redcanary.com Open in urlscan Pro
104.198.136.223  Public Scan

17 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

• https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 302
• https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID HTTP 302
• https://attr.ml-api.io/?domain=redcanary.com&pId=9020967242744401850

Request Chain 57

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1693267207362%26url%3Dhttps%253A%252F%252Fredcanary.com%252Fthreat-detection-report%252Fthreats%252Fcobalt-strike%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true&e_ipv6=AQKEYO29hGyryAAAAYo-lydnmEZGUfK8V2X4V3gKXgoU4TcVdADNLccgfYJZlZGZmHMI2Y56XygzAoZ9CW2nfe0q6QSjhA

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response redcanary.com/threat-detection-report/threats/cobalt-strike/	332 KB 60 KB	739ms 291ms	Document text/html	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / WP Engine Resource Hash 063a76169ab3dbed251f5d0950a7d4e641103d10a8bd885bfa940479660e1268 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=600, must-revalidate content-encoding br content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Tue, 29 Aug 2023 00:00:06 GMT feature-policy microphone 'none'; geolocation 'none' link <https://redcanary.com/?p=33613>; rel=shortlink referrer-policy strict-origin-when-cross-origin server nginx strict-transport-security "max-age=63072000; includeSubDomains; preload"; vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding x-cache HIT: 1 x-cache-group normal x-cacheable SHORT x-content-type-options nosniff x-frame-options deny x-permitted-cross-domain-policies master-only x-powered-by WP Engine x-wpe-request-id 1793fd5c967513895b7d1b895a0d561f x-xss-protection 1; mode=block
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.1/	88 KB 31 KB	97ms 29ms	Script text/javascript	2a00:1450:4001:80b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Sun, 27 Aug 2023 09:30:23 GMT content-encoding gzip x-content-type-options nosniff age 138583 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31100 x-xss-protection 0 last-modified Thu, 08 Sep 2022 18:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Mon, 26 Aug 2024 09:30:23 GMT
GET H2	200	forms2.min.js Show response resource.redcanary.com/js/forms2/js/	208 KB 70 KB	400ms 231ms	Script application/x-javascript	104.17.72.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://resource.redcanary.com/js/forms2/js/forms2.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Thu, 13 Jul 2023 18:50:22 GMT server cloudflare etag "2ec03d3-34099-60062cdee3780" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7fe08309198f2bf2-FRA expires Tue, 29 Aug 2023 04:00:06 GMT
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	224ms 47ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67D4) / Resource Hash 3562dd5ebaf7d001cd283fe325fc4b574e26b053807efb3331dd8fcb5964f559 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding gzip last-modified Fri, 25 Aug 2023 15:08:16 GMT server ECS (frb/67D4) age 71379 etag "c8a3bef965d7d91:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25480
GET H2	200	9416.js Show response script.crazyegg.com/pages/scripts/0096/	6 KB 2 KB	550ms 456ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0096/9416.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a10f3e40496216b3c4c3bf425834e436565babd4657095f2135efa94e55596c1 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 29 Aug 2023 00:00:07 GMT server cloudflare vary Accept-Encoding content-type text/javascript ce-version 11.5.114 access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7fe0830b7f8b2bbc-FRA content-length 2183
GET H2	200	js Show response www.googletagmanager.com/gtag/	277 KB 91 KB	126ms 49ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 0fc16973c1230704d86f0d2c0e9c14a3d5c620552e57b0df4a9524949a561842 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 93000 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 29 Aug 2023 00:00:06 GMT
GET H2	200	qualified.js Show response js.qualified.com/	333 KB 96 KB	549ms 451ms	Script text/javascript	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a9451706f6aed3d7ec7c44a7d5364eec75b87740cf7ea714a2e29051db3aea7c Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip via 1.1 spaces-router (devel) strict-transport-security max-age=63072000; includeSubDomains cf-cache-status MISS x-content-type-options nosniff x-permitted-cross-domain-policies none x-xss-protection 1; mode=block x-request-id 136b43dd-768f-25f6-8496-5fe90c12d3c6 pragma no-cache x-runtime 0.022779 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"a9451706f6aed3d7ec7c44a7d5364eec" x-download-options noopen vary Accept,Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 7fe0830bae851cbd-FRA expires Tue, 29 Aug 2023 04:00:07 GMT
GET H2	200	highlight.min.js Show response cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/	130 KB 33 KB	113ms 40ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/highlight.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2f545bb226e5bcc1d50af37b345d245dce63bc07aaeba2243e0f1ea87b2dcb9 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 18035284 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 33250 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-20801" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V3Spao%2FiGIP8VQHpTaKY7muhT20hDkRIWhTDXY74aqxnK5Qrtmizbj1w9GmDErdKjM3OG0oc%2BnpieWuhBzbOXhVmiwt4A88F2t0ZBnkiB1PNItRPpaVoL79nXDJCxy2kCjAurARMl3fh4F7NK47HI9kO"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7fe083098fb9372f-FRA expires Sun, 18 Aug 2024 00:00:06 GMT
GET H/1.1	200 OK	teknkl-formsplus-1.0.5.js Show response s3-us-west-2.amazonaws.com/s.cdpn.io/250687/	41 KB 41 KB	798ms 235ms	Script application/x-js	52.218.241.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3-us-west-2.amazonaws.com/s.cdpn.io/250687/teknkl-formsplus-1.0.5.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.218.241.32 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2.amazonaws.com Software AmazonS3 / Resource Hash 731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:08 GMT x-amz-version-id OjXdZ5iYdmgpgEuq0ftytCBc_PO35ThO Last-Modified Thu, 26 Apr 2018 08:20:46 GMT Server AmazonS3 x-amz-request-id RQQPVJBR2GNSBMZG ETag "bab0c2b3523f8244564b675fe34db610" Content-Type application/x-js Cache-Control public Accept-Ranges bytes Content-Length 41617 x-amz-id-2 5aq9Cv5yuiNeEQZ8GWKjywn/So4/BomstxhkYmLzAeKpIQ/PGaYsOci6xqhGUCxt1RldLQXvQrM=
GET H2	200	autoptimize_7b69b65ef8ada1b627de544e100cc1d8.js Show response redcanary.com/wp-content/cache/autoptimize/js/	288 KB 82 KB	171ms 170ms	Script application/javascript	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/js/autoptimize_7b69b65ef8ada1b627de544e100cc1d8.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6e0b02e307a08a6384527ffd3c99e8a3d4f83927b855c2ab6836e951337be886 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 16 Aug 2023 15:12:29 GMT server nginx etag W/"64dce75d-48160" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id 59a41d1f232b4e70565430146c0aede4 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	312ms 63ms	Script application/x-javascript	23.197.137.224 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-197-137-224.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	gtm.js Show response www.googletagmanager.com/	286 KB 95 KB	182ms 106ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d26ccea52a9527a57ffa02b338d921d6611e38f5d94b9851fd9a78335f380a9d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96897 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 29 Aug 2023 00:00:06 GMT
GET H2	200	6si.min.js Show response j.6sc.co/	51 KB 15 KB	295ms 46ms	Script application/javascript	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 24 Aug 2023 22:29:49 GMT server nginx/1.14.0 (Ubuntu) etag "64e7d9dd-cc38" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 14993 expires Tue, 29 Aug 2023 00:00:07 GMT
GET H2	200	css fonts.googleapis.com/	7 KB 1 KB	119ms 43ms	Stylesheet text/css	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,500,700&display=swap Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash dd25827c9ad7ac0cbdb3545ed377f0ff5c9d5c1d14282307cf04ac4776d0a572 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 29 Aug 2023 00:00:06 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 28 Aug 2023 23:26:16 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 29 Aug 2023 00:00:06 GMT
