blog.aquasec.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Submission: On July 07 via api (July 7th 2023, 4:06:05 am UTC) from TR — Scanned from DE

Summary HTTP 116 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 30 domains to perform 116 HTTP transactions. The main IP is 2606:2c40::c73c:67e4, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.aquasec.com. The Cisco Umbrella rank of the primary domain is 876427.
TLS certificate: Issued by GTS CA 1P5 on May 25th 2023. Valid for: 3 months.

This is the only time blog.aquasec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2606:4700::68... 2606:4700::6812:ccc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2606:4700::68... 2606:4700::6812:f0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:8b65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:65ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:780... 2a02:26f0:780::210:a423	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:873b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.27 13.32.27.27	16509 (AMAZON-02) (AMAZON-02)
9	23.213.161.219 23.213.161.219	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2c40::c7... 2606:2c40::c73c:671c	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:d4f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	15.197.244.31 15.197.244.31	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:6000:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:11e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.97.4 18.66.97.4	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.72 18.66.122.72	16509 (AMAZON-02) (AMAZON-02)
1	108.128.54.216 108.128.54.216	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223c:3a00:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
5	34.194.81.123 34.194.81.123	14618 (AMAZON-AES) (AMAZON-AES)
3	65.9.66.31 65.9.66.31	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:bb41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
116	40

21 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.aquasec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ccc9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6812:f0f (United States)

ASN13335 (CLOUDFLARENET, US)

1665891.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:cbcc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:8b65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:65ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:a423 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:873b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-27.fra56.r.cloudfront.net

pixel.dealtale.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.213.161.219 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-219.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:671c (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

info.aquasec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d4f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.244.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad3b208e15c6d832e.awsglobalaccelerator.com

app.dealtale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:6000:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:23::1726:62a7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:11e6 (United States)

ASN13335 (CLOUDFLARENET, US)

play.hubspotvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-4.fra56.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-72.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.54.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-54-216.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:3a00:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.194.81.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-81-123.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-31.fra56.r.cloudfront.net

pic.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bb41 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	aquasec.com blog.aquasec.com — Cisco Umbrella Rank: 876427 info.aquasec.com	545 KB
14	hubspotusercontent-na1.net 1665891.fs1.hubspotusercontent-na1.net	111 KB
10	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 109798 trackingapi.trendemon.com — Cisco Umbrella Rank: 82974 pic.trendemon.com — Cisco Umbrella Rank: 223073	161 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 6369 c.6sc.co — Cisco Umbrella Rank: 9185 ipv6.6sc.co — Cisco Umbrella Rank: 6440 b.6sc.co — Cisco Umbrella Rank: 4176	15 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2357 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5243 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5234 tracking.crazyegg.com — Cisco Umbrella Rank: 4635	51 KB
6	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5255 track.hubspot.com — Cisco Umbrella Rank: 2542	3 KB
6	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5944	551 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 414 www.linkedin.com — Cisco Umbrella Rank: 544 px4.ads.linkedin.com — Cisco Umbrella Rank: 6544	5 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4752	669 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2556 www.google.com — Cisco Umbrella Rank: 10	816 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 390	13 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 stats.g.doubleclick.net — Cisco Umbrella Rank: 130	2 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2438	17 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4527 forms-na1.hsforms.com — Cisco Umbrella Rank: 7529	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 914	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	174 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 274	32 KB
2	hubapi.com 1 redirects api-na1.hubapi.com — Cisco Umbrella Rank: 23604	1 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 7363	165 KB
1	hubspotvideo.com play.hubspotvideo.com — Cisco Umbrella Rank: 67972	5 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1031	376 B
1	dealtale.com app.dealtale.com — Cisco Umbrella Rank: 161856	145 B
1	dealtale.io pixel.dealtale.io	12 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2680	1 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5222	22 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2425	21 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	1 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8863	2 KB
116	30

	Domain	Requested by
21	blog.aquasec.com	blog.aquasec.com js.usemessages.com
14	1665891.fs1.hubspotusercontent-na1.net	blog.aquasec.com
7	b.6sc.co	blog.aquasec.com
6	static.hsappstatic.net	blog.aquasec.com play.hubspotvideo.com
5	trackingapi.trendemon.com	assets.trendemon.com
5	track.hubspot.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
3	pic.trendemon.com
3	px.ads.linkedin.com	3 redirects
3	www.google.de	blog.aquasec.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.aquasec.com
3	js.hs-banner.com	blog.aquasec.com js.hs-banner.com
2	assets.trendemon.com	blog.aquasec.com assets.trendemon.com
2	www.google.com	blog.aquasec.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.googletagmanager.com	blog.aquasec.com www.googletagmanager.com
2	cdnjs.cloudflare.com	blog.aquasec.com
2	api-na1.hubapi.com	1 redirects blog.aquasec.com
1	js.hsforms.net	assets.trendemon.com
1	tracking.crazyegg.com	script.crazyegg.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	play.hubspotvideo.com	static.hsappstatic.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	px4.ads.linkedin.com	blog.aquasec.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	app.dealtale.com	pixel.dealtale.io
1	region1.analytics.google.com	www.googletagmanager.com
1	forms-na1.hsforms.com	blog.aquasec.com
1	forms.hsforms.com	blog.aquasec.com
1	info.aquasec.com	blog.aquasec.com
1	j.6sc.co	blog.aquasec.com
1	pixel.dealtale.io	blog.aquasec.com
1	js.hs-scripts.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	app.hubspot.com	blog.aquasec.com
1	js.usemessages.com	blog.aquasec.com
1	js.hs-analytics.net	blog.aquasec.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	blog.aquasec.com
1	cdn2.hubspot.net	blog.aquasec.com
116	45

This site contains links to these domains. Also see Links.

Domain
www.aquasec.com
cloud.aquasec.com
github.com
1665891.fs1.hubspotusercontent-na1.net
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
success.aquasec.com
info.aquasec.com

Subject Issuer	Validity	Valid
blog.aquasec.com GTS CA 1P5	`2023-05-25` - `2023-08-23`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
dealtale.com Amazon RSA 2048 M02	`2023-03-01` - `2023-12-19`	10 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
info.aquasec.com GTS CA 1P5	`2023-05-25` - `2023-08-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2023-05-28` - `2024-06-26`	a year	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2023-06-18` - `2024-06-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Frame ID: 1931B50844AE3657DD4A682D275031CD
Requests: 110 HTTP requests in this frame

Frame: https://play.hubspotvideo.com/video-preloader/1665891
Frame ID: C49A2EFAA1CA0EBB10F9BF68E7735C9D
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Threat Alert: Anatomy of Silentbob’s Cloud Attack

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

116
Requests

96 %
HTTPS

78 %
IPv6

30
Domains

45
Subdomains

40
IPs

4
Countries

1973 kB
Transfer

5354 kB
Size

44
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aquasec.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/
Title: Aqua Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/aqua-cloud-native-security-platform/
Title: Products

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/kubernetes-container-security/
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/resources/
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/
Title: Company

Search URL Search Domain Scan URL

URL: https://cloud.aquasec.com/signin
Title: Sign In

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/demo/
Title: Try Aqua

Search URL Search Domain Scan URL

URL: https://github.com/Caprico1/Docker-Botnets/blob/492320b09fa1f9773d454cfe374a8b95357f96e3/what_will_be_TEAMTNT/d.sh.txt#L4
Title: whatwillbe

Search URL Search Domain Scan URL

URL: https://github.com/Caprico1/Docker-Botnets/blob/492320b09fa1f9773d454cfe374a8b95357f96e3/dockgeddon/init.sh#L21
Title: dockgeddon

Search URL Search Domain Scan URL

URL: https://github.com/Caprico1/Docker-Botnets/blob/492320b09fa1f9773d454cfe374a8b95357f96e3/TEAMTNT_MASTER_LIST/chimaera/45_9_148_35/45.9.148.35/chimaera/sh/spread_docker_loop.sh#L97
Title: chimaera

Search URL Search Domain Scan URL

URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/mitre-table-1.png

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/trivy/
Title: Trivy

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer/sharer.php?u=https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack&text=Threat%20Alert:%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack&title=Threat%20Alert:%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AquaSecTeam

Search URL Search Domain Scan URL

URL: https://twitter.com/AquaSecTeam

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/aquasecteam

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/AquasecTeam

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/devops-security/
Title: Automate DevSecOps

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/container-security/
Title: Modernize Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/container-auditing-compliance/
Title: Compliance and Auditing

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/serverless-container-functions/
Title: Serverless Containers & Functions

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/use-cases/multi-cloud-and-hybrid-cloud/
Title: Hybrid and Multi Cloud

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/kubernetes-security/
Title: Kubernetes Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/red-hat-openshift-container-security/
Title: OpenShift Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/docker-container-security/
Title: Docker Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/aws-container-security/
Title: AWS Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/azure-container-security/
Title: Azure Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/google-cloud-kubernetes-security/
Title: Google Cloud Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/solutions/vmware-pks-security/
Title: VMware PKS Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://success.aquasec.com/#/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/aqua-cloud-native-security-platform/
Title: Aqua Cloud native security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/products/open-source-projects/
Title: Open Source Container Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/integrations/
Title: Platform Integrations

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/resources/virtual-container-security-channel/
Title: Live Webinars

Search URL Search Domain Scan URL

URL: https://info.aquasec.com/kubernetes-security
Title: O’Reilly Book: Kubernetes Security

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/cloud-native-academy/
Title: Cloud native Wiki

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/news/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.aquasec.com/about-us/careers/
Title: Careers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://api-na1.hubapi.com/video/v1/public/123470178644/poster?portalId=1665891 HTTP 307
https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/Silent%20Bob-Video-thumb.jpeg?length=1920

Request Chain 71

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1688702759214%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Fthreat-alert-anatomy-of-silentbobs-cloud-attack%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true&e_ipv6=AQJEXIPajGu_eAAAAYkuhzOs4fTvanm3lxKLeE1yNXS7b9EPrfUDM8-EvwoMb8KMpmSoaSQ

116 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request threat-alert-anatomy-of-silentbobs-cloud-attack Show response
blog.aquasec.com/ 87 KB
22 KB 228ms
79ms Document
text/html 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

18a347b050a3c3797c2cb6fe82a784ac77535df5cd3d55f1c92cb30180673ac6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 6717
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-123313501283,CG-3657573699,P-1665891,L-18586815967,L-7511165832,L-7516015189,CW-106188107884,CW-6158268125,DB-5940642,E-108051130136,E-7511165868,E-7511165869,PGS-ALL,SW-4,GC-32602450653,GC-41471622868
cf-cache-status: HIT
cf-ray: 7e2d364f6caf3a84-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Fri, 07 Jul 2023 04:05:58 GMT
edge-cache-tag: CT-123313501283,CG-3657573699,P-1665891,L-18586815967,L-7511165832,L-7516015189,CW-106188107884,CW-6158268125,DB-5940642,E-108051130136,E-7511165868,E-7511165869,PGS-ALL,SW-4,GC-32602450653,GC-41471622868
last-modified: Fri, 07 Jul 2023 02:01:40 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9LrYGS9KacRcB%2Fu74qhME2oMlXnn%2B2LmS9il0siwGF5mkIyHjAkrerm9XR41gZ%2Fybit17ezvC%2BSr7N6I4o%2FQob8yWtv2CeVaOzwPJ6jiEimkBxHh6t5kfEKlKPXYOXiloBU7U5nXkZWjFIhUVQM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-envoy-upstream-service-time: 190
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-40-49-td/envoy-proxy-7966c868f8-ff8jh
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 123313501283
x-hs-https-only: worker
x-hs-hub-id: 1665891
x-hubspot-correlation-id: 824b4bd6-bc7c-4478-9723-9e91cc41e606
x-request-id: 824b4bd6-bc7c-4478-9723-9e91cc41e606
x-trace: 2B37F6490895DB6114563943A4263FD1E13086F078000000000000000000

