466e1adcbea75211e851c4cdfd86e9a8798
cca73345e2876bca107cc15fcfaf502bd7a675c895687d43895e3fd4cfeab7e9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6906d0f3d92e8bd6bc17c5b745be543dcb99ad71b7451f2234b654217339b9f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd1f9acf13b12f189da475e0f23c7c505767859ab620aac636964974093c281d
e2e36df0748d27e28aaf174930c75d9b9df7e77cf31845d2be01f672983e9e44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b5bfee05c0ab1e950bde7f767a7a545e7ff49d30cfbb23ddec36fa6173573c
e6ab56bdf555b338e70db435668d6f4c5d53ebd28806a46e6560ca199862ca68
e6f8f5a247489b7df70b3ed677ee61d6c16c93f6b5109f6919272a7d0d27c362
ec4b0a91505b527c8e251be2f124eb954bf002003c659a88b4451bc11b1ab27c
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fc72f81092c176dcc190ce9df03cbaced6717f6f63b01fccf2a458ed09073744