GET H2	200	autoptimize_7c1b044830350562b8347035fb5ab725.css redcanary.com/wp-content/cache/autoptimize/css/	5 MB 253 KB	171ms 170ms	Stylesheet text/css	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 35134ff1cfb9ea2e3a5d5e63856b1efeba6893a5bcbfb93a73b6e4b671239282 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 16 Aug 2023 15:12:30 GMT server nginx etag W/"64dce75e-53c907" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id cc2c42989dc24bd4e533c8d9088bb465 content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	default.min.css cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/	763 B 605 B	41ms 40ms	Stylesheet text/css	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.6.0/styles/default.min.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3cc36c64ef86bed21592653daac82fd7e4c364c32c8344336aa13f7dbf52c90 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 12541439 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 271 last-modified Mon, 08 Feb 2021 15:10:43 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "60215473-2fb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6kIJHuZHf4fDHTB1ad60KAzvL7kGzSYvtcRLPR0ek9vsnbM%2FPY50B988xCLHUUxO2ilmNERe9GWfD8ukUpGlB%2BZhYzvyQkpqJ469%2FFaMYm3LgHcGIN9NPN2X54OS5gIkejYlj3lCuH0d2lqosBhmGfw4"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7fe0830b2907372f-FRA expires Sun, 18 Aug 2024 00:00:06 GMT
GET DATA	200 OK	truncated /	64 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	65 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9edb5c5ef600768db6e8ee027853f2c6f8ab34f615b495faaf114579f8de2e22 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	button-right-arrow-white.svg redcanary.com/wp-content/themes/redcanary/assets/img/	350 B 619 B	442ms 442ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/button-right-arrow-white.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 8edbf02936f4bbda931a228bd84f7b668522af07f3dfc33b5caee429e7febb85 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:05 GMT server nginx etag W/"5c76b1e9-15e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id e6da2f9047e3d5e58e0ca878b0a77eee content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	bullet-square.svg redcanary.com/wp-content/themes/redcanary/assets/img/	443 B 654 B	441ms 441ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/bullet-square.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6217f642930c0d2411329fb00cf9a7e2e138a98f56eece6e82b3a7359f20cb11 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 23 Aug 2021 16:46:07 GMT server nginx etag W/"6123d0cf-1bb" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id c53f2b2c57092356071107add09cb8bf content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	source-sans-pro-v21-latin-regular.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	442ms 441ms	Font font/woff2	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-regular.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:25 GMT server nginx etag "6298f2c1-32ec" vary Accept-Encoding x-wpe-request-id 51c26a02684251ed8d8fbcc30226d038 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 13036
GET H2	200	source-sans-pro-v21-latin-700.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	441ms 440ms	Font font/woff2	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-700.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:24 GMT server nginx etag "6298f2c0-327c" vary Accept-Encoding x-wpe-request-id 7c40aa876479ae4b9012aba10da0ba64 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 12924
GET H2	200	source-sans-pro-v21-latin-300.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	442ms 441ms	Font font/woff2	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-300.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:22 GMT server nginx etag "6298f2be-329c" vary Accept-Encoding x-wpe-request-id 5464126fa023b76ed6c4c1ff4addd89e content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 12956
GET H2	200	source-sans-pro-v21-latin-600.woff2 redcanary.com/wp-content/themes/redcanary/assets/fonts/	13 KB 13 KB	440ms 439ms	Font font/woff2	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://redcanary.com/wp-content/themes/redcanary/assets/fonts/source-sans-pro-v21-latin-600.woff2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Origin https://redcanary.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:06 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 02 Jun 2022 17:26:23 GMT server nginx etag "6298f2bf-32fc" vary Accept-Encoding x-wpe-request-id fccca7804fea324ca68bfb32cb7e912d content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 13052
GET H2	200	7J9BqBimNX8jhMZH6z6ihg Show response open.spotify.com/embed/track/ Frame 1B64	12 KB 5 KB	352ms 150ms	Document text/html	2600:1901:1:c36:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Next.js Resource Hash 92eecbcb607f7ce388780bec8bf619ee5ce049dfb455086468f7c68915b6725e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-type text/html; charset=utf-8 date Tue, 29 Aug 2023 00:00:07 GMT etag "d8nt14pxnb9ru" server envoy sp-trace-id 2782e44406821779 strict-transport-security max-age=31536000 vary Accept-Encoding via HTTP/2 edgeproxy, 1.1 google x-content-type-options nosniff x-powered-by Next.js
GET DATA	200 OK	truncated /	68 B 68 B		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/svg+xml
POST H2	204	collect region1.analytics.google.com/g/	0 252 B	121ms 33ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-T3K4MTNQJN&gtm=45je38n0&_p=1693143832&_gaz=1&cid=1148696504.1693267207&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1693267207&sct=1&seg=0&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&dt=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 252 B	113ms 36ms	Ping text/plain	2a00:1450:400c:c07::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T3K4MTNQJN&cid=1148696504.1693267207&gtm=45je38n0&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-T3K4MTNQJN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT server Golfe2 content-type text/plain access-control-allow-origin https://redcanary.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 408 B	109ms 39ms	Image image/gif	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-T3K4MTNQJN&cid=1148696504.1693267207&gtm=45je38n0&aip=1&z=1566264059 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	125ms 37ms	Script application/javascript	146.75.116.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-fra-eddf8230084-FRA
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	1 KB 702 B	143ms 41ms	Script application/x-javascript	2a02:26f0:3500:16::215:149b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 09175e4bf29bcada94ab400b8c3fc66a032341f16d2ab497c8503c0f729b63a4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 28 Aug 2023 12:14:14 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=44240 accept-ranges bytes content-length 491
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	23 KB 8 KB	98ms 26ms	Script application/javascript	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 15 Jun 2023 20:49:59 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "4a205643a240cb95fa82289d62b5af7e" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 7409
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/759876114/	3 KB 2 KB	108ms 42ms	Script text/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/759876114/?random=1693267207155&cv=11&fst=1693267207155&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&hn=www.googleadservices.com&frm=0&tiba=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&auid=1102557141.1693267207&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b252e1054e703ea227dc94a7604425c679c56b28be3dbae9922b84b8ce8dfca6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1338 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bat.js Show response bat.bing.com/	42 KB 13 KB	142ms 48ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Tue, 29 Aug 2023 00:00:06 GMT last-modified Fri, 28 Jul 2023 18:19:39 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 361ADA8E28B74C40A65B201E01BF266A Ref B: FRA31EDGE0707 Ref C: 2023-08-29T00:00:07Z etag "806f3b1280c1d91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 12469
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	193 KB 52 KB	101ms 34ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 29 Aug 2023 00:00:07 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 52127 x-xss-protection 0 pragma public x-fb-debug /Zyl/O8aRrLS1nw5qrK2VluGpu1DEE9b7vKPjoMYM2XkYG/UMqj23+cVPiPmvkvg7/20Wqz9BKP3rft8hlQoZg== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ attr.ml-api.io/ Redirect Chain https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dredcanary.com%26pId%3d%24UID https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dredcanary.com%2526pId%253d%2524UID https://attr.ml-api.io/?domain=redcanary.com&pId=9020967242744401850	0 234 B	460ms 380ms	Image application/json	2600:9000:2251:ac00:12:3734:2a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://attr.ml-api.io/?domain=redcanary.com&pId=9020967242744401850 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Server 2600:9000:2251:ac00:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT via 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P3 x-cache Miss from cloudfront content-type application/json x-amz-cf-id Lb00go_9jKRMdocRuAKb2isIMNkuOIrTaKkaOy0nuy2MkPj4L-JqRw== content-length 0 apigw-requestid KZU5WgqVIAMEJUA= Redirect headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT an-x-request-uuid 23a46d12-1b3c-4e12-8bbf-11bafb09d4e0 server nginx/1.21.3 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://attr.ml-api.io/?domain=redcanary.com&pId=9020967242744401850 x-proxy-origin 217.114.215.132; 217.114.215.132; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	37ms 37ms	Script application/x-javascript	23.197.137.224 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-197-137-224.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Thu, 07 Dec 2023 00:00:07 GMT