GET
H2 200 index.js Show response
blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
4 KB 70ms
68ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 a914ae2afc6a4cecb4160376b03ff6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 6612042
x-amz-cf-pop: PHL51-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=888wGKK7bEAMrBN5ADkCU7IxtDjwAdGQ0vStZ4ybZAV3LtM%2FLwpODBe1yohGieZaY%2FPTGfk8E8HR49fWxYebsD7peA2xmsTTcc0ZKVSrG0Mbf%2Bm6NJVT0w%2F0YHpT7sAD8o7XUdX75LWb2JrFo%2BQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd313a84-FRA
x-amz-cf-id: h_4sSAtPY7GVmPxJSp7-QXxXADs-gUfRFEMOL17VMTRDtoxsLcvrzw==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 comment_listing_asset.js Show response
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 8 KB
3 KB 67ms
66ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13479840
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:09 GMT
server: cloudflare
etag: W/"2455723721db341ff86a4f64384a9c0d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0DeJCgyr4RFK7K%2Bq7GaZKUDnh4waljlaqgnoV%2F9YBKkLfbmEwASj6wVfKL5V8%2B1%2F7dHWLBdZd%2Faxfnmo3nRn92Jx409cH2cS436%2Fz%2B1byUzJh8x1CLA9uenCyFXHPbt20xRFbxutgPGFyo%2Bot8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd323a84-FRA
x-amz-cf-id: w718iB7NStRoGA1UL8eXcbtnI9SBZRTCxUC97ZvhYsdBT4hmAVq5Nw==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 project.js Show response
blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 66ms
65ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13480881
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TILb6tk84xGV9kZBLS5N3WaG6oXbjAf5SKbkASX6jjtH2ApjM97LNjx8rb5nM2evu8y3SSWQjmAp03FRxF7t99u%2Bk7BrtKKLuraaAHuFwHMly06ZgvQ%2FKiYXKDf9Pxnou23%2BFm3F46NBRwhM1mM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd333a84-FRA
x-amz-cf-id: 8QXLw2UOfT_OkIUXh8Uk-Qb7YUhl4mYkBSxBcIeGI9pAOc0VmTrDlA==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 post_listing_asset.js Show response
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 76ms
75ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13479832
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSu95Xt%2F7gonkZ89Ts8KpeScxNBpjrdkjUUtu4HmB%2FSJJKyrro%2FnQIcOou2KjosnUAavT0JDEHmCIyXaFzkUxwlSLQEuRJ%2FJRPdVFfQxwnVzfvkL9BIeLymDF8eVPrdwDe03lVSpxUPAxPy3gBs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd343a84-FRA
x-amz-cf-id: EQRAN-e1PofNGMVtnkFih00nPWgn6WfIWMaEuUHYLGjnmhLnK2wYyQ==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 v2.js Show response
blog.aquasec.com/_hcms/forms/ 527 KB
171 KB 107ms
107ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aad18b84e34e15f9dddf39cc08a040e557bce50512b8689f3f7faae963f1429f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 289
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3372/bundles/project-v2.js&cfRay=7e2d2f3f54443a7f-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"df557d754a89ef0210bd93ff6301921d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3372/bundles/project-v2.js
date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 06c1d28e93bdae8f6401a12c10b2f570.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: r0RDqVAx5nyXFjVas4brXORZ1.2QDi7x
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 3f2b59c1-d633-4fe3-af59-7fabf202093c
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3f2b59c1-d633-4fe3-af59-7fabf202093c
last-modified: Tue, 27 Jun 2023 09:59:09 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evKsxCD4qap%2F0jzzrihS7Rll7EIH0A9XKPLDtFbyv2uzeMo6NSOFutDwNLqBOeFy9psRwz4WSjWa%2B5LcN5j8st%2B9V2ENpe84VNXh163PE4k060HMqiZMW65bfTFlmJn27gQiTTADh15rC4ZyXQk%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-qrxbq
cf-ray: 7e2d364ffd353a84-FRA
x-amz-cf-id: gTEIZ0t4jbnuuLQcAx4O_7f9lFrqXaOVt_7azJNQSjXRTZTjCr0G-A==

GET
H2 200 jquery-1.7.1.js Show response
blog.aquasec.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 68ms
67ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13480881
x-amz-cf-pop: FRA56-C2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTAM0%2BELeDDdOp%2F4Mf%2FrKY0rV%2Fbhq13o%2B6FT7FQXgjdbI9nC6gW13DqRhC%2BHeNtCjS1Hr%2F8eqvl5hsc0kij8Xn6A9gXiwJvHL2l6uKqTDeWOOUy325lZ97dGdb8oXU6oTTwe58R%2BvR6q1U%2BiR00%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd373a84-FRA
x-amz-cf-id: dfsWEY7lAUtnGWqV-mXTvmz8Ef-Ob47U6xvetrHly0nsueSthPAj4w==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 comments_listing_asset.css
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 1 KB
1 KB 106ms
105ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13479840
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"6b1d31d121f4c84e5ee3b7d7446495d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHp8n5cLzbsTFeD4uloIE0e3se1BPy3YPBPXP%2BDfh8lNbR%2Frv%2Ff4cy5oAmybXZHp4o%2FdrTLLuLIYs2DKfB2PXui%2BVOEEFKUiwQAe1A9RPHX7c432zqWUt6%2F7%2FXgBOrsgRkFfzo5qDRS5NaiMOb8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd393a84-FRA
x-amz-cf-id: ZoW5f7lK9xv9U1_b2DOBAxyvZY-IZWjoIYc7Z7vAb-khjVWgP6Zh7Q==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 rss_post_listing.css
blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
806 B 81ms
80ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13479832
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osGnUjyzyFkJcIleuTr9qKpjKUtgRpep2oeAzU4GY9NSOa5YksCYtXwuLkn27xJW28n7u82bDueerliXwChRrzN4Le6FwR8%2BtUFXPnRT0UC05k1it8CKS8iHfgBqCpCOs1U9Mr1NiCn3DViEnGU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7e2d364ffd3a3a84-FRA
x-amz-cf-id: GUx9JFKC7k8ObYicWB-N_URUjNt_VtMawIWsDsxpUWijfmSzbOLHGQ==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1688144897060/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 195ms
90ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1688144897060/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-encoding: br
age: 557717
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1688144897656
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 07 Jul 2023 04:05:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3bbb185b-29d7-4133-93a7-26430bbfcb4b
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 127
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3bbb185b-29d7-4133-93a7-26430bbfcb4b
last-modified: Fri, 30 Jun 2023 17:08:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VhE9YFWPd6QFND55PBqgaDflJioOMCjfbwMKwb9FMHzoSrpJ%2FjZBPITg7GeBHoyNVo4ydCZJMlCUay4t%2BgCWHPaIaShGFpBl33hey2oljIhzi1HYoqPqQpwXdloBt%2BmCxDa7zYT4KcVq%2FJPaWa0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 7e2d3650ac752c77-FRA

GET
H2 200 aqua_theme_2019_styles.css
blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/ 109 KB
24 KB 82ms
81ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b854ab0289192ff9253ba6293fe9e80a8ad87af73fc448ce781f7330462ffaba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: JNM7AXAEK250HJZ5
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"b4264719550b2a631ef3ecb8cc44e4ac"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1686823327504
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 98b2021a1a69853671ec2390cb8757f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3Qf2k3k3ffBMZ6ocIg31kF1ACli.qGoU
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 129
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FFjsdy96aIcxzOJvkH3X6s/ZGTxZwZQ03KHNwKfcsB90OJu3DYbFlqt0W/kQUyrHE+8YbhKoF6Q=
x-evy-trace-route-configuration: listener_https/all
x-request-id: cef18c42-f4cb-4bce-bce4-06e8c4de729c
last-modified: Thu, 15 Jun 2023 10:02:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0NSn%2B%2B2uk%2FKTNk%2FiPAYa36XcOI0BU1ZP3NFJNCiADyz%2BqsOOH8sv%2BSZ%2BWAWOlutvmAPvbVOSd8tcqCG1dtuHmkM24Al6KBOgU6MNR%2FsS9Bsg9crl7qfRD9P9tqGZQEomPoi0DfRQLqSxEp2SOc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials: false
cf-ray: 7e2d364ffd3b3a84-FRA
x-amz-cf-id: IbAnrgbbO6y4JhcN58WQeTlrOYnhmEPoL6X4R0uMnooDKzj3WmXw_w==

GET
H2 200 Blog-Image--Cloud-worm-silent-bob-Recovered.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/ 40 KB
40 KB 229ms
132ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Blog-Image--Cloud-worm-silent-bob-Recovered.jpg?width=870&name=Blog-Image--Cloud-worm-silent-bob-Recovered.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffda2ea08844f0216dd9e1b2328b9d99b17d208ac6f2878c5ba9a59ee3adf348

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-123477107037,P-1665891,FLS-ALL
content-length: 41154
cf-resized: internal=ok/m q=0 n=172+0 c=3+57 v=2023.6.4 l=41154
last-modified: Wed, 05 Jul 2023 13:13:29 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfEs7KXQkztsDx-ueP5__NGShU9Z0BzdmqJ_ULo1G_DQ:55b3d7478e2df1ac6252a6e5bfe1ebb4"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36516adf39d0-FRA

GET
H2 200 Ofek-Itach_SQ.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/ 828 B
1 KB 321ms
224ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/Ofek-Itach_SQ.jpg?width=48&height=48&name=Ofek-Itach_SQ.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af7f66a88467d69b1264d11bb4a988c6e7f7589d47e1b2b22b69fef30344aa70

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 9c6666844f92bfc6b8685747b641abc6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-76134155906,FD-7522622900,P-1665891,FLS-ALL
content-length: 828
cf-resized: internal=ok/m q=0 n=245+0 c=1+1 v=2023.6.4 l=828
last-modified: Mon, 13 Jun 2022 10:57:27 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfFVIAKyixFy3IUjbUyHpoBbJ8KxSBlmMBbhedHTfFDQ:700866d580351087ed06187aa9f7d4bd"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36516ae139d0-FRA

GET
H2 200 Assaf%20M%20300x300.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/ 828 B
1 KB 222ms
126ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/Assaf%20M%20300x300.jpg?width=48&height=48&name=Assaf%20M%20300x300.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e67f6aacc88c8b3acf98f74772db7dd2f29557146a3fc9aa74602ea7c94b8ec1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 1d4079b9c92abe0dba6581682966e934.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-97329473928,FD-42703647798,P-1665891,FLS-ALL
content-length: 828
cf-resized: internal=ok/m q=0 n=183+0 c=1+5 v=2023.5.0 l=828
last-modified: Wed, 04 Jan 2023 12:38:02 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf1zM0XKenPQu5gookC4EYBHUAKxSBlmMBbhedHTfFDQ:12b60e0644c5c87150805225f7db3e83"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36516ae439d0-FRA

GET
H2

200

Silent%20Bob-Video-thumb.jpeg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/
Redirect Chain

https://api-na1.hubapi.com/video/v1/public/123470178644/poster?portalId=1665891
https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/Silent%20Bob-Video-thumb.jpeg?length=1920

51 KB
51 KB

62ms
61ms

Image
image/webp

2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/Silent%20Bob-Video-thumb.jpeg?length=1920

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e921371b370670fc3c7d7b8665b4c67561437800cccbf7725b1bb395da43dc1d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 074df32306fddeb7d54ca41312e6888e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-123475907671,FD-9460320918,P-1665891,FLS-ALL
content-length: 51790
cf-resized: internal=ok/m q=0 n=167+0 c=5+131 v=2023.6.4 l=51790
last-modified: Wed, 05 Jul 2023 12:52:00 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfIJbjIRRu8_QfJXcbea01JDZKwnSDvw7ZAbX8WcieDQ:45fb50c52361b5664f7fac3225f1223a"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36529c2339d0-FRA

Redirect headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 84b1ea45-2133-436c-99e9-c7635911a436
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 84b1ea45-2133-436c-99e9-c7635911a436
server: cloudflare
x-trace: 2B1FF57B0780FBAADFAF3872BD20A346204161D56C000000000000000000
vary: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CmpVbJjM0NHiQPkCRHxBoPa5F6H3zqwVaU3Ffb8C6Y5f4wlSkagv%2FFqCwuko7YZnO21LwMJp75ggBjXC3g2kYLXioDUJRHuzxh%2FMvhxINa4MbKMWedJdSLGbJ%2B5QtT5BA%2BLiJXCPdvRjXgq%2FcHPq2g%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/custom-video-thumbnails/Silent%20Bob-Video-thumb.jpeg?length=1920
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-gm8dw
access-control-allow-credentials: false
cf-ray: 7e2d3651785c046a-FRA

GET
H2 200 Ofek-Itach_SQ.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/ 3 KB
3 KB 268ms
172ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Aqua%20People/Ofek-Itach_SQ.jpg?width=120&height=120&name=Ofek-Itach_SQ.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52e281fb46a631df87587fa6388f5df4e576b543d7c7c387bae676434381e462

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 5195de19cbc5ce842ac6538e9a6850ca.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-76134155906,FD-7522622900,P-1665891,FLS-ALL
content-length: 2844
cf-resized: internal=ok/m q=0 n=209+0 c=1+4 v=2023.6.4 l=2844
last-modified: Mon, 13 Jun 2022 10:57:27 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfFVIAKyixFy3IUjbUyHpoBbJ8CkG96azlf-Tapd0KDQ:700866d580351087ed06187aa9f7d4bd"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36516ae639d0-FRA

GET
H2 200 Assaf%20M%20300x300.jpg
1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/ 3 KB
3 KB 223ms
128ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1665891.fs1.hubspotusercontent-na1.net/hub/1665891/hubfs/Imported%20sitepage%20images/Assaf%20M%20300x300.jpg?width=120&height=120&name=Assaf%20M%20300x300.jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c75856e66054adbda0310e749edbdec273f207923321b97a3f8bf012b4d28b80

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-97329473928,FD-42703647798,P-1665891,FLS-ALL
content-length: 3080
cf-resized: internal=ok/m q=0 n=233+0 c=1+7 v=2023.6.4 l=3080
last-modified: Wed, 04 Jan 2023 12:38:02 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf1zM0XKenPQu5gookC4EYBHUACkG96azlf-Tapd0KDQ:12b60e0644c5c87150805225f7db3e83"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36516ae739d0-FRA

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.240/ 11 KB
5 KB 148ms
51ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.240/embed.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7944796ddd5fcfea5a16d0a01e0179972a31c071aa2fda7ba986323a6790752

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
x-amz-version-id: 2PIZat4k7iqlwfOTJtCspFj5G31rDKpK
via: 1.1 e638b1bcc509fe9e412fd1a600d66bc6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DFW56-P2
age: 2014623
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 15 May 2023 19:59:44 GMT
server: cloudflare
etag: W/"bf8f264c31eb93db41268dd04256be85"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONRmX4sVAXxF4OxHe9uco2qpjVZgER%2FU09DZtex0qEkyQXF4FSxdpTyy5K6F%2BTIz3XCetqfRDkIzn5P%2BfY5LuPbLJRuc5uYpTH2OcgbIBvKZv6cnLTvikiP7qn9%2B3AUT6jhgICVDlNXXDDJetcIHhOKORr4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7e2d36516b4837ea-FRA
x-amz-cf-id: yqk-SUmChO6Wfg7JUY15O5bipWjxIsoY4OIQYY0RMz8dXSk804_bLw==
expires: Sat, 06 Jul 2024 04:05:58 GMT

GET
H3 200 aqua_theme_2019_scripts.js Show response
blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/ 5 KB
3 KB 64ms
63ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165868/1575250830489/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_scripts.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f9a3cacca516b6343c46d79e9c02a0eea2497cd7b0726359b8bb9120375559e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 990
x-amz-request-id: ZP4JPCPD2DMBZJ85
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"de4d6e1461004a14ecb30b8ea579d084"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 bfc4676044fcc4c0c8e705c71ca51fea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9AKBnGYi3T4hDaPO1On7lahtX4teQ0Wk
x-amz-cf-pop: IAD55-P5
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 108
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uJgGgaWAVNVJdl+apFm/QVQeitvYemVGJatjppZtHjULyRoVSECU8PzETlDPQg1X5juevttOdi0=
x-request-id: cea0f5b7-8033-419d-8b45-47a33f09206e
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 02 Dec 2019 01:40:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ckWgKk7JIz37JPh%2BRNPgQQubro1H9E763SJgrvJaGNNScoLO0ZPnBEUkqLGtDNjntIK0rwX1wRGTCd9n6LwCB8wrsIEwLP426gb2cdltanG7Bcw3TGm0rdXnQvf2qBH7rCfpd%2BoHCJ0ZAgYUnY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7e2d3650d9fe9b4c-FRA
x-amz-cf-id: WUcwJ8Ha8QulVgooqtPHaSajd2gHE_uzl2sQubdJmV9wQufgktxG9w==

GET
H2 200 loader.js Show response
static.hsappstatic.net/video-embed/ex/ 35 KB
13 KB 149ms
53ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/video-embed/ex/loader.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55050a0a621626855889d844f66dd1d8092af4db07bb871de14b1b33b33a9f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
x-amz-version-id: XsEbZzYo.NvDcVimvw6JrCh2UMDceKy2
via: 1.1 e694bac8e2f74404d73f6b5af005ac04.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P4
age: 53
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 27 Jun 2023 21:19:16 GMT
server: cloudflare
etag: W/"5f76a9119b9fe6b70d4a88b01ebd0314"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIOG%2FMEC%2FfZakhE8XbPhQ8Xdn%2BzWwhmFI7taLsse6LtmTttPKA6vEccKajmqWCGGeV2vW5Rau5InF7wny76mRUqbfgyMttMjkkbNgOY00DG9v3sk%2BGn2%2FSNAUjvbbNIw4pm12laapqy42xICov%2BgnitG1OQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=60
cf-ray: 7e2d36517b4a37ea-FRA
x-amz-cf-id: akhLnnJQy8oBh3ftn3SpYjPeaIQSIVDLDm6GgiRAepmFaA27whRKig==
expires: Fri, 07 Jul 2023 04:06:58 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 132ms
44ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3922734
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJa2X00lLJHcpd3WS3F2Lb25w6YYxcxv5pam5E5IO3nKLlXRl6lfDKl6LZBgOsfC4NKS4Ddp%2FKQaSA0%2Bz%2BA%2F3EK3GaPAdzheoIPMLgxcIoX82x9E1aSSsOGvVCMfyp9XRsob2efKcNrcXy62DnSzjfDx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d365168a18ff5-FRA
expires: Wed, 26 Jun 2024 04:05:58 GMT

GET
H2 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 11 KB
4 KB 142ms
54ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3923737
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3718
last-modified: Wed, 18 Nov 2020 00:51:42 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5fb4701e-2c03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxwfFG8s6HxOIMXhffWnsm2%2BYTV5cgJIfJtqcF%2Bdv%2FGO%2F%2BgtnC4CQtSBVBtEuvuxYopnOWGHMgel4DuQuYg8mLjfFoH5FSjjlpgVwoBPUfjw7nrmBViAtWhYBEyvMQiP1MTaj4B2YFqj%2F0TAUTtw9H5v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d365168a28ff5-FRA
expires: Wed, 26 Jun 2024 04:05:58 GMT

GET
H3 200 1665891.js Show response
blog.aquasec.com/hs/scriptloader/ 1 KB
1 KB 181ms
180ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/hs/scriptloader/1665891.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d12cea925a6c33dd5d2ef325c6e18af5267bf68144584575d9150f6baa3f8748

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a9b87e62-6563-4587-9f4c-e463c210bd9a
x-envoy-upstream-service-time: 9
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a9b87e62-6563-4587-9f4c-e463c210bd9a
last-modified: Fri, 07 Jul 2023 04:01:45 GMT
server: cloudflare
x-trace: 2BBA9EE0E5BFD09325D34948E5457469AC6D0A54BF000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-nbhzm
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUgCeFreBjDKAH7oXmWxUhKLAForA4vn4tmZ4eP0Ka9revhRjVW83RTKrny063HBrvhp%2BmlInShkh07dLnJxFrcP8wfdg2Ucw5xzJzMPTAK23U0r7e7ZMV2%2BjfR%2FXU85dYDS91LEapAoIA4gMdI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7e2d3650da079b4c-FRA
expires: Fri, 07 Jul 2023 04:06:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 285 KB
92 KB 156ms
60ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

848d809243a1f249b7dd0cca8493042b89c32dd569734824bf48978182cec7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93778
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 Jul 2023 04:05:58 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 140ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

af1a469d92bfcb0a43a47a53cafabdf04d540b95294d155def3ff6693c1fc538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Jul 2023 04:05:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 02:14:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Jul 2023 04:05:58 GMT

GET
H2 200 animation.css
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/ 27 KB
3 KB 198ms
98ms Stylesheet
text/css 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Scalock_Jan2016/animation.css
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee6eb03a528bb02a6a0aaac0adcdcfaeb3275b2596b08df6efd12ceca93df7e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3686461719,P-1665891,FLS-ALL
x-amz-version-id: s0c7rvHNJDMTrAJplCdVbtTcnNRAmnNF
age: 1222277
x-amz-cf-pop: FRA56-P7
x-amz-request-id: YQT6EB2MFMT0F4S8
edge-cache-tag: F-3686461719,P-1665891,FLS-ALL
cache-tag: F-3686461719,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: 3q7aQjK1byy0yi4UOWcNO9G/J3dQE6hQdk6MQtqhD80QG13oMFdadTz7Dep55lzL13JgxXzRj4I=
last-modified: Sun, 08 Oct 2017 05:05:55 GMT
server: cloudflare
etag: W/"edfd447adba05bffefacddd7cf793b7d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36516ade39d0-FRA
x-amz-cf-id: LMBA-VnWO1B7Fw-evC0d_tn0d2kW6S4VoPnLnTAdNRRNdU4kYu7I6w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 logo_aqua_2020.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 2 KB
1 KB 72ms
71ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_2020.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8eb8a7898d7f65f3407008af621d906d14d1f0d0ff3f03a70da78cc1e471ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: Gbe7iAG8CWjdzqvIjTwC5N1NHh.QA.MM
age: 937720
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: GDRE76D6HD2PMWVV
edge-cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-33469653384,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
x-amz-id-2: znHuBCdB1DTjJSzPn/WV7bzolkIaGgQIEucKcU6Crb5P4Zrf+jMHiplGD9oAthnuIrV+A4kFSUM=
last-modified: Mon, 20 Jun 2022 10:03:45 GMT
server: cloudflare
etag: W/"1aec447da87d1627fad6c89bc560eecc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1597095993170
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36521b9b39d0-FRA
x-robots-tag: all
x-amz-cf-id: j3Eghia1CxSKvQRVmXlCWmSZVVN7LJLXT8lQow3LYLmOViGfhmLmKA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 icon_search_2020b.png
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 212 B
1 KB 71ms
71ms Image
image/webp 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/icon_search_2020b.png
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ae9b1771bf14db70ab8b7f15a98a88e78307a6b498182268a4de1ff393d88bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
age: 1547204
x-amz-request-id: GF1YD8K0DX3MS4Z9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="icon_search_2020b.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
cf-bgj: imgq:85,h2pri
etag: "c9a08b827cc52adbe146a1519a312a5d"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1597096538277
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: iY4foo3ISi96BxM2rLVgv9iuf8FE_L6A
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=346
x-cache: RefreshHit from cloudfront
cache-tag: F-33469350916,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
content-length: 212
x-amz-id-2: dOvpmInVsiEkXoJtNVjOKM+COef9A1t8aLW5QGTcQNyTrvv3e58y0WZa1x9ULV5M0XE7zkUeOrs=
last-modified: Mon, 10 Aug 2020 21:55:39 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7e2d36521b9e39d0-FRA
x-amz-cf-id: 0NTGKos3jErWBGcTpJAyRSXAHa5oK1czJWGzeS7whB59wsTJa_Vc_A==

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 141ms
41ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.aquasec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 08:10:17 GMT
x-content-type-options: nosniff
age: 158141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 08:10:17 GMT

GET
H3 200 graphic.png
blog.aquasec.com/hs-fs/hubfs/ 10 KB
11 KB 229ms
228ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/graphic.png?width=900&height=411&name=graphic.png

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4720bf7f848642a7e67d0a0f8c206c00e58c16765c7f9e0246dbeb99fad95c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3a3f62227549dcbb83000c9d8bb826a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-123392983148,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 10688
cf-resized: internal=ok/h q=0 n=53+0 c=1+33 v=2023.6.4 l=10688
last-modified: Tue, 04 Jul 2023 17:11:42 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfhdTIG9xc-t8itumlorLW56AuaKRgpR49AEiyVhNIDQ:e0cfb4510c4b1e23e6791f0d5a0a71fa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8fAGpfpDd9pVIRpzxfnpLuqHtTQevGHNSvfmESBN3c%2BC6sNVCCoka8OrMOemndeCXMwQg5svABxFBS%2BeevJW2YBBlCjMyaVL%2F9PNcwCk%2F7Scd%2BG02q103dKfyaqmrNp83Q51WxolOsE0undHss%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36524afc9b4c-FRA

GET
H3 200 carbon-(44).jpg
blog.aquasec.com/hs-fs/hubfs/ 51 KB
52 KB 73ms
72ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/carbon-(44).jpg?width=900&height=522&name=carbon-(44).jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f714442d022a570f66904f7b183f43846a0889b60a42ca7bec9244a1ecd7c2aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 d1ac9c701cd8b36557cb10a31c9b36d0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-123392926766,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 52488
cf-resized: internal=ok/h q=0 n=73+0 c=3+43 v=2023.6.4 l=52488
last-modified: Tue, 04 Jul 2023 17:12:38 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfsD8RU-Q0RLTbj9vMr_gPP4cj8mW2W3tXyFkwp9V1DQ:1965348d78fb7e5dde1c4b1ce1f167cb"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5q1jrOS2j00r6F83FgpaxH3EjH9Q0XDn6l7fsi%2BGXlotXSX4VZq2Q%2Bt0s2Ru0wT9%2BkSO1rjJnKxVwPo5aRA4lWAMn2Jwp8Fe34QxuoW5Si8uGNTpuAqQXqb1RbMUxYluUkO19hf%2FUrI2ZwvsICg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36524aff9b4c-FRA

GET
H3 200 carbon-(47).jpg
blog.aquasec.com/hs-fs/hubfs/ 7 KB
7 KB 231ms
230ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/carbon-(47).jpg?width=900&height=75&name=carbon-(47).jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

726e2af62f96467acc9dad00da722310bfae54905eda1d06a7d2f10cb3221905

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 786b0e4c2382030de0f64ed48e56b4bc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-123392983174,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 6824
cf-resized: internal=ok/m q=0 n=887+0 c=0+6 v=2023.6.4 l=6824
last-modified: Tue, 04 Jul 2023 17:12:38 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfvgCRiMSu8sap__kY7SpbAZTmv7rM1NHPxKmCwzJxDQ:8d947cc537cffb1d7bb518b5af653ac8"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSJG7OHaDCk3hJgEX5acpgfCkpKgm%2FlC3%2BOEdvhsEHx%2FsHwCy%2Faep%2BpnsL1wifDZJM9sRxJtM9QfagQHA6nJ41SfTuG2hfz2zNPSzPe4k7%2F7ijTP9fKqU2jtAj0eKz6bev%2F84ZfLrk95f71vIbU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36524b009b4c-FRA

GET
H3 200 carbon-(48).jpg
blog.aquasec.com/hs-fs/hubfs/ 7 KB
8 KB 232ms
231ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/carbon-(48).jpg?width=900&height=81&name=carbon-(48).jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8b7ab654e0ddf471745f979de3199a844cb31fec259c48ad87a4d643abc2c47

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 e3964230e2f6e90d463d5500cb5c136c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-123388110745,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 6964
cf-resized: internal=ok/m q=0 n=893+0 c=0+10 v=2023.6.4 l=6964
last-modified: Tue, 04 Jul 2023 17:12:38 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfnjfHsJF7kjsjLgX1hHP1KBxn4mmVXl60jj2is1V6DQ:4fd282f8b99a2de01254fd60b33c2134"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0Mw6YH7TaEGbdtjpFahmGfSZj6sucuWgFAm2BBLdAwlEyedlByDGQkIxHd14pQDBaZkAY%2F%2B8slTnmcmQrsmXbHprEzVm5QK2Ao8FcBhTFhah4kFK0f%2Bn1gx2zfTagnV4SRxhHqxBrANfIayi10%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36524b029b4c-FRA