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	236ms 149ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1693267207258&id=t2_5kac730w&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=9353f254-4db3-4532-8226-5f7511861e02&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	8cd00e627952ec8a.css embed-cdn.spotifycdn.com/_next/static/css/ Frame 1B64	26 KB 4 KB	139ms 27ms	Stylesheet text/css	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/css/8cd00e627952ec8a.css Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8ec32112354b4493286cb34daa05fa0a49791553bfedb374d7a67c7ad9cb2c9f Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 4194069 x-amz-meta-goog-reserved-file-mtime 1689072066 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 4039 x-served-by cache-chi-kigq8000089-CHI, cache-fra-etou8220105-FRA last-modified Tue, 11 Jul 2023 10:56:36 GMT etag "f3d572702831405545a59c2b3c1f6f80" x-goog-generation 1689072996772325 content-type text/css access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 26326 accept-ranges bytes x-cache-hits 6, 145068
GET H2	200	8d92428b4f2761e7.css embed-cdn.spotifycdn.com/_next/static/css/ Frame 1B64	73 KB 9 KB	138ms 26ms	Stylesheet text/css	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/css/8d92428b4f2761e7.css Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 86c4030d4c43bcb433e1553d810e2c1f98ee6b534a4482dad74230df3584aea1 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 3937558 x-amz-meta-goog-reserved-file-mtime 1689328557 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 9297 x-served-by cache-chi-kigq8000149-CHI, cache-fra-etou8220105-FRA last-modified Fri, 14 Jul 2023 10:11:52 GMT etag "1ca1cd6cbea24c1ce77406a063cb89fc" x-goog-generation 1689329512001760 content-type text/css access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 75206 accept-ranges bytes x-cache-hits 36, 147613
GET H2	200	webpack-c490356afd98094e.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	4 KB 2 KB	194ms 87ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 5bf60e81727b84808895df8732f46a8f4b056ecec944f967987107807c96a016 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 1248498 x-amz-meta-goog-reserved-file-mtime 1692017667 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 2171 x-served-by cache-chi-kigq8000103-CHI, cache-fra-etou8220105-FRA last-modified Mon, 14 Aug 2023 13:09:37 GMT etag "a654f7c1d8539eaf74f863c3ab51340d" x-goog-generation 1692018576977242 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 4588 x-amz-checksum-crc32c dofO3w== accept-ranges bytes x-cache-hits 92, 120877
GET H2	200	framework-33d379e787c03ddb.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	127 KB 41 KB	136ms 29ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/framework-33d379e787c03ddb.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash b40d37fbb13b1b903fd3c063523b41c47c57e61ab99cad3bd35881672ea3e3d6 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 8445349 x-amz-meta-goog-reserved-file-mtime 1684765243 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 42161 x-served-by cache-chi-kigq8000070-CHI, cache-fra-etou8220105-FRA last-modified Mon, 22 May 2023 14:27:39 GMT etag "124a9f12f15f3120a5ef711a66ba2662" x-goog-generation 1684765659849262 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 129927 accept-ranges bytes x-cache-hits 739, 155178
GET H2	200	main-0117c27f823659ce.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	111 KB 33 KB	135ms 28ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/main-0117c27f823659ce.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 99e97366cd580fb716ea693b2696808c006d45c6366004db4286156077f20c4f Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 6945564 x-amz-meta-goog-reserved-file-mtime 1686222071 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 33612 x-served-by cache-chi-kigq8000158-CHI, cache-fra-etou8220105-FRA last-modified Thu, 08 Jun 2023 11:07:26 GMT etag "81865ede7cdb1740008282943c7855ac" x-goog-generation 1686222445991402 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 113515 accept-ranges bytes x-cache-hits 617, 154074
GET H2	200	_app-32f605a2ab8a4fe6.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/pages/ Frame 1B64	507 KB 138 KB	142ms 35ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash fe8686e49aa295d0b094f4e075d577306234e735aab36732874d982feec13042 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 37597 x-amz-meta-goog-reserved-file-mtime 1693228958 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 140747 x-served-by cache-chi-kigq8000095-CHI, cache-fra-etou8220105-FRA last-modified Mon, 28 Aug 2023 13:32:39 GMT etag "3efcb4b1f4fff9b5eff77c744394a14a" x-goog-generation 1693229559305724 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 518987 x-amz-checksum-crc32c Lkdfqg== accept-ranges bytes x-cache-hits 15, 7265
GET H2	200	fec483df-b230338ad030162e.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	320 KB 99 KB	72ms 62ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/fec483df-b230338ad030162e.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 53f545d884abf02ce99f4e0369ffec8be28f1f3f22eb99bf0fab9f4522ea5142 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 6538739 x-amz-meta-goog-reserved-file-mtime 1686661750 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 100913 x-served-by cache-chi-klot8100047-CHI, cache-fra-etou8220105-FRA last-modified Tue, 13 Jun 2023 13:18:59 GMT etag "9c4d5b20d500a4646af02cb2e28e11da" x-goog-generation 1686662339475826 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 327829 accept-ranges bytes x-cache-hits 462, 158212
GET H2	200	415-d009a9159d740903.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	25 KB 6 KB	71ms 62ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/415-d009a9159d740903.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 2fb0db460ef1851e44c7e94a3f1944e299e306def449ed72c30adfb89b25b029 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301429 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 5881 x-served-by cache-chi-kigq8000020-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "f45ad0e97a8e71419371027175275215" x-goog-generation 1690965617730993 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 25338 x-amz-checksum-crc32c I6sMew== accept-ranges bytes x-cache-hits 7, 144018
GET H2	200	95-555c6bbbb64902b7.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	268 KB 73 KB	72ms 63ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/95-555c6bbbb64902b7.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 85a4e82a1b54208279c63d71a29fdce62282146e63c18e16d141a3c1592c5a0b Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301430 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 74448 x-served-by cache-chi-klot8100176-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "d07f58c3c79053c02ccf85bbcb2499a0" x-goog-generation 1690965617692867 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 273995 x-amz-checksum-crc32c +Y+1vw== accept-ranges bytes x-cache-hits 7, 157078
GET H2	200	626-f7a1098ef25463d4.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	131 KB 34 KB	72ms 63ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/626-f7a1098ef25463d4.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 64e4c34fc946f1704aa0b760223e3596585f902e4945c66e47ed8dee3459b3fd Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 37597 x-amz-meta-goog-reserved-file-mtime 1693228958 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 34215 x-served-by cache-chi-kigq8000164-CHI, cache-fra-etou8220105-FRA last-modified Mon, 28 Aug 2023 13:32:38 GMT etag "c9ad765a86ea8552872cd6cfcfc8ad58" x-goog-generation 1693229558443255 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 134170 x-amz-checksum-crc32c /TBDPQ== accept-ranges bytes x-cache-hits 15, 7177
GET H2	200	%5Bid%5D-e87a7f3c73cc2bd8.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/pages/track/ Frame 1B64	1 KB 944 B	89ms 80ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/track/%5Bid%5D-e87a7f3c73cc2bd8.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 544c006d52649842541705978e01f5e533404d53a6763da9b15c9f7ecadac4af Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 1251182 x-amz-meta-goog-reserved-file-mtime 1692015309 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 744 x-served-by cache-chi-kigq8000070-CHI, cache-fra-etou8220105-FRA last-modified Mon, 14 Aug 2023 12:24:21 GMT etag "6aafc54762cc4a52e10c50184f1cccbb" x-goog-generation 1692015861675684 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 1445 x-amz-checksum-crc32c zQBltQ== accept-ranges bytes x-cache-hits 38, 29432