GET
H3 200 carbon-(49).jpg
blog.aquasec.com/hs-fs/hubfs/ 183 KB
183 KB 146ms
146ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.aquasec.com/hs-fs/hubfs/carbon-(49).jpg?width=900&height=1543&name=carbon-(49).jpg

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

01b582e2b4a69f05ba735a5c219f846e34e3ebcde448fe06c21b2af128e99bc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 ec15f7f1de81d98c6198bce0467ac3ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-123392811016,P-1665891,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 186882
cf-resized: internal=ok/m q=0 n=1062+0 c=4+140 v=2023.6.4 l=186882
last-modified: Tue, 04 Jul 2023 17:12:38 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cffv6FBLVjT2u4SeRtDQV2ZEQujbDg5QkSYfaRlLqODQ:5b6f728ba7a77358ffc00d3f9b352966"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdGIKKe75L5q6bZZQKUMqe6ff272wNq9NU0F4Z3rf0yuY%2F4syd7hhBcpFnD%2BEbwQlEkiI5J4D5WCrvgvHiS3omONkvlqZ0nXhjpgytXy5LqPV39%2FWeg1gjOXtC2%2BLKnqCv3xGHGNmOVOhkXnBk8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7e2d36524b039b4c-FRA

GET
H2 200 logo_aqua_dark_2020.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 2 KB
2 KB 58ms
57ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/logo_aqua_dark_2020.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32046089ccace81843cbfbf1e80ec224e591a3a6441753dd62e0bcf4cf33c6d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: cGIgv._m7NnLCO.CteoU4AWXKa3.JYOI
age: 571652
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: TNERW3W12223YR2J
edge-cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-32606658374,FD-6262692448,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: sEDaE6DlfhqzyPfD3BpF8KldP1zyT4ojjDL0yPX3D63Ibiw7t6KlGHh7h4azlZ+I1wZHveWuY1ZEnIfEVRY6HA==
last-modified: Mon, 20 Jun 2022 10:04:44 GMT
server: cloudflare
etag: W/"fb3dc48473ed7d00d95c696406bb2aa0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1595279826387
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36526bf339d0-FRA
x-robots-tag: all
x-amz-cf-id: SowN0ziD3E2OErkXiEL1658TQ60sKNN6RWecK4Iw9LUOI1_OUdxoKQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 facebook.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 779 B
875 B 59ms
57ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/facebook.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c777fc478672e659838faae4c55cf7a8e32c688431ee4d0cd268cf14f645b673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: SiJr2kD481BGRTq56gO1daBOEbOHUvM_
age: 654975
x-amz-cf-pop: FRA56-P7
x-amz-request-id: TNENW9FFCZ8DYA9V
edge-cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582432823,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: VpC8Ny+uxUXC+ePtHCxiTq3rszlTjVnWvORuFv9JCOtL4QCYXN8zRg/JIsJcmVTLijmY0rQkyIQ=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"19749026ef152d226e9257455bec9ed7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36527bf439d0-FRA
x-amz-cf-id: WiyDRHTrujZD3FiYgHmZxcrWVOkaUV9K-DdZRVaDjBDdRt7HzBxLUg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 twitter.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 1 KB
1 KB 60ms
59ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/twitter.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7138c5a544f4668dd59e8f9d96aaa87bcfd0066948ea309f2db6460bd3b81041

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: mVTFNpptaHocM.LV.q7AdmUpV3QrCcWF
age: 937720
x-amz-cf-pop: FRA56-P7
x-amz-request-id: YBRS4KE4PEW83VGD
edge-cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582014199,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
x-amz-id-2: HLG6yY2McFRZ/URnFqDz+3RpnpLtP5XlGNLWW2dc3CExaWrXGXVYY1N53UFp/tRGUCnnfq/1gKQ=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"c4fcf938ebe664dd424c0a6a5e4b03fc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36527bf639d0-FRA
x-amz-cf-id: QNY4lhu6RAo0jP1UeB4wCCbMpLsMqzOWUxoTm_TzW2EtURy6Kzx_lw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 linkedin.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 602 B
871 B 60ms
59ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/linkedin.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73b8cc55f2871f64c632b3fe73f36a7b8aaf40ee2a138695573bdc976e1942a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: nffArO3nn88qKY3dclKx6aF8R_YTTHRu
age: 668617
x-amz-cf-pop: FRA56-C1
x-amz-request-id: GZYWJMDJVXNM04W5
edge-cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7582436500,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: qNxqtR0KIeDfdRnYf2aZH2cGDU1LzLVeWdf9674Dw0Rvzc6K0FxyoUJjqhgFf7dAG22Ws8N2LtI=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"ea3d9adf55e5ce658c6a105df641d667"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36527bf739d0-FRA
x-amz-cf-id: 5xuHg20qabCgtA8ZK6pF217FPG_WpHZ_VlGZzIiPjbyg2LpD_oo6kQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 youtube.svg
1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/ 746 B
855 B 57ms
56ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Misc_images/blog/youtube.svg
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs-fs/hub/1665891/hub_generated/template_assets/7511165869/1686823327504/Coded_files/Custom/page/Aqua_Theme_2019/aqua_theme_2019_styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a0cd9e51e9d88fdebfc2389a7fb0864a4cb6f1900262caa68f69c4c21c54eb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
via: 1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
x-amz-version-id: Q4TWafakBa5dIfTqtAoQ9ZM_q.TqNNL7
age: 1751776
x-amz-cf-pop: FRA56-P7
x-amz-request-id: A89EPK7NWMW0KTGW
edge-cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
cache-tag: F-7580107715,FD-6262692448,P-1665891,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: 2zLkLA2DJvD/p5ClZujkHkMcSUkhF1rm0XUUcxD6kb0YqY5Fz3UYpixG37DiNEl2H9WPbwnP1qM=
last-modified: Wed, 13 Feb 2019 23:42:59 GMT
server: cloudflare
etag: W/"bd569f0d9e19f95b6e7f98bdb5f7374b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7e2d36527bf939d0-FRA
x-amz-cf-id: s-WCq3usyXwXq4JOBuE5IZ1o1X2QeshUj9c7439ed-GutBMmti8XFw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 json Show response
blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/ 23 KB
5 KB 447ms
447ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c/json?hs_static_app=forms-embed&hs_static_app_version=1.3372&X-HubSpot-Static-App-Info=forms-embed-1.3372

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

58388e48507350f50a74419ddcc245b7de60d8bb089c6218814bd821d713f4b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 07 Jul 2023 04:05:59 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c3092900-b537-4a35-9aee-ec760099c698
x-envoy-upstream-service-time: 17
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c3092900-b537-4a35-9aee-ec760099c698
server: cloudflare
x-trace: 2B7FFDDD8FDF2DCC5379C7FD98E334B2D53941A9FF000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYGxVWJMTRl2XFULHPzQKnps%2BlNUHy%2FIBHs2dQuqV%2BtPf7WfYhjWZWe%2BFhYha5borLXG%2FSsrw6EQPu2x9H4bvOrpdnUNr9EYa1K0kTnD4Jy9rQKLjPdjf5IZlEgIBOICBbEibMC4KIx4PjVEbyA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7e2d36529b3f9b4c-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/ 6 KB
2 KB 205ms
203ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/forms/embed/v3/form/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a/json?hs_static_app=forms-embed&hs_static_app_version=1.3372&X-HubSpot-Static-App-Info=forms-embed-1.3372

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1026205bf65a52d0723b1f1fc01671218f4723b51588937a1932e07d8adc069b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e4fc8c90-4ed9-4ac6-b054-b1b0bfaee4f2
x-envoy-upstream-service-time: 13
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e4fc8c90-4ed9-4ac6-b054-b1b0bfaee4f2
server: cloudflare
x-trace: 2B45F694634D11818C57C07873D0CFE7D835A60B3B000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVOfWx13MwJ8fqpyS7xjs2g9zqsmL2A%2FYif68UxRNbUMRCCpECEEuVrD%2FQHmfxTrqh8TtHkYlRET1Ry5XryDvjB5nCVy98%2Bs9zb%2FqFQrBYm6lXwK3eoWf8wFE1dZ1WjxXcVlJSGLhBIhjC0CYxY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7e2d3652ab4e9b4c-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 1665891.js Show response
js.hs-analytics.net/analytics/1688702700000/ 66 KB
21 KB 284ms
193ms Script
text/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1688702700000/1665891.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6266f7d27c37e9b77ae166f9337e430531c88df57281f7d03544b906ecbbcd1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: DXME7HQMYENDDCXR
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: ce6b2f1d-57d2-4956-bce2-979bbb4e3b1e
x-envoy-upstream-service-time: 24
x-amz-id-2: TuxbWGhrJXds/bIU5vaFZ6G0ggwc+Eg9H+gU/rrnJn3ra8wiXU4nD5LsXjer07a18rlUJkXQLJk=
x-evy-trace-listener: listener_https
x-request-id: ce6b2f1d-57d2-4956-bce2-979bbb4e3b1e
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 15 Jun 2023 14:40:48 GMT
server: cloudflare
etag: W/"fd4f5bfdebe9c4a447ebb7b99c1aeeb7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7e2d365349e2085b-FRA
expires: Fri, 07 Jul 2023 04:10:59 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 75 KB
22 KB 142ms
49ms Script
application/javascript 2606:4700::6811:65ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:65ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56c4495857616105157baa89caee2ef427fcb4fab4183d4e4b6b686e97ca4eea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
x-amz-version-id: cEbcZKKjYfgnQYQfQwG6R0hUhblxYW3W
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 78
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13538/bundles/project.js&cfRay=7e2d346a595137f1-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 02d3523a-bf08-459b-8340-ccf1049eb4bb
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 02d3523a-bf08-459b-8340-ccf1049eb4bb
last-modified: Fri, 30 Jun 2023 06:08:01 UTC
server: cloudflare
etag: W/"c8d00711b661f5000343a50b4d377d25"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-ksc82
cf-ray: 7e2d36534949199e-FRA
x-amz-cf-id: achfZ0Vmqj5BY8js5Rniem-Rske8ErYgSVNKBQLWB9RbfaCcjmoneg==
x-hs-target-asset: conversations-embed/static-1.13538/bundles/project.js

GET
H2 200 1665891.js Show response
js.hs-banner.com/ 70 KB
16 KB 244ms
158ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1665891.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/scriptloader/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 551c3bab6074c132e311a10ce2c984ce0f5c6cd8b96c311601d22fa820c2e37f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: 3WxyryV_hrhWsTuzsUyuhG.3cPW93U.m
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 41195RC22D66QV1Y
x-amz-server-side-encryption: AES256
x-amz-id-2: HwJNloyyj3Ax3jAjOYCCSjuDotWAC6oD3iOe3PU/2js/+Yy84tGz5e0mbSF23q3csiQecg7N9j4=
last-modified: Mon, 17 Apr 2023 15:00:41 GMT
server: cloudflare
etag: W/"6cf7f2cf5165c221ff409e9ccf5132cf"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.aquasec.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7e2d36534e181a86-FRA
expires: Fri, 07 Jul 2023 04:10:58 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
978 B 312ms
208ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1665891&callback=jsonpHandler

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0af9d847-b514-44f2-bde5-3d8395d0fee1
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7e2d36536bbe1c79&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 0af9d847-b514-44f2-bde5-3d8395d0fee1
server: cloudflare
x-trace: 2B59EADE3CCE02A6DBAE0C04F4989A79AEA4F4708E000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-mm66x
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7e2d36536bbe1c79-FRA

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 72 B
535 B 149ms
149ms Script
application/javascript 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1665891&offset=0&limit=1000&contentId=123313501283&collectionId=3657573699&callback=jsonp_1688702758831_54

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41f2f93ea41635548da681aeb0b3d0a24ee3ed13655aabf55097f8d8efc88439

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 08d11699-fd23-4624-8b6e-2112a349c263
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 08d11699-fd23-4624-8b6e-2112a349c263
server: cloudflare
x-trace: 2B54F896B4804D19B79A9427DF2D1193605E369330000000000000000000
vary: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hg3ZXKZlQ0he1DOdqRoptBFCCWWkG%2Bcqahz6xDl358p3DvUZn%2B1Qc6Po%2FvhOou0gOb1oGovq3%2BvI49d4u0VAeE4ziFXYC5NIPhmR5HnHerSt0WszRYlbKF4lWAmHZfk3Mc2V4acluD%2F4Ll53%2F%2B87Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-55fmk
access-control-allow-credentials: false
cf-ray: 7e2d3652c94f046a-FRA

GET
H3 200 postlisting Show response
blog.aquasec.com/_hcms/ 2 KB
1 KB 260ms
260ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/postlisting?blogId=3657573699&maxLinks=5&listingType=popular_all_time&orderByViews=true&hs-expires=1720231300&hs-version=2&hs-signature=AJ2IBuGjZBY9fIT3Yr6zWK5nLVWTQM-EDw&currentUrl=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d9ba83164ada1fbe735c1276a1384ae7d75fa42ae2123925fa5d3fbb11341b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f923a372-700e-4ed9-bc0c-7b77c2a92cad
x-envoy-upstream-service-time: 26
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f923a372-700e-4ed9-bc0c-7b77c2a92cad
last-modified: Fri, 07 Jul 2023 04:05:59 GMT
server: cloudflare
x-trace: 2BE2194418CDF09C7B24DC3F2D4E50043138A6263F000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=peMLl23s1IH8YKxjlMdJa47E6ulsCSn8Ou27L0yYoPvR8rAkY9iPVZ86uPXqiiyw8lAXA5ncbSxM1Q5T62HEyzG3jG4zWjZI3dXvuCzHLKUcRX80Tlb5S0FkYfzjWcp7cjp6S6ahuKxuJEIkmnA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-40-49-td/envoy-proxy-7966c868f8-ff8jh
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 7e2d3652eb769b4c-FRA
x-robots-tag: none

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881756472/ 3 KB
2 KB 148ms
56ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881756472/?random=1688702758924&cv=11&fst=1688702758924&bg=ffffff&guid=ON&async=1&gtm=45He3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&hn=www.googleadservices.com&frm=0&tiba=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&auid=411473852.1688702759&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ff2736a531cd3c0d4f3176089ce7f7d13aeed128f3e8726460f713dd72626bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1355
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
772 B 179ms
52ms Script
application/x-javascript 2a02:26f0:780::210:a423
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a423 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Jun 2023 17:35:57 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=40483
accept-ranges: bytes
content-length: 560

GET
H2 200 9110.js Show response
script.crazyegg.com/pages/scripts/0082/ 6 KB
2 KB 550ms
442ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0082/9110.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7ee12725456527413f4eb38618cb36834b3e0f843f48e73ca1b7d609054a3ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Fri, 07 Jul 2023 04:05:59 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
ce-version: 11.5.100
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d36541e931945-FRA
content-length: 2203

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 169ms
67ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 07 Jul 2023 04:05:58 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6639B8155F574E16A1B79E13C260EA7B Ref B: FRA31EDGE0605 Ref C: 2023-07-07T04:05:59Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 1665891.js Show response
js.hs-scripts.com/ 1 KB
1 KB 257ms
172ms Script
application/javascript 2606:4700::6812:873b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/1665891.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:873b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98fb26be3713d1abc8b662448d242b4a1dfc73005c96f0f1ce40bbc89ff6d507

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: br
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6099b63e-b254-4ed9-ac74-47e060b6b5c4
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6099b63e-b254-4ed9-ac74-47e060b6b5c4
last-modified: Fri, 07 Jul 2023 04:01:51 GMT
server: cloudflare
x-trace: 2BDF68A7669D7B50C2DDDB346DECA19C3B7E1172E2000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-nbhzm
cf-ray: 7e2d3653fa5891d7-FRA
expires: Fri, 07 Jul 2023 04:06:59 GMT

GET
H2 200 pixel.bundle.js Show response
pixel.dealtale.io/ 37 KB
12 KB 174ms
44ms Script
application/javascript 13.32.27.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.dealtale.io/pixel.bundle.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-27.fra56.r.cloudfront.net
Software: /
Resource Hash: eda9e4920e8950a3a87b897eb5745b1f0258ad805a8e2906a4fcffb7976b0504

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:03:03 GMT
content-encoding: gzip
via: 1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
last-modified: Thu, 06 Jul 2023 13:51:34 GMT
x-amz-cf-pop: FRA56-C2
age: 178
etag: W/"923c-1892b78f270"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
x-amz-cf-id: NLXXUEa0S1yXZrhGDItmRvNtJsVUOp9SafSDuosHsFVRhpyirjNJXQ==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 35 KB
11 KB 241ms
52ms Script
application/javascript 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 May 2023 00:27:16 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64641f64-8a3f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 11052
expires: Fri, 07 Jul 2023 04:05:59 GMT

GET
H2 200 data-layer-events.js Show response
info.aquasec.com/hubfs/ 11 KB
4 KB 1055ms
935ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://info.aquasec.com/hubfs/data-layer-events.js?v=1688703358940

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

396f95fe76847ae1beacf9c523d2b852b3fc31ce9beedbde4df6b7f8ba6901ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-request-id: BSYBQDZFVYV4FSJX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"b492d523ec97a31b53add8896e2baeca"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1656583869290
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XcRlKoDF..T4fG.0Cjjm9Tr4D9UFP3Rp
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-77926488921,P-1665891,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ltlPGx4zQZPijpOT2NS14Szd0g5rhJLno++y6Ze10Pm6R8T0SMgvg/qRr7SYbut8N71ZDkYQhGrDw1lrjbR6b5CZCDu5t6mocJmRSc/SDbw=
last-modified: Thu, 30 Jun 2022 10:11:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BeUGcZaI5ieAEdakMQtVxaTB%2BAKNOfnErvXGgeFFmh7kLv3xhzwwoDKj5TnVKxAnQP89v7c2vyU%2FK1HzI83uSFY%2FlCJJyUq6SS7vLMuVkHnyjrla8N5NoMBn%2FHetBsAkJ97mrftyfCRke1afx0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7e2d36550de12c72-FRA
x-amz-cf-id: gWVziNXEIBNo4vCt3_EzMKISBX0SbE6eK3hzvocHOZJ7vSYdedS4Vw==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 138ms
40ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Jul 2023 03:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3682
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 07 Jul 2023 05:04:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 239 KB
82 KB 54ms
54ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5N9T3H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cd42a4c5be184f4acdd7d83ae126f9172bc9f1035cc1c71df7e0235905ec19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83990
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 07 Jul 2023 04:05:58 GMT

GET
H3 200 widget Show response
blog.aquasec.com/_hcms/livechat/ 306 B
1 KB 206ms
205ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.aquasec.com/_hcms/livechat/widget?portalId=1665891&conversations-embed=static-1.13538&mobile=false&messagesUtk=c7b697c92c4e4591bd5ac5ff0d6e04e6&traceId=c7b697c92c4e4591bd5ac5ff0d6e04e6

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3f748990963fb10dbeec5a08ed679c1f80f56eb36b19f1ae54e0542b30556af

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 81058523-b1c0-45a9-95dd-77d4a6c62bfb
x-envoy-upstream-service-time: 37
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 81058523-b1c0-45a9-95dd-77d4a6c62bfb
server: cloudflare
x-trace: 2B0FACF27D5F496B6474BFE689552D2CC968A42D53000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-nbhzm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKNwWeBTRWLAncEmzj%2BlvkaE2Jq%2B83XSuC4IfU3y%2FZ1pKv8oMM4hbY6yZb0MDNzQlbPMI9HMndg71SGNuZRGyIZVW9bsTKXTyAUWfq0SIccOJLV21TbyetmO4FWl%2BEgD8XdfuCqiKPFZ2KN9eRk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7e2d3653cc179b4c-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
983 B 246ms
160ms Image
image/gif 2606:4700::6811:d4f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 07 Jul 2023 04:05:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: c6022b14-73e8-41a5-9991-afb188d0dd2b
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6022b14-73e8-41a5-9991-afb188d0dd2b
Server: cloudflare
X-Trace: 2B22838AE0F85957A2F4F790194D36E241D6354448000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-rgcrk
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7e2d36550b9a360b-FRA

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
983 B 527ms
427ms Image
image/gif 2606:4700::6811:d4f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 07 Jul 2023 04:05:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 274cb65e-b0db-40e6-aabe-1b0a0669d330
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 274cb65e-b0db-40e6-aabe-1b0a0669d330
Server: cloudflare
X-Trace: 2B78B6A5B88DE9C0918D1655E3384DE498339BED62000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7e2d36552bce1a49-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 139ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-D2G99SQ9HG&gtm=45je3750&_p=1414203941&_gaz=1&cid=851676820.1688702759&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1688702759&sct=1&seg=0&dl=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&dt=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=Blog
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 152ms
48ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-D2G99SQ9HG&cid=851676820.1688702759&gtm=45je3750&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-D2G99SQ9HG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 147ms
54ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-D2G99SQ9HG&cid=851676820.1688702759&gtm=45je3750&aip=1&z=1814916373

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 218ms
135ms Preflight
application/octet-stream 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.aquasec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.aquasec.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7e2d36554c1dbbbf-FRA
content-length: 0
content-type: application/octet-stream
date: Fri, 07 Jul 2023 04:05:59 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: c7d2c045-f0dd-4717-a7ba-06677b129779
x-request-id: c7d2c045-f0dd-4717-a7ba-06677b129779

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
151 B 152ms
152ms XHR
text/plain 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/1665891.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 85056a17-81d0-4a9c-9b68-09d4d161c9e8
x-envoy-upstream-service-time: 18
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 85056a17-81d0-4a9c-9b68-09d4d161c9e8
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://blog.aquasec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7e2d36562cb1bbbf-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/881756472/ 42 B
455 B 140ms
51ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881756472/?random=1688702758924&cv=11&fst=1688702400000&bg=ffffff&guid=ON&async=1&gtm=45He3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&frm=0&tiba=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&fmt=3&is_vtc=1&random=3530243547&rmt_tld=0&ipr=y

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/881756472/ 42 B
455 B 61ms
54ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/881756472/?random=1688702758924&cv=11&fst=1688702400000&bg=ffffff&guid=ON&async=1&gtm=45He3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&frm=0&tiba=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&fmt=3&is_vtc=1&random=3530243547&rmt_tld=1&ipr=y

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 56ms
55ms Script
application/x-javascript 2a02:26f0:780::210:a423
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a423 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Jun 2023 22:23:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=62617
accept-ranges: bytes
content-length: 4807

POST
H/1.1 200
OK et
app.dealtale.com/ 0
145 B 207ms
69ms Ping
text/plain 15.197.244.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.dealtale.com/et?lid=66d31e79-9886-4547-8cce-8049238654c4&sid=f8d4aa7a-6904-425d-b236-fe4ff6a52167&orgId=5fb0eb0ba8b8c0001139d936
Requested by: Host: pixel.dealtale.io
URL: https://pixel.dealtale.io/pixel.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.244.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad3b208e15c6d832e.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 07 Jul 2023 04:05:59 GMT
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2 204 25111106.js Show response
bat.bing.com/p/action/ 0
119 B 142ms
142ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25111106.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Fri, 07 Jul 2023 04:05:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 93D1B0F986874D19A8A14B4B12D58B6C Ref B: FRA31EDGE0605 Ref C: 2023-07-07T04:05:59Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 62ms
61ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25111106&tm=gtm002&Ver=2&mid=c46bb531-f95f-41ce-b80b-93b5d91f2d6c&sid=946a00a01c7b11eebee3d9b79a5e91e9&vid=946a82d01c7b11ee9484bdf572269fcb&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&p=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&r=&lt=707&evt=pageLoad&sv=1&rn=204215

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 07 Jul 2023 04:05:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D6E4735C290940E89410D42477F920C9 Ref B: FRA31EDGE0605 Ref C: 2023-07-07T04:05:59Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/45226/domain/blog.aquasec.com/ 36 B
376 B 172ms
41ms XHR
application/json 2600:9000:20eb:6000:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/45226/domain/blog.aquasec.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:44:24 GMT
content-encoding: gzip
via: 1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 1295
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: I63CZzLRdCzX0NadQa3HyQ0H1YGDLVVR4tolrgOtE9VuyQufpGNJUw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D45226%26time%3D1688702759214%26url%3Dhttps%253A%252F%252Fblog.aquasec.com%252Fthr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true&e_ipv6...

0
264 B

252ms
141ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true&e_ipv6=AQJEXIPajGu_eAAAAYkuhzOs4fTvanm3lxKLeE1yNXS7b9EPrfUDM8-EvwoMb8KMpmSoaSQ
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 22318436F4B14507AF14DC4DC941F7EB Ref B: FRAEDGE1308 Ref C: 2023-07-07T04:06:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/3cAll2H8NWeriX85rA==

Redirect headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 97AD9CEF51404EF0BC062483780E17FD Ref B: DUS30EDGE0321 Ref C: 2023-07-07T04:05:59Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=45226&time=1688702759214&url=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cookiesTest=true&liSync=true&e_ipv6=AQJEXIPajGu_eAAAAYkuhzOs4fTvanm3lxKLeE1yNXS7b9EPrfUDM8-EvwoMb8KMpmSoaSQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/3cAhwC4Eu2L2BQrYvw==

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 63ms
42ms XHR
text/html 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-219.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://blog.aquasec.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
301 B 190ms
40ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://blog.aquasec.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469084_388391911_83306214_24_714_40_0_-";dur=1
content-length: 19
expires: Fri, 07 Jul 2023 04:05:59 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 264ms
256ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=aee05fd5-a49d-4b44-876e-eff3ce56536e&session=c1bef874-068d-4013-8508-25874a0f9393&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2007%20Jul%202023%2004%3A05%3A59%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2007%20Jul%202023%2004%3A05%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b5b19d05dd2f4d2bdb579c1a77a6b1bd%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2007%20Jul%202023%2004%3A05%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2007%20Jul%202023%2004%3A05%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%20Nautilus%20identified%20infrastructure%20in%20early%20stages%20of%20testing%20and%20deployment%2C%20of%20a%20cloud%20worm%2C%20designed%20to%20deploy%20on%20exposed%20JupyterLab%20and%20Docker%20APIs%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&pageViewId=cb4800ff-0ec3-4b87-8596-9e39c5ab68c4

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 47ms
47ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1414203941&t=pageview&_s=1&dl=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&ul=en-us&de=UTF-8&dt=Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1581084091&gjid=1608134205&cid=851676820.1688702759&tid=UA-63272154-1&_gid=528894737.1688702759&_r=1&_slc=1&gtm=45He3750n715N9T3H&cg1=Blog&z=1674000277