GET H2	200	_buildManifest.js Show response embed-cdn.spotifycdn.com/_next/static/8f2d1de6-685c-44c7-af96-345cf0120909/ Frame 1B64	2 KB 1 KB	89ms 80ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/8f2d1de6-685c-44c7-af96-345cf0120909/_buildManifest.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6271d615a52f7cecda88ccae989acc43158861f4ee040b42a57c4aa73ea12dc0 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 37598 x-amz-meta-goog-reserved-file-mtime 1693228958 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 785 x-served-by cache-chi-klot8100151-CHI, cache-fra-etou8220105-FRA last-modified Mon, 28 Aug 2023 13:32:38 GMT etag "1fa6c8b49228ae48a5f3c4fd59d44d66" x-goog-generation 1693229558152165 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 2074 x-amz-checksum-crc32c D1eszQ== accept-ranges bytes x-cache-hits 15, 7176
GET H2	200	_ssgManifest.js Show response embed-cdn.spotifycdn.com/_next/static/8f2d1de6-685c-44c7-af96-345cf0120909/ Frame 1B64	77 B 209 B	80ms 71ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/8f2d1de6-685c-44c7-af96-345cf0120909/_ssgManifest.js Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 37598 x-amz-meta-goog-reserved-file-mtime 1693228958 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 61 x-served-by cache-chi-klot8100164-CHI, cache-fra-etou8220105-FRA last-modified Mon, 28 Aug 2023 13:32:38 GMT etag "b6652df95db52feb4daf4eca35380933" x-goog-generation 1693229558186642 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 77 x-amz-checksum-crc32c Ypo4GQ== accept-ranges bytes x-cache-hits 15, 7156
GET H2	200	adsct t.co/i/	43 B 377 B	321ms 212ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=bf805dde-1ab4-463a-a659-84f1e379f479&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9dcf5317-c246-4837-bf05-366fbb400056&tw_document_href=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.29 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers x-response-time 176 date Tue, 29 Aug 2023 00:00:07 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 196ebdbf2601f4db cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 797c112600d5fa9cde572fd9eb8a479baa421ed01eb1f2ccc894ef1f319d996b content-length 43
GET		adsct analytics.twitter.com/i/	0 0
POST H/1.1	200 OK	visitWebPage 003-yru-314.mktoresp.com/webevents/	2 B 318 B	1161ms 188ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://003-yru-314.mktoresp.com/webevents/visitWebPage?_mchNc=1693267207304&_mchCn=&_mchId=003-YRU-314&_mchTk=_mch-redcanary.com-1693267207303-83388&_mchHo=redcanary.com&_mchPo=&_mchRu=%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:08 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id b72e3a5f-2d0a-4f10-8bf3-06710f88b16c
GET H2	200	/ www.google.com/pagead/1p-user-list/759876114/	42 B 455 B	111ms 40ms	Image image/gif	2a00:1450:4001:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/759876114/?random=1693267207155&cv=11&fst=1693267200000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&frm=0&tiba=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&fmt=3&is_vtc=1&random=3495866723&rmt_tld=0&ipr=y Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/759876114/	42 B 154 B	43ms 41ms	Image image/gif	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/759876114/?random=1693267207155&cv=11&fst=1693267200000&bg=ffffff&guid=ON&async=1&gtm=45He38n0&u_w=1600&u_h=1200&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&frm=0&tiba=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&fmt=3&is_vtc=1&random=3495866723&rmt_tld=1&ipr=y Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	40ms 40ms	Script application/x-javascript	2a02:26f0:3500:16::215:149b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 28 Aug 2023 12:14:15 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=44154 accept-ranges bytes content-length 4862
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/1540753/domain/redcanary.com/	36 B 375 B	126ms 29ms	XHR application/json	2600:9000:20eb:bc00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/1540753/domain/redcanary.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:bc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://redcanary.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Mon, 28 Aug 2023 23:53:16 GMT content-encoding gzip via 1.1 e0efba8a72628bfc3dc6d4d637b28302.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 411 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id myp8OOKhzSs-nZKZlfPrXO-QOl4uURUZKp4M6R0mRY7lK6ZnvzY59g==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1540753%26time%3D1693267207362%26url%3Dhttps%253A%252F%252Fredcanary.com%252Fthre... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true&e_...	0 267 B	241ms 136ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true&e_ipv6=AQKEYO29hGyryAAAAYo-lydnmEZGUfK8V2X4V3gKXgoU4TcVdADNLccgfYJZlZGZmHMI2Y56XygzAoZ9CW2nfe0q6QSjhA Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: C15CA9B8BA434462919EF4AF772BC8A6 Ref B: DUS30EDGE0422 Ref C: 2023-08-29T00:00:08Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAYEBH53JfhajG+WymMGjw== Redirect headers date Tue, 29 Aug 2023 00:00:07 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: EFDF31137EF440B280AB34FB4DFA31BA Ref B: FRAEDGE1210 Ref C: 2023-08-29T00:00:07Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1540753&time=1693267207362&url=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&cookiesTest=true&liSync=true&e_ipv6=AQKEYO29hGyryAAAAYo-lydnmEZGUfK8V2X4V3gKXgoU4TcVdADNLccgfYJZlZGZmHMI2Y56XygzAoZ9CW2nfe0q6QSjhA x-li-proto http/2 content-length 0 x-li-uuid AAYEBH5x04WSj6o0/yQBjw==
GET H2	204	56383426.js Show response bat.bing.com/p/action/	0 118 B	50ms 50ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/56383426.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Tue, 29 Aug 2023 00:00:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: FEA3D06EC720480BA2C9E5CFEBFF25D3 Ref B: FRA31EDGE0707 Ref C: 2023-08-29T00:00:07Z x-cache CONFIG_NOCACHE
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/site/	5 KB 2 KB	99ms 36ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/site/redcanary.com.json?t=1 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 12b862e5b4d12c8d9510a2fa90ea5ccf8fdcdb97fbef92183d553c2e5a94f9e0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip cf-cache-status HIT age 7776 ce-version 11.5.114 content-length 1538 last-modified Mon, 28 Aug 2023 21:50:31 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7fe0830eae5e30c6-FRA
GET H2	200	1042590016249604 Show response connect.facebook.net/signals/config/	137 KB 35 KB	96ms 86ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1042590016249604?v=2.9.125&r=stable&domain=redcanary.com Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 5d07fef4322254c5ef1217d36478f2493d1dcdea7254b5f35adf231c55588cb4 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 29 Aug 2023 00:00:07 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug K+pdvDE3Pzj6jyd+Xxyp3bbWJ54dCHgV1e/QmZEhKwmOkxLtirG8E2nJEnyG02quQvkQTRjhmxvQe5Nb0qbAiQ== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type application/x-javascript; charset=utf-8 origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	ab67616d00001e022b7884e6aee93b07b5d76f07 i.scdn.co/image/ Frame 1B64	29 KB 29 KB	103ms 27ms	Image image/jpeg	2a04:4e42:8d::760 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.scdn.co/image/ab67616d00001e022b7884e6aee93b07b5d76f07 Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/css/8d92428b4f2761e7.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:8d::760 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8662c43b2d863762e092d9893b94400ee867f62e795fe53b0e571e5e2090aff7 Request headers accept-language de-DE,de;q=0.9 Referer https://embed-cdn.spotifycdn.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Age 1139294 X-Cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity Connection keep-alive Content-Length 29334 X-Served-By cache-chi-klot8100122-CHI, cache-fra-eddf8230055-FRA Last-Modified Tue, 03 Sep 2019 14:26:01 GMT ETag "7f5fc6a41c15a436c15a61f862b6bad6" x-goog-generation 1567520761013843 Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=315360000 x-goog-stored-content-length 29334 x-amz-checksum-crc32c XMgz/g== Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 19873, 1
GET H/1.1	200 OK	CircularSpTitle-Bold-2fbf72b606d7f0b0f771ea4956a8b4d6.woff2 encore.scdn.co/fonts/ Frame 1B64	85 KB 86 KB	102ms 26ms	Font font/woff2	2a04:4e42:8d::760 FASTLY
General Check archive.org Show headers Download Go to Full URL https://encore.scdn.co/fonts/CircularSpTitle-Bold-2fbf72b606d7f0b0f771ea4956a8b4d6.woff2 Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/css/8cd00e627952ec8a.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:8d::760 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 1d752805498ebd36b9c69ad1d3da93b1561ea6b33f58ec89a66a4228a357dfe2 Request headers Referer https://embed-cdn.spotifycdn.com/ Origin https://open.spotify.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Content-Encoding gzip Age 6655821 X-Cache HIT, HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding gzip Connection keep-alive Content-Length 87344 X-Served-By cache-ord1746-ORD, cache-chi-klot8100110-CHI, cache-fra-eddf8230081-FRA Last-Modified Thu, 19 May 2022 07:59:23 GMT ETag "db1a27b35e26398fef4be920ea96078d" x-goog-generation 1652947162999500 Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000 x-goog-stored-content-length 87344 Accept-Ranges bytes X-Cache-Hits 1, 20238, 334244