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1665891 Show response
play.hubspotvideo.com/video-preloader/ Frame C49A 14 KB
5 KB 501ms
403ms Document
text/html 2606:4700::6812:11e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://play.hubspotvideo.com/video-preloader/1665891
Requested by: Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/video-embed/ex/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0173e8c8e574a3df361773ab3102105de34cffdb55dfd5ef332390a3536f2c31

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 1204
cache-control: max-age=600
cache-tag: staticjsapp-video-player-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 7e2d365689003671-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 07 Jul 2023 04:05:59 GMT
etag: W/"0f74eb0462b076f9fd59e5d83664a7c8"
last-modified: Tue, 20 Jun 2023 02:55:50 UTC
server: cloudflare
vary: origin
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
x-amz-cf-id: Bcm16vU691nyrruDN5gYG3MgQy2bmAWQv9pKC7mK_FL4FO6lDntY7w==
x-amz-cf-pop: IAD12-P3
x-amz-meta-ao: {}
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: OPhVPHKcCIntzqDTLii22U7K6UvQWeqA
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/star-td/envoy-proxy-7fdbcd4d49-2t6mm
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
x-hs-target-asset: video-player-ui/static-1.10753/html/player-preloader.html
x-hubspot-correlation-id: fbd6d1c9-e027-4fd4-9c8d-820587c55414
x-request-id: fbd6d1c9-e027-4fd4-9c8d-820587c55414

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 49ms
49ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-63272154-1&cid=851676820.1688702759&jid=1581084091&gjid=1608134205&_gid=528894737.1688702759&_u=YCDACEAABAAAACAAI~&z=2104072184

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.aquasec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 63ms
61ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-63272154-1&cid=851676820.1688702759&jid=1581084091&_u=YCDACEAABAAAACAAI~&z=1361730535

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 63ms
62ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-63272154-1&cid=851676820.1688702759&jid=1581084091&_u=YCDACEAABAAAACAAI~&z=1361730535

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 421ms
420ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=aee05fd5-a49d-4b44-876e-eff3ce56536e&session=c1bef874-068d-4013-8508-25874a0f9393&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22%20Nautilus%20identified%20infrastructure%20in%20early%20stages%20of%20testing%20and%20deployment%2C%20of%20a%20cloud%20worm%2C%20designed%20to%20deploy%20on%20exposed%20JupyterLab%20and%20Docker%20APIs%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&pageViewId=cb4800ff-0ec3-4b87-8596-9e39c5ab68c4

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 blog.aquasec.com.json Show response
script.crazyegg.com/pages/data-scripts/0082/9110/site/ 21 KB
7 KB 131ms
50ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0082/9110/site/blog.aquasec.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0082/9110.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ecabc14a3e222c4e66666a6654d10f0489d4f2457a37c271441f7d55e514c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 246
ce-version: 11.5.100
content-length: 7215
last-modified: Fri, 07 Jul 2023 04:01:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d365769fe925f-FRA

GET
H2 200 92524bfe917e29490849d4ee81ff5a5e.js Show response
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 117 KB
40 KB 47ms
47ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/92524bfe917e29490849d4ee81ff5a5e.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0082/9110.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c57f202d31dbcf016dc8673a3d9443f3df24da8afdb91c97a6deb103e35ea22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 30 Jun 2023 09:34:46 GMT
server: cloudflare
age: 32966
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d3657b9fb1945-FRA
content-length: 41061

GET
H2 200 blog.aquasec.com.json Show response
script.crazyegg.com/pages/data-scripts/0082/9110/sampling/ 158 B
214 B 51ms
51ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0082/9110/sampling/blog.aquasec.com.json?t=469084
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/92524bfe917e29490849d4ee81ff5a5e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d410739a00beadf726d74c3e29f36429e4a2e05f1396b59774ca4c5d0a1828c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 246
ce-version: 11.5.100
content-length: 149
last-modified: Fri, 07 Jul 2023 04:01:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e2d36583abe925f-FRA

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
461 B 162ms
41ms XHR
application/json 18.66.97.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/92524bfe917e29490849d4ee81ff5a5e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-4.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 11:18:30 GMT
via: 1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 7922850
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: 4Fht0rgRZomLMR23kawajRp6QRClRxKvJ56OazJ_1iFgHsZgSiMACw==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
387 B 142ms
39ms XHR
application/json 18.66.122.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/92524bfe917e29490849d4ee81ff5a5e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-72.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:10:02 GMT
via: 1.1 a4233498d2bd44dbd411d60d86f8334e.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 21084958
etag: "d06f04fccf68d0b228a5923187ce1afd"
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 19
x-amz-cf-id: pYilJTW74w5aA28JcZkEngVSifnsRTW9C2-I5m452_ba_ID2IC_vtA==

GET
BLOB 200
OK ba9575b3-a29a-4ef2-90cf-cb16698bce3f
https://blog.aquasec.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.aquasec.com/ba9575b3-a29a-4ef2-90cf-cb16698bce3f
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H3 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.338/ Frame C49A 44 KB
17 KB 102ms
54ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.338/bundle.production.js

Requested by

Host: play.hubspotvideo.com
URL: https://play.hubspotvideo.com/video-preloader/1665891

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef39ee441c4e7792c5cda9a8bd86ddce96d9b17bda0cc9f7187f1a70ce9b3ed5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://play.hubspotvideo.com/
Origin: https://play.hubspotvideo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: uq4ahwTgbmdDVq3iqHPHE8OZSufTo1wc
via: 1.1 29da4b53f2ce7517cad842851fd7a428.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: TXL50-P4
age: 294629
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 28 Apr 2023 15:18:57 GMT
server: cloudflare
etag: W/"d4a36ffcc533bcbae2a557884d3059e8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sX6SDg8V%2F7vB01pOpqf5L%2F2DZaVNQlHXhjVbxTU0tcotsW1k2cZdHXUGNKtOoG80rLBnyI7LYQC0mGqrHe12YKpAqldrWtTie84UzsLSkA%2FxcTtROS0zE%2BVgEyvlDAf0yML3WSe99uhQcmCcoUMmLOwErZs%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: public, max-age=31536000
cf-ray: 7e2d36596fe89bfe-FRA
x-amz-cf-id: EP6IKimsiujjeHLtc0aP8H10sP0To7-q2gWVAe9fLvzrOGeE9z9JSw==
expires: Sat, 06 Jul 2024 04:05:59 GMT

GET
H3 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.392/ Frame C49A 294 KB
94 KB 141ms
94ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.392/bundle.production.js

Requested by

Host: play.hubspotvideo.com
URL: https://play.hubspotvideo.com/video-preloader/1665891

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a827ba0a43cbeb52e1f7c01fac1d8526f1a927ef58d5a0bc4ea4047a8b47f075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://play.hubspotvideo.com/
Origin: https://play.hubspotvideo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: GyJQrIoHDRIfCuwwSVVsJwX13g1Qp9_O
via: 1.1 69b4ccb4caed8bb6a3a45a0df08d1446.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P2
age: 121927
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 11:56:47 GMT
server: cloudflare
etag: W/"90cd3e4c19469ce68f12da7dbe18af11"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86oAE4duk9tAXSeJwh9Tvylyh649ckXwDk3tP0%2BZLeQcmodGgSFaIU2eTTx74k8%2BUM1w5tuVu%2FUiCUEyvTWOkAoTN7AcyQqI7L4%2BSQ0y0Biyyr9rh6jKodLLg%2B6aRzysAUxawJLuN4DY%2FR6Mlz6cmUbadxg%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: public, max-age=31536000
cf-ray: 7e2d36596fea9bfe-FRA
x-amz-cf-id: G9TFRfTkXF2p1An4z9dr1iLA_4KpUMIDGT8rLnUh5TimZZySOFWpLA==
expires: Sat, 06 Jul 2024 04:05:59 GMT

GET
H3 200 project.js Show response
static.hsappstatic.net/video-player-ui/static-1.10753/bundles/ Frame C49A 1 MB
409 KB 227ms
179ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/video-player-ui/static-1.10753/bundles/project.js

Requested by

Host: play.hubspotvideo.com
URL: https://play.hubspotvideo.com/video-preloader/1665891

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25ab60d3e2df1a906b71b68c553780dfc7b380d26fc9a5c54509e3eb3900b49f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://play.hubspotvideo.com/
Origin: https://play.hubspotvideo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: fEREhzrlo30KKTjI3U4TwTd5gCbpYkwk
via: 1.1 4445c4223f8c2460ef5d29a08d1cc6ac.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: AMS54-C1
age: 1429764
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 19 Jun 2023 20:56:10 GMT
server: cloudflare
etag: W/"c4f656229af8118f698be98a9873d8cb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NR%2FnU8hsfM6AdGSbHoC5a2juZPywFFbFg%2FYeYeZPk0eSfsKrGPd7FggSPqIbNDejqKfJCU265aHgRkpVBsuDVzyYtdphQszTV5iNGy1yM6N3xOjRZZSZN6%2Ff3N69PPBgQOHfYDG00tZN6b7SJ0NudLdgPF4%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: public, max-age=31536000
cf-ray: 7e2d36596fed9bfe-FRA
x-amz-cf-id: 3Inu9qFciXuXJAhYSPKAEKLrwivEmaRqg5DkHbQFkDrXSiZc6Wlq9g==
expires: Sat, 06 Jul 2024 04:05:59 GMT

GET
H2 200 project.css
static.hsappstatic.net/video-player-ui/static-1.10753/bundles/ Frame C49A 53 KB
13 KB 49ms
48ms Stylesheet
text/css 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/video-player-ui/static-1.10753/bundles/project.css

Requested by

Host: play.hubspotvideo.com
URL: https://play.hubspotvideo.com/video-preloader/1665891

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aeecf81aa8557dfef73bfa143aeead42e1c5083d1a7acd0a780ca1043172c854

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://play.hubspotvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:05:59 GMT
x-amz-version-id: oGfqO2wzny2OgL4S1rUFMtsMFqVbpnid
via: 1.1 10150f1f3768fd868d31d5faec2b61f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P2
age: 1492170
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 19 Jun 2023 20:56:10 GMT
server: cloudflare
etag: W/"8da7aafadd04d32558e6c83ce72b4f23"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CAKvnkaqQ%2BSUiW1XESzCE4GjzVojpCCTBRrRGxzc2V0sC8n23yXDd88culdU3T%2B7G560v6Cu3K9itbpUzaX9wri0XwVqo%2BaOlnPMxArY9ferF%2F9vQVOk1Lv7sZhl0%2FFPIaXtMO5UtPzIikrnDP5NQqy%2Fgg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7e2d365919c537ea-FRA
x-amz-cf-id: 3cUN_5TFn2D1b9KSt63aHWnjW7K9nFmbPC_je8De3ThdFrTfvE3B0A==
expires: Sat, 06 Jul 2024 04:05:59 GMT

GET
H2 200 clock Show response
tracking.crazyegg.com/ 28 B
135 B 235ms
108ms XHR
text/plain 108.128.54.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1688702759928&tk=7275d2dfbee8b83b8cd904fd3328187b&s=328806&p=%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&u=829110&v=b5489ceebbb7466879e5fa15faf088eaf8ee75fb&f=blog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&ul=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/92524bfe917e29490849d4ee81ff5a5e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.54.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-54-216.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 3058b4a22c51c537ecbf17d249306b948fcca6c8299edd8ac3f205039272f27b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 07 Jul 2023 04:06:00 GMT
cache-control: no-store
server: awselb/2.0
content-length: 28
content-type: text/plain

GET
BLOB 200
OK 249881e7-8a84-406e-9fcf-e61cab4064ea
https://blog.aquasec.com/ 256 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.aquasec.com/249881e7-8a84-406e-9fcf-e61cab4064ea
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aacfcd18b520474131a1f406500be960e1cef536e78a5a3bd4e5d1f9a6a5da61

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 256
Content-Type: text/javascript