GET H/1.1	200 OK	CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2 encore.scdn.co/fonts/ Frame 1B64	82 KB 83 KB	103ms 28ms	Font font/woff2	2a04:4e42:8d::760 FASTLY
General Check archive.org Show headers Download Go to Full URL https://encore.scdn.co/fonts/CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2 Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/css/8cd00e627952ec8a.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:8d::760 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 9b7413f945c8b8bb3f75eb10513c7ad79d386e98494d541e5f1fa9301ffbddd6 Request headers Referer https://embed-cdn.spotifycdn.com/ Origin https://open.spotify.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Content-Encoding gzip Age 26933812 X-Cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding gzip Connection keep-alive Content-Length 84027 X-Served-By cache-chi-klot8100118-CHI, cache-fra-eddf8230124-FRA Last-Modified Fri, 13 May 2022 11:38:51 GMT ETag "f7b12903dd7a2d536ceb2b7cd1dba2c1" x-goog-generation 1652441931211351 Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000 x-goog-stored-content-length 84027 Accept-Ranges bytes X-Cache-Hits 130506, 650925
POST H2	200	monitoring Show response open.spotify.com/embed/ Frame 1B64	2 B 413 B	82ms 81ms	Fetch application/json	2600:1901:1:c36:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://open.spotify.com/embed/monitoring?o=22381&p=4505164808585216 Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://open.spotify.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers sp-trace-id 29f51ede5b81cb27 date Tue, 29 Aug 2023 00:00:07 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff via 1.1 google, HTTP/2 edgeproxy, 1.1 google server envoy vary origin,access-control-request-method,access-control-request-headers, Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2
GET H2	200	20f135073e512a83797c811a9a29ccfc.js Show response script.crazyegg.com/pages/versioned/common-scripts/	89 KB 30 KB	37ms 36ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/common-scripts/20f135073e512a83797c811a9a29ccfc.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 12daf10786aabad5454a10026cbf740245c9dcaa18860320c4f1f784e9fc2656 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 16 Aug 2023 02:14:01 GMT server cloudflare age 37552 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 7fe0830f6a382bbc-FRA content-length 30842
GET H/1.1	200 OK	CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2 encore.scdn.co/fonts/ Frame 1B64	87 KB 88 KB	58ms 57ms	Font font/woff2	2a04:4e42:8d::760 FASTLY
General Check archive.org Show headers Download Go to Full URL https://encore.scdn.co/fonts/CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2 Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/css/8cd00e627952ec8a.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:8d::760 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 039130d456855a745451bff40707bee5512bc4466373224b2258f67cc6c6d879 Request headers Referer https://embed-cdn.spotifycdn.com/ Origin https://open.spotify.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:07 GMT Content-Encoding gzip Age 26933813 X-Cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding gzip Connection keep-alive Content-Length 89529 X-Served-By cache-chi-klot8100084-CHI, cache-fra-eddf8230124-FRA Last-Modified Fri, 13 May 2022 11:38:50 GMT ETag "216b12b5a9657850b1b324e158454f8e" x-goog-generation 1652441930609707 Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control public, max-age=31536000 x-goog-stored-content-length 89529 Accept-Ranges bytes X-Cache-Hits 81751, 514176
GET H2	200	/ Show response apresolve.spotify.com/ Frame 1B64	273 B 270 B	120ms 38ms	XHR application/json	2600:1901:0:524d:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apresolve.spotify.com/?type=dealer&type=spclient Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash cca95ef2a816865f55df96aedf861e29dd6dbe5c7c968a53de535de77089c6ee Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip via 1.1 google content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, max-age=0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110
GET BLOB	200 OK	826c8a1f-9b91-422f-846a-34d1e3c66fc1 https://open.spotify.com/ Frame 1B64	46 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://open.spotify.com/826c8a1f-9b91-422f-846a-34d1e3c66fc1 Requested by Host: open.spotify.com URL: https://open.spotify.com/embed/track/7J9BqBimNX8jhMZH6z6ihg?si=dd08cd0389d44582&utm_source=oembed Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 3436a3567df14bd76a0e5b2ab1edba77ff61c49fb811b64de0dd23899103ecdc Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Length 46922 Content-Type
GET H2	200	/ www.facebook.com/tr/	0 185 B	117ms 27ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1042590016249604&ev=PageView&dl=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&rl=&if=false&ts=1693267207733&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1693267207732.1808733568&it=1693267207409&coo=false&rqm=GET Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Tue, 29 Aug 2023 00:00:07 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	662.dc13e1cf69424def.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	56 KB 12 KB	30ms 30ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/662.dc13e1cf69424def.js Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash fd7385bd0bc7f291c2370cc63389d132bcac95e8449f516bbd8c0e40c10cdabe Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301429 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 12292 x-served-by cache-chi-kigq8000034-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "f63aef00c0a6fb21f8372a038ee41c3a" x-goog-generation 1690965617313097 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 57497 x-amz-checksum-crc32c yfdB0g== accept-ranges bytes x-cache-hits 8, 145421
GET H2	200	90.e174c663531d2840.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	5 KB 2 KB	30ms 29ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/90.e174c663531d2840.js Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 1004dc1b12f999eafe5336d4c92c18af95daf65af8b2bd641d29e697efb56364 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301429 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 1750 x-served-by cache-chi-klot8100099-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "9a75e6801ccd6da13a45572ceefe7d6b" x-goog-generation 1690965617342176 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 5117 x-amz-checksum-crc32c 467rEw== accept-ranges bytes x-cache-hits 8, 138958
GET H2	200	/ Show response apresolve.spotify.com/ Frame 1B64	273 B 170 B	79ms 70ms	Fetch application/json	2600:1901:0:524d:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apresolve.spotify.com/?type=dealer&type=spclient Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash 0cd33b767a835bb2a59064a568c7580b4eb28093f995ee1d18f1520e32f27c29 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip via 1.1 google content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, max-age=0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 110
GET H2	200	redcanary.com.json Show response script.crazyegg.com/pages/data-scripts/0096/9416/sampling/	158 B 210 B	37ms 36ms	XHR application/json	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/data-scripts/0096/9416/sampling/redcanary.com.json?t=470352 Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/20f135073e512a83797c811a9a29ccfc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f487526668e0a5e215e7ec328fedb0f8f54970c63715adc09589cf7d04e01265 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip cf-cache-status HIT age 7776 ce-version 11.5.114 content-length 145 last-modified Mon, 28 Aug 2023 21:50:31 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-expose-headers CE-Version cache-control public, max-age=300, s-maxage=1209600 accept-ranges bytes timing-allow-origin * cf-ray 7fe08310f81030c6-FRA