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 235ms
234ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
605 B 163ms
162ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123313501283&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cpi=123313501283&cgi=3657573699&lpi=123313501283&lvi=123313501283&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&t=Threat+Alert%3A+Anatomy+of+Silentbob%E2%80%99s+Cloud+Attack&cts=1688702760538&vi=eee129bf03934171ddca34988eb27eaa&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2134ccc4-8a74-440e-be43-3b5e604eea92
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2134ccc4-8a74-440e-be43-3b5e604eea92
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NY5aGiS%2FkmFrhsYdQcpn4pW93QEQrxdJyKMOr4Vlpzdf6khyQ3nqRkgiF04yZJnP7yG8ByVEkfwkVMFlaJcjfUyg5FQjOHApdWawxuu065wO9kHbII7GX8YqWUolmEargv%2BbmLLNh1SWB7ZTX%2Fab"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-skh97
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e2d365d8ea91c79-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
440 B 167ms
167ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=cd35cd62-5ec6-4e38-9ab2-5a3fd1525523&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123313501283&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cpi=123313501283&cgi=3657573699&lpi=123313501283&lvi=123313501283&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&t=Threat+Alert%3A+Anatomy+of+Silentbob%E2%80%99s+Cloud+Attack&cts=1688702760540&vi=eee129bf03934171ddca34988eb27eaa&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9390b37f-9819-416e-835d-404982d745f0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9390b37f-9819-416e-835d-404982d745f0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9kxcBGBNfsErvtHuJfiGdR4FuDdmcSRbsC4%2BWGZddvTFErqRD0aeO8qSBsPXfyRTnHjvuZUVfE8FCS3DaPg0pODmnt%2BUVHZoA4R3X%2B40w6lJwCVBMasvvmRYFKOHgctfvyt%2Bd1gy2Iw2bM63uf7"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e2d365d8eb71c79-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
595 B 169ms
168ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=fc3a461b-474b-4bd2-b409-c41d4ec09d8a&fci=cd35cd62-5ec6-4e38-9ab2-5a3fd1525523&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123313501283&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cpi=123313501283&cgi=3657573699&lpi=123313501283&lvi=123313501283&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&t=Threat+Alert%3A+Anatomy+of+Silentbob%E2%80%99s+Cloud+Attack&cts=1688702760541&vi=eee129bf03934171ddca34988eb27eaa&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a54d9c97-429e-4859-b54b-5e2889af00f6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a54d9c97-429e-4859-b54b-5e2889af00f6
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEaTNqILsupfK2nAf%2BUiPs9WRGcNwK2yAhEJTmPjPYkn7%2FbshiM3WaLi9%2B6APS3zyRIx50nRsaLKdosW%2BHssD0TDd2CnlTCvmI4Nl6Po7lt86h66PoFeMKsrJwMoKub%2FJ0zn8TibA%2BdRMyXkf0fQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-lqfnv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e2d365d8eb91c79-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
443 B 162ms
162ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c&fci=68defe58-d935-4b2c-a02b-1ca7ab818d56&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123313501283&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cpi=123313501283&cgi=3657573699&lpi=123313501283&lvi=123313501283&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&t=Threat+Alert%3A+Anatomy+of+Silentbob%E2%80%99s+Cloud+Attack&cts=1688702760542&vi=eee129bf03934171ddca34988eb27eaa&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9901793d-91b9-40fc-82af-2538b25da5da
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9901793d-91b9-40fc-82af-2538b25da5da
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1NZwhJLIhjH4iDCUY%2Fd3y%2BJl91Ew4eEHW8RDSmWRNI28KnQyT%2FQGmqWm84AEwYLDB2LcHLxbNzFjsBEpMHO6pT%2BfrOWRbasGt8HKDtdtZvFuDFzJ7SquS6WdcjFpyG%2FV99Zy4%2FzyFaJEKL10E7U"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e2d365d9ebe1c79-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
459 B 164ms
164ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c&fci=68defe58-d935-4b2c-a02b-1ca7ab818d56&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2241961375&v=1.1&a=1665891&pi=123313501283&ct=blog-post&ccu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&cpi=123313501283&cgi=3657573699&lpi=123313501283&lvi=123313501283&lvc=en-us&pu=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&t=Threat+Alert%3A+Anatomy+of+Silentbob%E2%80%99s+Cloud+Attack&cts=1688702760544&vi=eee129bf03934171ddca34988eb27eaa&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5e0d0e84-d24b-45f3-8f03-4634d7dfd19f
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5e0d0e84-d24b-45f3-8f03-4634d7dfd19f
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wndpw9Lg70JpqxKKiV6tJsTGPbUSxATiGFXZh5Pn5DJH2JNXYgCipLexkPVibTSJ%2FO%2BLMAMjYg1W23kVNUFudpj7cr6Ooy7DQ12bUtt2ltEaXiQp0MVXONR1jUV95U2eoeHBYOYap1OmP0imZtAx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7e2d365d9ebf1c79-FRA
x-robots-tag: none

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 251 KB
49 KB 188ms
47ms Script
application/javascript 2600:9000:223c:3a00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: blog.aquasec.com
URL: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3a00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 53b4f3aaefd1aac9711d7917adcf6a62ef1e15a1920ccb79ecac220bacf3a9aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 12:20:18 GMT
content-encoding: gzip
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jul 2023 08:06:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 56744
etag: "31b46caad62bd7d4f8c699cefa853145"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 49620
x-amz-cf-id: vT-pyyPSwQkzwInW1MLp2P-D6sTMi3fNLnQX73-pAMU84sQNh5gjMg==

GET
H2 200 1810 Show response
trackingapi.trendemon.com/api/settings/ 744 B
883 B 391ms
118ms Script
application/x-javascript 34.194.81.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/settings/1810?callback=jsonp751068&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.81.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-81-123.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: f9325df042e7335c0ac4490f313b384fffd12c29e48e54f40e70bbdb148ec600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:06:01 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 744
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 227ms
227ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 42ms
42ms Script
application/javascript 2600:9000:223c:3a00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3a00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 09:05:17 GMT
content-encoding: gzip
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jul 2023 08:06:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 68445
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: XAp3cSsjWQF2Dh5v6ZcS1GBQDO5Po6dsbTsAX5ZGKHFCgjXEoYBCYg==

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 94 B
509 B 129ms
128ms Script
application/x-javascript 34.194.81.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/Identity/me?accountId=1810&DomainCookie=16887027615676468&fingerPrint=b1dff9881504dfb64524f993e0281838&callback=jsonp652542&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.81.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-81-123.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: ebcb145e5a7d4e259559d2a1fb85c594a3be6a49401c96f1a63fb94830956e7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:06:01 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 94
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
234 B 180ms
179ms Image
image/gif 34.194.81.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackingapi.trendemon.com/api/events/pageview?accountId=1810&url=aHR0cHM6Ly9ibG9nLmFxdWFzZWMuY29tL3RocmVhdC1hbGVydC1hbmF0b215LW9mLXNpbGVudGJvYnMtY2xvdWQtYXR0YWNr&cookie=16887027615676468&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=1810:16887027615676468&r=1688702761828
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.81.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-81-123.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Jul 2023 04:06:01 GMT
server: Kestrel
age: 1691358
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 236ms
236ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:02 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 personal Show response
trackingapi.trendemon.com/api/experience/ 3 KB
4 KB 131ms
131ms Script
application/x-javascript 34.194.81.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/experience/personal?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&MarketingAutomationCookie=&ExcludeUnitsJson=%5B%5D&streamId=&callback=jsonp671358&vid=1810:16887027615676468
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.81.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-81-123.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: d5861adbfa1002caefc55c62fe938920770f542a084f28e3bf5a0d90e1866e22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:02 GMT
server: Kestrel
content-length: 3501
content-type: application/x-javascript; charset=UTF-8

GET
H/1.1 200
OK closex.png
pic.trendemon.com/images/ 386 B
848 B 191ms
41ms Image
image/png 65.9.66.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/images/closex.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-31.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 07 Jul 2023 03:44:22 GMT
Via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
Last-Modified: Tue, 16 Apr 2019 23:23:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 76585
ETag: "7da2ae17c3b671047838f7b78687a56f"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 386
X-Amz-Cf-Id: BZiDOdk6lFgUlQxkvNob81xfXC1H4jXf0ajTMGaLxLzYHweLXof_-w==

GET
H/1.1 200
OK 300x300.png
pic.trendemon.com/units-graphics/ 75 KB
76 KB 198ms
47ms Image
image/png 65.9.66.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/units-graphics/300x300.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-31.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0058bf8f19f46d2afec3c7baec803c4582f7e8a43c192ffe575b901f3d6c31b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 06:42:55 GMT
Via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
Last-Modified: Tue, 06 Oct 2020 12:06:07 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 76988
ETag: "855430e5357d2c1eef6fbe9853480bca"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76979
X-Amz-Cf-Id: MRuNEakECbn2gXGZaSDPU4te4Kii73_NARJWrDgxApmo9etKASR_7w==

GET
H2 200 personal-embedded Show response
trackingapi.trendemon.com/api/experience/ 5 KB
5 KB 144ms
143ms Script
application/x-javascript 34.194.81.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/experience/personal-embedded?AccountId=1810&ClientUrl=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&MarketingAutomationCookie=&Ids=%5B%22ac25252f-46f9-4952-bdc4-33b23e371131%22%5D&Groups=%5B%22recommend%22%5D&StreamId=&callback=jsonp624119&vid=1810:16887027615676468
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.81.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-81-123.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 46807e77e8ce7115df517791b551e7369496e56a6e4b04b2fee62785860d2342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:02 GMT
server: Kestrel
content-length: 5242
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 527 KB
165 KB 167ms
67ms Script
application/javascript 2606:4700::6810:bb41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aad18b84e34e15f9dddf39cc08a040e557bce50512b8689f3f7faae963f1429f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-encoding: br
age: 443
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3372/bundles/project-v2.js&cfRay=7e2d2b9b0ea091e7-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"df557d754a89ef0210bd93ff6301921d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3372/bundles/project-v2.js
date: Fri, 07 Jul 2023 04:06:02 GMT
x-amz-version-id: r0RDqVAx5nyXFjVas4brXORZ1.2QDi7x
via: 1.1 06c1d28e93bdae8f6401a12c10b2f570.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 073af115-9daf-4846-9a8a-4dbb0ba57261
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 073af115-9daf-4846-9a8a-4dbb0ba57261
last-modified: Tue, 27 Jun 2023 09:59:09 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDVs%2F7rs1bA98UOmFmv3vANaKzaOhcGbY8uR3vYgwPvSKoqg0QXYUiMNlhSnDqJhSRdZ8eUDuREhY7%2B3j2euLgt7DMkpL2JpqH3IWyk3S7%2BRmivsSvrkYAzB2St6riogcuTKOCwoZMmM61G5"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-5flz8
cf-ray: 7e2d366b1f989205-FRA
x-amz-cf-id: mPT-dLwFjI1LUcz1hWfYS85dHXh5KL5bqh7O08qDTtBEhoarRI98Wg==

GET
H/1.1 200
OK 110dc31336e55747354cc5408a9cc4e8.jpg
pic.trendemon.com/tasks_logo/1810/ 19 KB
19 KB 82ms
41ms Image
image/jpeg 65.9.66.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pic.trendemon.com/tasks_logo/1810/110dc31336e55747354cc5408a9cc4e8.jpg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-31.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b57804b37c910686ee970ad8012e96f99815accf24e4acdea596f33be6957fc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 06 Jul 2023 05:38:23 GMT
Via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
Last-Modified: Tue, 29 Dec 2020 14:21:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C1
Age: 80860
ETag: "428665213b0dd67f0782c696a4aac646"
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19093
X-Amz-Cf-Id: 3YuYU4MlBMvf_AoGRm28U055Wqtc9qfRB0KPvWwpoI587bD65lMYGQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 237ms
236ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 247ms
247ms Image
image/gif 23.213.161.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.161.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-213-161-219.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 04:06:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=b5b19d05dd2f4d2bdb579c1a77a6b1bd&svisitor=null&visitor=aee05fd5-a49d-4b44-876e-eff3ce56536e&session=c1bef874-068d-4013-8508-25874a0f9393&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2007%20Jul%202023%2004%3A06%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2007%20Jul%202023%2004%3A06%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226080%22%7D&isIframe=false&m=%7B%22description%22%3A%22%20Nautilus%20identified%20infrastructure%20in%20early%20stages%20of%20testing%20and%20deployment%2C%20of%20a%20cloud%20worm%2C%20designed%20to%20deploy%20on%20exposed%20JupyterLab%20and%20Docker%20APIs%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Alert%3A%20Anatomy%20of%20Silentbob%E2%80%99s%20Cloud%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.aquasec.com%2Fthreat-alert-anatomy-of-silentbobs-cloud-attack&pageViewId=cb4800ff-0ec3-4b87-8596-9e39c5ab68c4

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.aquasec.com/	1970-01-20 13:05:04	Name: __cf_bm Value: 54cryk8oxFvYdtwTmmxmvUT9Ux3NY5yxvs.AamPCNVQ-1688702758-0-AR18UQNWpDH+TVgqL9aZBZZtUk84j3u2dea3QWht9Bq/3dDdN5L/xu1KGL9CJlv4P7xObPGfAa+PQiZgZGTSabY=
.blog.aquasec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 6271df4bf15d071c047a79000038524f4845b032-1688702758
.aquasec.com/	1970-01-20 15:14:38	Name: _gcl_au Value: 1.1.411473852.1688702759
.doubleclick.net/	1970-01-20 13:05:03	Name: test_cookie Value: CheckForPermission
.aquasec.com/	1970-01-20 22:41:02	Name: _ga_D2G99SQ9HG Value: GS1.1.1688702759.1.0.1688702759.60.0.0
.hubspot.com/	1970-01-20 13:05:04	Name: __cf_bm Value: ZMiNMgpwPKM0Wj4TSub9ZnhPfKzOybiVgsgoNP_HA6s-1688702759-0-Ad6Z7ObrHD5uC7q17BkVHvmUksYIvV8Zb20+3yb8Aq2cUeEN3SSpAQGnkSyEgu3+WRbwNjra/W0kLe7xYqiEV2c=
.aquasec.com/	1970-01-20 21:50:38	Name: _dtorg Value: 5fb0eb0ba8b8c0001139d936
.aquasec.com/	1970-01-20 22:41:02	Name: _dtuid Value: 66d31e79-9886-4547-8cce-8049238654c4
.aquasec.com/	1970-01-20 13:05:04	Name: _dtses Value: f8d4aa7a-6904-425d-b236-fe4ff6a52167
.aquasec.com/	1970-01-20 13:06:29	Name: _uetsid Value: 946a00a01c7b11eebee3d9b79a5e91e9
.aquasec.com/	1970-01-20 22:26:38	Name: _uetvid Value: 946a82d01c7b11ee9484bdf572269fcb
.bing.com/	1970-01-20 22:26:38	Name: MUID Value: 263B1923164F652A3C380A6417C464BF
blog.aquasec.com/	1970-01-20 22:41:02	Name: _gd_visitor Value: aee05fd5-a49d-4b44-876e-eff3ce56536e
blog.aquasec.com/	1970-01-20 13:05:17	Name: _gd_session Value: c1bef874-068d-4013-8508-25874a0f9393
.aquasec.com/	1970-01-20 22:41:02	Name: _ga Value: GA1.2.851676820.1688702759
.aquasec.com/	1970-01-20 13:06:29	Name: _gid Value: GA1.2.528894737.1688702759
.aquasec.com/	1970-01-20 13:05:02	Name: _gat_UA-63272154-1 Value: 1
blog.aquasec.com/	1970-01-20 13:06:29	Name: ln_or Value: eyI0NTIyNiI6ImQifQ%3D%3D
.linkedin.com/	1970-01-20 15:14:38	Name: li_sugr Value: d8a07f5d-550a-40b5-9f91-8d5bb00ef6ba
.linkedin.com/	1970-01-20 21:50:38	Name: bcookie Value: "v=2&dc852672-fe65-4792-8e01-0f8576019db3"
.linkedin.com/	1970-01-20 13:06:29	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=2800:u=1:x=1:i=1688702759:t=1688789159:v=2:sig=AQExWUaiBQQCIhDshlh038wWCiqGhlvR"
.linkedin.com/	1970-01-20 13:48:14	Name: UserMatchHistory Value: AQKyJVikPgf0VAAAAYkuhzKKr-KiqKMkFWkZ5u1fSnlX0GqRNwMF-NcYWoWmivceu5EPq7eYne3W6w
.linkedin.com/	1970-01-20 13:48:14	Name: AnalyticsSyncHistory Value: AQI23gDxtc3-twAAAYkuhzKKSam7wL2Sny236_vmGdoaUt0l5OH2idDxhMR_5zx-UeUOfJwcKfpsWSpDoE5ljg
.aquasec.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.www.linkedin.com/	1970-01-20 21:50:38	Name: bscookie Value: "v=1&20230707040559712d4d29-7ae7-4022-8b22-26c19c6894f9AQEgioH1ZC72MI7VuSs4M49uoJMLA4v2"
.linkedin.com/	1970-01-20 17:24:14	Name: li_gc Value: MTswOzE2ODg3MDI3NTk7MjswMjHhFAyBLSUaekeeXR0fjFnv735sDtGaXeKyPI1xAOCvTQ==
.6sc.co/	1970-01-20 22:41:02	Name: 6suuid Value: dba0d5172b453300278fa76404030000e0659c00
.aquasec.com/	1970-01-20 13:06:29	Name: _ce.clock_event Value: 1
.info.aquasec.com/	1970-01-20 13:05:04	Name: __cf_bm Value: fcOBdE.cIMpNcDb6wMuRnisQYCZnLc7KRY9y92S_IlI-1688702760-0-Ac4EpBRYeGjPl3IIqhafsqsNp5S2BP027SA2Z/QHxyGvJ+w2zq+ekyBWOPOOuRZ0vBll66jkRwro6df7OWpsru0=
.info.aquasec.com/	1969-12-31 23:59:59	Name: __cfruid Value: e01dba636d2f24a0bc44d3a425be28aefa0f9279-1688702760
.aquasec.com/	1970-01-20 13:06:29	Name: _ce.clock_data Value: 69%2C80.255.7.106%2C1%2Cdc0a08e416cd7f8471c71ad711523ca3
.aquasec.com/	1970-01-20 21:50:38	Name: _CEFT Value: Q%3D%3D%3D
.aquasec.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.aquasec.com/	1970-01-20 21:50:38	Name: _ce.s Value: v~b5489ceebbb7466879e5fa15faf088eaf8ee75fb~lcw~1688702759762~vpv~0~v11.rlc~1688702760171~lcw~1688702760171
.aquasec.com/	1970-01-20 21:50:38	Name: trd_cid Value: 16887027615676468
trackingapi.trendemon.com/	1970-01-20 22:41:02	Name: trd_gavid_1810 Value: 16887027615676468
trackingapi.trendemon.com/	1970-01-20 22:41:02	Name: trd_gvid Value: 16887027615676468
trackingapi.trendemon.com/	1970-01-20 22:41:02	Name: trd_vid_1810 Value: 1810%3A16887027615676468
.aquasec.com/	1970-01-20 21:50:38	Name: trd_vid_l Value: 1810%3A16887027615676468
.aquasec.com/	1970-01-20 21:50:38	Name: trd_vuid_l Value: 7195563468485511127
.aquasec.com/	1970-01-20 21:50:38	Name: trd_first_visit Value: 1688702762
.aquasec.com/	1970-01-20 21:50:38	Name: trd_pw Value: 1
.aquasec.com/	1970-01-20 13:05:04	Name: trd_pws Value: 1
.aquasec.com/	1970-01-20 13:05:04	Name: trd_sid Value: 16887027618261735

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1665891.fs1.hubspotusercontent-na1.net
api-na1.hubapi.com
app.dealtale.com
app.hubspot.com
assets-tracking.crazyegg.com
assets.trendemon.com
b.6sc.co
bat.bing.com
blog.aquasec.com
c.6sc.co
cdn.linkedin.oribi.io
cdn2.hubspot.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
info.aquasec.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.usemessages.com
pagestates-tracking.crazyegg.com
pic.trendemon.com
pixel.dealtale.io
play.hubspotvideo.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.crazyegg.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
tracking.crazyegg.com
trackingapi.trendemon.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
b.6sc.co
108.128.54.216
13.107.42.14
13.32.27.27
15.197.244.31
18.66.122.72
18.66.97.4
2001:4860:4802:32::36
23.213.161.219
2600:9000:20eb:6000:2:53b2:240:93a1
2600:9000:223c:3a00:2:7dc7:8f00:93a1
2606:2c40::c73c:671c
2606:2c40::c73c:67e4
2606:4700::6810:8ace
2606:4700::6810:bb41
2606:4700::6811:190e
2606:4700::6811:65ac
2606:4700::6811:cbcc
2606:4700::6811:d4f3
2606:4700::6812:11e6
2606:4700::6812:19c4
2606:4700::6812:873b
2606:4700::6812:8b65
2606:4700::6812:ccc9
2606:4700::6812:f0f
2606:4700::6813:9308
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9a
2a02:26f0:480:23::1726:62a7
2a02:26f0:780::210:a423
34.194.81.123
65.9.66.31
0058bf8f19f46d2afec3c7baec803c4582f7e8a43c192ffe575b901f3d6c31b2
0173e8c8e574a3df361773ab3102105de34cffdb55dfd5ef332390a3536f2c31
01b582e2b4a69f05ba735a5c219f846e34e3ebcde448fe06c21b2af128e99bc6
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
0ae9b1771bf14db70ab8b7f15a98a88e78307a6b498182268a4de1ff393d88bb
1026205bf65a52d0723b1f1fc01671218f4723b51588937a1932e07d8adc069b
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
18a347b050a3c3797c2cb6fe82a784ac77535df5cd3d55f1c92cb30180673ac6
1a0cd9e51e9d88fdebfc2389a7fb0864a4cb6f1900262caa68f69c4c21c54eb7
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
25ab60d3e2df1a906b71b68c553780dfc7b380d26fc9a5c54509e3eb3900b49f
2ff2736a531cd3c0d4f3176089ce7f7d13aeed128f3e8726460f713dd72626bb
3058b4a22c51c537ecbf17d249306b948fcca6c8299edd8ac3f205039272f27b
32046089ccace81843cbfbf1e80ec224e591a3a6441753dd62e0bcf4cf33c6d6
396f95fe76847ae1beacf9c523d2b852b3fc31ce9beedbde4df6b7f8ba6901ec
3cd42a4c5be184f4acdd7d83ae126f9172bc9f1035cc1c71df7e0235905ec19e
41f2f93ea41635548da681aeb0b3d0a24ee3ed13655aabf55097f8d8efc88439
42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
46807e77e8ce7115df517791b551e7369496e56a6e4b04b2fee62785860d2342
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
4f9a3cacca516b6343c46d79e9c02a0eea2497cd7b0726359b8bb9120375559e
52e281fb46a631df87587fa6388f5df4e576b543d7c7c387bae676434381e462
53b4f3aaefd1aac9711d7917adcf6a62ef1e15a1920ccb79ecac220bacf3a9aa
55050a0a621626855889d844f66dd1d8092af4db07bb871de14b1b33b33a9f4b
551c3bab6074c132e311a10ce2c984ce0f5c6cd8b96c311601d22fa820c2e37f
56c4495857616105157baa89caee2ef427fcb4fab4183d4e4b6b686e97ca4eea
58388e48507350f50a74419ddcc245b7de60d8bb089c6218814bd821d713f4b3
6266f7d27c37e9b77ae166f9337e430531c88df57281f7d03544b906ecbbcd1f
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c57f202d31dbcf016dc8673a3d9443f3df24da8afdb91c97a6deb103e35ea22
6ecabc14a3e222c4e66666a6654d10f0489d4f2457a37c271441f7d55e514c82
7138c5a544f4668dd59e8f9d96aaa87bcfd0066948ea309f2db6460bd3b81041
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
726e2af62f96467acc9dad00da722310bfae54905eda1d06a7d2f10cb3221905
73b8cc55f2871f64c632b3fe73f36a7b8aaf40ee2a138695573bdc976e1942a9
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
848d809243a1f249b7dd0cca8493042b89c32dd569734824bf48978182cec7a1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
98fb26be3713d1abc8b662448d242b4a1dfc73005c96f0f1ce40bbc89ff6d507
9d9ba83164ada1fbe735c1276a1384ae7d75fa42ae2123925fa5d3fbb11341b5
a3f748990963fb10dbeec5a08ed679c1f80f56eb36b19f1ae54e0542b30556af
a827ba0a43cbeb52e1f7c01fac1d8526f1a927ef58d5a0bc4ea4047a8b47f075
a8b7ab654e0ddf471745f979de3199a844cb31fec259c48ad87a4d643abc2c47
aacfcd18b520474131a1f406500be960e1cef536e78a5a3bd4e5d1f9a6a5da61
aad18b84e34e15f9dddf39cc08a040e557bce50512b8689f3f7faae963f1429f
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aeecf81aa8557dfef73bfa143aeead42e1c5083d1a7acd0a780ca1043172c854
af1a469d92bfcb0a43a47a53cafabdf04d540b95294d155def3ff6693c1fc538
af7f66a88467d69b1264d11bb4a988c6e7f7589d47e1b2b22b69fef30344aa70
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4720bf7f848642a7e67d0a0f8c206c00e58c16765c7f9e0246dbeb99fad95c5
b57804b37c910686ee970ad8012e96f99815accf24e4acdea596f33be6957fc2
b854ab0289192ff9253ba6293fe9e80a8ad87af73fc448ce781f7330462ffaba
b8eb8a7898d7f65f3407008af621d906d14d1f0d0ff3f03a70da78cc1e471ea0
c3a58e45ccfffece1df8e470fd853a81321e4f78f6af8d22e78310da1380f7d5
c75856e66054adbda0310e749edbdec273f207923321b97a3f8bf012b4d28b80
c777fc478672e659838faae4c55cf7a8e32c688431ee4d0cd268cf14f645b673
d12cea925a6c33dd5d2ef325c6e18af5267bf68144584575d9150f6baa3f8748
d410739a00beadf726d74c3e29f36429e4a2e05f1396b59774ca4c5d0a1828c6
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
d5861adbfa1002caefc55c62fe938920770f542a084f28e3bf5a0d90e1866e22
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e67f6aacc88c8b3acf98f74772db7dd2f29557146a3fc9aa74602ea7c94b8ec1
e7ee12725456527413f4eb38618cb36834b3e0f843f48e73ca1b7d609054a3ac
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
e921371b370670fc3c7d7b8665b4c67561437800cccbf7725b1bb395da43dc1d
ebcb145e5a7d4e259559d2a1fb85c594a3be6a49401c96f1a63fb94830956e7b
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
eda9e4920e8950a3a87b897eb5745b1f0258ad805a8e2906a4fcffb7976b0504
ee6eb03a528bb02a6a0aaac0adcdcfaeb3275b2596b08df6efd12ceca93df7e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef39ee441c4e7792c5cda9a8bd86ddce96d9b17bda0cc9f7187f1a70ce9b3ed5
f714442d022a570f66904f7b183f43846a0889b60a42ca7bec9244a1ecd7c2aa
f7944796ddd5fcfea5a16d0a01e0179972a31c071aa2fda7ba986323a6790752
f9325df042e7335c0ac4490f313b384fffd12c29e48e54f40e70bbdb148ec600
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffda2ea08844f0216dd9e1b2328b9d99b17d208ac6f2878c5ba9a59ee3adf348

blog.aquasec.com Open in urlscan Pro 2606:2c40::c73c:67e4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

116 Requests

96 %HTTPS

78 %IPv6

30 Domains

45 Subdomains

40 IPs

4 Countries

1973 kBTransfer

5354 kBSize

44 Cookies

42 Outgoing links

Redirected requests

116 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.aquasec.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Screenshot
Live screenshot

Full Image

116
Requests

96 %
HTTPS

78 %
IPv6

30
Domains

45
Subdomains

40
IPs

4
Countries

1973 kB
Transfer

5354 kB
Size

44
Cookies

116 HTTP transactions
0 data transactions