GET H2	200	ipv cdn.bizible.com/m/	43 B 327 B	37ms 36ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=afe9fa4eee184183cd2ff1d1d32e3269&_biz_s=20c900&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&_biz_t=1693267206869&_biz_i=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&_biz_n=0&a=redcanary.com&rnd=264983&cdn_o=a&_biz_z=1693267207815 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6760) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT last-modified Wed, 23 Aug 2023 04:10:18 GMT server ECS (frb/6760) age 503389 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 203 B	42ms 35ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=afe9fa4eee184183cd2ff1d1d32e3269&_biz_s=20c900&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&_biz_t=1693267207819&_biz_i=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&a=redcanary.com&rnd=467328&cdn_o=a&_biz_z=1693267207819 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67E0) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:07 GMT last-modified Wed, 23 Aug 2023 04:10:19 GMT server ECS (frb/67E0) age 503388 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	f3744a5e-342b-429c-9d2c-2c1b7b45310a.js Show response j.6sc.co/j/	4 KB 2 KB	431ms 431ms	Script application/javascript	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/f3744a5e-342b-429c-9d2c-2c1b7b45310a.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWC8JW Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 040c6c4b281ea6760e1db7e9f2063e2409f8a2434d95851d85cc535f0ff1f9b5 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers x-amz-version-id a5rebSMZ.Kk9yiZR85vsDTngv6hjCogp content-encoding gzip date Tue, 29 Aug 2023 00:00:08 GMT x-amz-cf-pop TPA52-P2 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 1176 pragma no-cache last-modified Mon, 22 May 2023 19:07:21 GMT server AmazonS3 etag "9fdd9f5f306ab8eec57207f0e3c1a4e7" vary Accept-Encoding content-type application/javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes x-amz-cf-id cWunvl1Zn3A08elSvDJCakr1Jnr2oFhl6rW8JDVElLRAlauNKyJm8A== expires Tue, 29 Aug 2023 00:00:08 GMT
GET H2	204	0 bat.bing.com/action/	0 287 B	53ms 53ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=56383426&tm=gtm002&Ver=2&mid=cd7ad4e2-bc60-4bf0-8da7-f453d7bddd61&sid=03e24c7045ff11ee939bd18df19bb357&vid=03e2896045ff11ee980533e40427d5fe&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&p=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&r=&lt=2217&evt=pageLoad&sv=1&rn=148528 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Tue, 29 Aug 2023 00:00:07 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: DC97E198AAEA41BB9E4A25DEF5FB32FE Ref B: FRA31EDGE0707 Ref C: 2023-08-29T00:00:07Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	239.07bc4bf7922798bd.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	112 KB 32 KB	28ms 27ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/239.07bc4bf7922798bd.js Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 62c59060782cf4822b2598e623b331039dc6e4a1f8ded9c07032eb91f60adc20 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301427 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 32825 x-served-by cache-chi-klot8100053-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "754ab6b3cee4b386497a168a8900298e" x-goog-generation 1690965617240921 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 114759 x-amz-checksum-crc32c Xrafeg== accept-ranges bytes x-cache-hits 8, 149602
GET H2	200	70.0c0cdff9477a566b.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	241 KB 53 KB	29ms 28ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/70.0c0cdff9477a566b.js Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6ea27beb5e90d0b65a769f26f1864df79c97c997cc279952734892eeafd5ab05 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301428 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 54273 x-served-by cache-chi-kigq8000064-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "d01bb82fc57aa696eb7a37f25227533f" x-goog-generation 1690965617620460 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 246299 x-amz-checksum-crc32c 60anbQ== accept-ranges bytes x-cache-hits 8, 151898
GET H2	200	spotify_player_o.42e735f526de3a43.js Show response embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 1B64	25 KB 7 KB	31ms 31ms	Script application/javascript	2a04:4e42:8e::762 FASTLY
General Check archive.org Show headers Download Go to Full URL https://embed-cdn.spotifycdn.com/_next/static/chunks/spotify_player_o.42e735f526de3a43.js Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-c490356afd98094e.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ccccfce93233bff70d19b919d1cb552aed5bc6caac3fc76d01ab6f4c757901d9 Request headers accept-language de-DE,de;q=0.9 Referer https://open.spotify.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip age 2301429 x-amz-meta-goog-reserved-file-mtime 1690964677 x-cache HIT, HIT x-goog-metageneration 1 x-goog-stored-content-encoding identity content-length 7328 x-served-by cache-chi-klot8100155-CHI, cache-fra-etou8220105-FRA last-modified Wed, 02 Aug 2023 08:40:17 GMT etag "615db0ae9631539d4b3438ee8a5a68da" x-goog-generation 1690965617266128 content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 x-goog-stored-content-length 25627 x-amz-checksum-crc32c CIvg6w== accept-ranges bytes x-cache-hits 8, 141588
GET BLOB	200 OK	c1b81a32-7ba1-4fed-8471-2be294cfc8df https://redcanary.com/	45 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://redcanary.com/c1b81a32-7ba1-4fed-8471-2be294cfc8df Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Length 45 Content-Type text/javascript
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 323 B	130ms 129ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=afe9fa4eee184183cd2ff1d1d32e3269&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.08.24&a=redcanary.com Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6711) / Resource Hash ed46648940ac0fe17ee3761b8056bf10e7f3bf758d51c2fa7aa95c295060cb1f Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:07 GMT content-encoding gzip server ECS (frb/6711) etag 4E9C01B4 vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 217
GET H2	200	spotify-logo-black-8-01.svg redcanary.com/wp-content/uploads/2021/03/	898 B 857 B	163ms 163ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2021/03/spotify-logo-black-8-01.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 24a9979fff20ad59cba9b4a38af6fba8903c482fa2c390e2f0e82c97a649da98 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 29 Mar 2021 15:22:29 GMT server nginx etag W/"6061f0b5-382" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id d01897352eeeb18b1443423ed089e179 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
OPTIONS H2	200	events gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame	0 0	118ms 35ms	Preflight	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://open.spotify.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context access-control-allow-methods DELETE,GET,PATCH,POST,PUT,OPTIONS access-control-allow-origin https://open.spotify.com access-control-max-age 604800 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Tue, 29 Aug 2023 00:00:07 GMT server envoy vary Accept-Encoding via HTTP/2 edgeproxy, 1.1 google
OPTIONS H2	200	events gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame	0 0	118ms 36ms	Preflight	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://open.spotify.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context access-control-allow-methods DELETE,GET,PATCH,POST,PUT,OPTIONS access-control-allow-origin https://open.spotify.com access-control-max-age 604800 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Tue, 29 Aug 2023 00:00:07 GMT server envoy vary Accept-Encoding via HTTP/2 edgeproxy, 1.1 google
POST H2	200	events Show response gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 1B64	13 B 172 B	80ms 78ms	Fetch application/json	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://open.spotify.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 content-type application/json Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff date Tue, 29 Aug 2023 00:00:07 GMT via HTTP/2 edgeproxy, 1.1 google server envoy content-type application/json access-control-allow-origin https://open.spotify.com cache-control private, max-age=0 access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39
POST H2	200	events Show response gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 1B64	13 B 103 B	152ms 151ms	Fetch application/json	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://open.spotify.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 content-type application/json Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff date Tue, 29 Aug 2023 00:00:07 GMT via HTTP/2 edgeproxy, 1.1 google server envoy content-type application/json access-control-allow-origin https://open.spotify.com cache-control private, max-age=0 access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39
GET H2	200	TDR-Logo-Lockup-02.png redcanary.com/wp-content/uploads/2023/03/	7 KB 8 KB	183ms 183ms	Image image/png	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2023/03/TDR-Logo-Lockup-02.png Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 756b9a05dda5b1afa4e8c3aaa061eccf77460cbd84f4b31f511b675fc9dbacd3 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 21 Mar 2023 02:03:06 GMT server nginx etag "6419105a-1d03" vary Accept-Encoding x-wpe-request-id 989c34eb53b0bd0690bb5049c44c7f99 content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 7427
GET H2	200	clock Show response tracking.crazyegg.com/ Frame 9A2A	31 B 138 B	367ms 127ms	XHR text/plain	52.18.119.10 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.crazyegg.com/clock?t=1693267208012&tk=40ea43635c9a9388c5f9f97df894a565&s=360154&p=%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&u=969416&v=c4b9f565bce179245db6ea60176cac8824a4e0bd&f=redcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike&ul=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/versioned/common-scripts/20f135073e512a83797c811a9a29ccfc.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.18.119.10 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-18-119-10.eu-west-1.compute.amazonaws.com Software awselb/2.0 / Resource Hash 23e5e358a98df80c2b82c0159d7257af77d4111bd6c0e3aa97ca9370bb584059 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers access-control-allow-origin * date Tue, 29 Aug 2023 00:00:08 GMT cache-control no-store server awselb/2.0 content-length 31 content-type text/plain
GET H2	200	u cdn.bizible.com/m/	43 B 144 B	37ms 37ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A003-YRU-314%26token%3A_mch-redcanary.com-1693267207303-83388&_biz_u=afe9fa4eee184183cd2ff1d1d32e3269&_biz_s=20c900&_biz_l=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&_biz_t=1693267207819&_biz_i=Cobalt%20Strike%20-%20Red%20Canary%20Threat%20Detection%20Report&_biz_n=1&a=redcanary.com&rnd=118224&cdn_o=a&_biz_z=1693267208198 Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6776) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:08 GMT last-modified Wed, 23 Aug 2023 04:10:22 GMT server ECS (frb/6776) age 503386 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	tdr-sidenav-grain.png redcanary.com/wp-content/themes/redcanary/assets/img/	84 KB 84 KB	157ms 157ms	Image image/png	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-sidenav-grain.png Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 747e9ca7a5f5157e1555dca2f78d780db6a1bef9dc270dcd7a73f571f1391d2b Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:32 GMT server nginx etag "64187eac-14f3f" vary Accept-Encoding x-wpe-request-id 3814b22175dbbbde9bd6736c35a99e3a content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 85823
GET H2	200	tdr-search-icon.svg redcanary.com/wp-content/themes/redcanary/assets/img/	773 B 764 B	294ms 293ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-search-icon.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7bb26544c7c0d00e118860dc125c1bc943201bca5cf780804370732b39210d38 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:32 GMT server nginx etag W/"64187eac-305" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id 6be526ef8c2d4bba3b857341ed17bd69 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	tdr-hero-canaries.png redcanary.com/wp-content/themes/redcanary/assets/img/	10 KB 10 KB	297ms 296ms	Image image/png	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-hero-canaries.png Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 7481436346ad777435fe494e87a3d7fa9dc1251ab9a024d5305a90fcc0b44f8c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:31 GMT server nginx etag "64187eab-27ad" vary Accept-Encoding x-wpe-request-id 1a0111fd8d400cbdc615105dde2c5372 content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 10157
GET H2	200	topic-hero.jpg redcanary.com/wp-content/themes/redcanary/assets/img/	244 KB 245 KB	298ms 297ms	Image image/jpeg	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/topic-hero.jpg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 36975a27509bf92a53016181456a48ff34220ab524329a013bd2fa486ab19048 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 27 Feb 2019 15:51:15 GMT server nginx etag "5c76b1f3-3d141" vary Accept-Encoding x-wpe-request-id 3b73c989d56ee0a080372264e09e5812 content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 250177
GET H2	200	graphic-soundwave.svg redcanary.com/wp-content/themes/redcanary/assets/img/	3 KB 836 B	294ms 293ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/graphic-soundwave.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 1d3d9de6db687e8b9bf3aa08f565dc2db8743147acce6904bf762b7ff56dbf09 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:29 GMT server nginx etag W/"64187ea9-abb" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id 437b26698a109ec8f2d30ba3cebca237 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	icon-spotify.svg redcanary.com/wp-content/themes/redcanary/assets/img/	2 KB 1 KB	580ms 579ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/icon-spotify.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 5a67c844a08bb049379474c28891b836a26d673555f882dd5717beeabf42200f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:30 GMT server nginx etag W/"64187eaa-653" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id 9698621e6d705ad4d5c57c0ec2b01c2d content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	tdr-hero-dots.png redcanary.com/wp-content/themes/redcanary/assets/img/	11 KB 11 KB	295ms 294ms	Image image/png	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/tdr-hero-dots.png Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash af40bad1e1b6415c6d7dfa127a6e8bf4c64111adfca9e4f4c43ade9c39dc9592 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 15:41:31 GMT server nginx etag "64187eab-2b89" vary Accept-Encoding x-wpe-request-id a99ee1d035ba205faf47074c6b33e920 content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 11145
GET H2	200	TDR-Header03-1200w.jpeg redcanary.com/wp-content/themes/redcanary/assets/img/	331 KB 332 KB	294ms 294ms	Image image/jpeg	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/TDR-Header03-1200w.jpeg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash f8e765848384e530beac002fc4656b7d54b12ef24564025933981afe76e2ca43 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Tue, 21 Mar 2023 18:01:24 GMT server nginx etag "6419f0f4-52bf0" vary Accept-Encoding x-wpe-request-id 6098adad6efc7fc7a50ee41dc9f646bb content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 338928
GET H2	200	search-btn.svg redcanary.com/wp-content/themes/redcanary/assets/img/	161 B 473 B	577ms 577ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/themes/redcanary/assets/img/search-btn.svg Requested by Host: redcanary.com URL: https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 0f57969cdf0d61b86fc25ded8a8c5058a5edd346d1845b232610a54f08d0fcb8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/wp-content/cache/autoptimize/css/autoptimize_7c1b044830350562b8347035fb5ab725.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Wed, 08 Sep 2021 23:08:04 GMT server nginx etag W/"61394254-a1" vary Accept-Encoding, Accept-Encoding x-wpe-request-id dbde5547adcda20c77b01b2050be9de8 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	birdInFlight-flipped-975x975-1.jpg redcanary.com/wp-content/uploads/2022/03/	18 KB 18 KB	650ms 646ms	Image image/jpeg	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2022/03/birdInFlight-flipped-975x975-1.jpg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 9dcafe0dd491720f7b4e7168ee159909aba669acbba23ca17e32c9a2174510b0 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 07 Mar 2022 19:56:58 GMT server nginx etag "6226638a-460b" vary Accept-Encoding x-wpe-request-id 05b43de852d0198f242d4166a2cd178d content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 17931
GET H2	200	TDR-Header01-1200w.jpg redcanary.com/wp-content/uploads/2023/03/	339 KB 340 KB	649ms 645ms	Image image/jpeg	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2023/03/TDR-Header01-1200w.jpg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 6af930f857a9b1c2e3f638e4c2eeae1f5a8d28643db55d6a2f7d99c77e17489f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Mon, 20 Mar 2023 20:12:02 GMT server nginx etag "6418be12-54b50" vary Accept-Encoding x-wpe-request-id 49b1a2b72669df63ca5bd48513f68762 content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 346960
GET H2	200	Icon_Alert-Center_Investigation.svg redcanary.com/wp-content/uploads/2020/09/	4 KB 1 KB	649ms 646ms	Image image/svg+xml	104.198.136.223 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://redcanary.com/wp-content/uploads/2020/09/Icon_Alert-Center_Investigation.svg Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.198.136.223 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 223.136.198.104.bc.googleusercontent.com Software nginx / Resource Hash 1576f47ba50e5433d2efe01986fa43b861bd6a4de15751c35bf606b2a9fed2c9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/threat-detection-report/threats/cobalt-strike/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-security-policy upgrade-insecure-requests content-encoding br strict-transport-security "max-age=63072000; includeSubDomains; preload"; last-modified Thu, 24 Sep 2020 17:12:27 GMT server nginx etag W/"5f6cd37b-e55" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-wpe-request-id 2e72f260cb846763625e211b1f9b88a4 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
POST H2	200	/ Show response www.facebook.com/tr/ Frame BC22	0 70 B	29ms 28ms	Document text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://redcanary.com Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://redcanary.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Tue, 29 Aug 2023 00:00:08 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	/ Show response c.6sc.co/	7 B 191 B	41ms 32ms	XHR text/html	23.53.42.251 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-53-42-251.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://redcanary.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	36 B 334 B	138ms 26ms	XHR text/html	2a02:26f0:7100::210:180 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=redcanary.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::210:180 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash e2aa5f00bd63b2dc19d462370bd461ba38c47f971f8fc6c62b401b4a26bb8e4b Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers pragma no-cache date Tue, 29 Aug 2023 00:00:08 GMT vary Origin content-type text/html access-control-allow-origin https://redcanary.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2001:1b60:1010:3:1012:dd75:4275:a429 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1693267208576_34603388_152410156_16_780_27_60_219";dur=1 content-length 36 expires Tue, 29 Aug 2023 00:00:08 GMT
GET H2	200	d9b6b28e3d84db3e4c966a5cf73af402.js Show response script.crazyegg.com/pages/versioned/trackingpagestate-scripts/	20 KB 8 KB	39ms 39ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/d9b6b28e3d84db3e4c966a5cf73af402.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86f2855487ee0f2a026de07b800d0a191f2d66723011cf5e7bddea4669037b33 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 24 Aug 2023 15:03:49 GMT server cloudflare age 37549 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 7fe083155e972bbc-FRA content-length 8025
GET H2	200	661bb7e9d0e0abee5d7403d3d65553a1.js Show response script.crazyegg.com/pages/versioned/tracking-scripts/	98 KB 32 KB	38ms 37ms	Script text/javascript	2606:4700::6813:9408 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/versioned/tracking-scripts/661bb7e9d0e0abee5d7403d3d65553a1.js Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0096/9416.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2182476b2f19b36cc23e9bbdb2dd97b84f4d6eddabc117e374b893fe3cd8cdc5 Request headers accept-language de-DE,de;q=0.9 Referer https://redcanary.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:08 GMT content-encoding gzip cf-cache-status HIT last-modified Thu, 24 Aug 2023 15:03:25 GMT server cloudflare age 37548 vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, s-maxage=31536000 accept-ranges bytes timing-allow-origin * cf-ray 7fe083167f3c2bbc-FRA content-length 32149
GET H/1.1	200 OK	messenger Show response app.qualified.com/w/1/bAEbi2aHVysBKzuy/ Frame D860	6 KB 3 KB	551ms 156ms	Document text/html	52.204.253.158 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Requested by Host: js.qualified.com URL: https://js.qualified.com/qualified.js?token=bAEbi2aHVysBKzuy Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.204.253.158 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-204-253-158.compute-1.amazonaws.com Software / Resource Hash 0efa5f336ecb199f05d83b9039b82ec80140fb03c9a90bc3feeb30c35b38cba0 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://redcanary.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=0, private, must-revalidate Content-Encoding gzip Content-Length 1830 Content-Security-Policy Content-Type text/html; charset=utf-8 Date Tue, 29 Aug 2023 00:00:09 GMT Etag W/"0efa5f336ecb199f05d83b9039b82ec8" Link <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css>; rel=preload; as=style; nopush Referrer-Policy strict-origin-when-cross-origin Strict-Transport-Security max-age=63072000; includeSubDomains Vary Accept-Encoding Via 1.1 spaces-router (devel) X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none X-Request-Id 7cb78ab6-63cc-1f9b-6a23-7a272028a930 X-Runtime 0.022204 X-Xss-Protection 1; mode=block
GET H2	200	messenger-94e6eccc.chunk.css assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame D860	35 KB 7 KB	56ms 38ms	Stylesheet text/css	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id AeK_NH5rfGk.Lv2XJ.HRstj6QufMx77b content-encoding gzip cf-cache-status HIT x-amz-request-id Z75Z6HTY5PT93WZB age 233 x-amz-server-side-encryption AES256 x-amz-id-2 uiKWfvkQzRdvuSG2GYowKykvnoDMu9cH6gjgYLlNDIAlueFfCyTiS0q+60FUoSB+mlb2waYVGre7gQK7vHCYpsU4Dic1k4PTGU8/p9ygEEM= last-modified Fri, 07 Apr 2023 01:04:50 GMT server cloudflare etag W/"a788ecf510f83ee517cbaf79306145dd" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 cf-ray 7fe0831aa85a1cbd-FRA expires Tue, 29 Aug 2023 04:00:09 GMT
GET H2	200	messenger-84a66aeb.chunk.css assets.qualified.com/packs/css/widget/sandboxed/ Frame D860	5 KB 1 KB	48ms 30ms	Stylesheet text/css	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id QqBbrcuqtBTwl_isiJWhWcP6FGILlHz5 content-encoding gzip cf-cache-status HIT x-amz-request-id Z75YA82CCCVDZ8CM age 4998 x-amz-server-side-encryption AES256 x-amz-id-2 YiZz2d5dBMI8ZyoOdk0DBjnp3XWT65D1Cugr0KhPbHasWMbaHP2R84ZDS7rdpPQmrNFOWro5yxH3kZBovJDBig== last-modified Fri, 07 Apr 2023 01:04:50 GMT server cloudflare etag W/"22d5f23e695250d3c5a5b1e76a015c5e" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 cf-ray 7fe0831aa8591cbd-FRA expires Tue, 29 Aug 2023 04:00:09 GMT
GET H2	200	messenger~runtime-7dd040836a6aa86b909a.js Show response assets.qualified.com/packs/js/widget/sandboxed/ Frame D860	2 KB 1 KB	41ms 31ms	Script application/javascript	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-7dd040836a6aa86b909a.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 942acefe64e2c3fb2c239e295fa90bf9c34907eccf09bf44e33ae1360a884455 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id PEkPn19vAnekw7AcnrrEtlUXdwq5MIS9 content-encoding gzip cf-cache-status HIT x-amz-request-id BPDG51D4813XNKH4 age 2686 x-amz-server-side-encryption AES256 x-amz-id-2 ebnBBWa1sbgVrNeWmRBEFu4Vs+Wxshgtpdm9bRTYdm3QtZIPgqhz9G+3ECWvzfQgXKj5OEbQJ5w= last-modified Mon, 28 Aug 2023 23:12:10 GMT server cloudflare etag W/"85894fcb552792c6166dde1cb10bc0a8" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7fe0831aa85e1cbd-FRA expires Tue, 29 Aug 2023 04:00:09 GMT
GET H2	200	messenger-369223c5490f8cdcf187.chunk.js Show response assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame D860	1 MB 362 KB	42ms 32ms	Script application/javascript	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-369223c5490f8cdcf187.chunk.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 15e5827ebf3a8660ccf687d7f208b247f355421bfeeaa572f26913a453acf45e Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id oK9jovqhn.gYLI4zbnGqtErXgbUHzdXb content-encoding gzip cf-cache-status HIT x-amz-request-id 8EF4VPS7HNBAP6G3 age 4998 x-amz-server-side-encryption AES256 x-amz-id-2 i9ABf0AEZLTdcHdctc5UMEXNiCOHLAR5677xONEUGN/bTAUF+uHsTeS7xprUJ2SSoD54nihEEGVW3VMU2UqbkQ== last-modified Mon, 28 Aug 2023 20:31:37 GMT server cloudflare etag W/"07365b735e31be744e837d71d12cb7ad" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7fe0831aa8601cbd-FRA expires Tue, 29 Aug 2023 04:00:09 GMT
GET H2	200	messenger-0c1cbabdef2d7905f7d2.chunk.js Show response assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame D860	623 KB 162 KB	31ms 31ms	Script application/javascript	2606:4700::6812:1005 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-0c1cbabdef2d7905f7d2.chunk.js Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f284b8e77b5cab8dce71decb5c86d7bbda313095149ee62121f994c30d6a095 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id TPGzmIXj28eeb4rYE4n5Dbmu7Vjdl3k6 content-encoding gzip cf-cache-status HIT x-amz-request-id 8RZ3M7E2Z87AYGN4 age 2685 x-amz-server-side-encryption AES256 x-amz-id-2 wa1Qt4JzKGCIshTp8uT2AxNCVIlyyb/Vd1J9hObCAa1rL2uhhthpvpX3JQwIikeaxR3mkeaUYSE= last-modified Mon, 28 Aug 2023 23:12:10 GMT server cloudflare etag W/"52474d9603ad14812684f67fffb28bc4" vary Accept-Encoding content-type application/javascript cache-control public, max-age=14400 cf-ray 7fe0831ae8841cbd-FRA expires Tue, 29 Aug 2023 04:00:09 GMT
GET H2	200	Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2 assets.qualified.com/packs/media/fonts/inter/ Frame D860	97 KB 97 KB	92ms 32ms	Font font/woff2	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2 Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6 Request headers Referer https://app.qualified.com/ Origin https://app.qualified.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id Ts0p7fbKsZIFu_VEk6HOvm9iYpTRKuos cf-cache-status HIT x-amz-request-id 41Z3KJK24K5VH2VW age 22716998 content-length 98868 x-amz-id-2 Ta7QduaUx53oJBC61pF3hnNKwZ0PRiLBlPs9GI8HcAGX1x9nffwkEv3HAik928cdZO2VmzvSgxE= last-modified Thu, 08 Dec 2022 23:17:25 GMT server cloudflare etag "dc131113894217b5031000575d9de002" access-control-max-age 3600 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cache-control public, max-age=31557600 accept-ranges bytes cf-ray 7fe0831afdab30e8-FRA expires Wed, 28 Aug 2024 06:00:09 GMT
GET H2	200	Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2 assets.qualified.com/packs/media/fonts/inter/ Frame D860	103 KB 104 KB	119ms 59ms	Font font/woff2	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2 Requested by Host: app.qualified.com URL: https://app.qualified.com/w/1/bAEbi2aHVysBKzuy/messenger?uuid=41f23429-1324-46f0-99b9-ee5e7e45f660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5 Request headers Referer https://app.qualified.com/ Origin https://app.qualified.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Tue, 29 Aug 2023 00:00:09 GMT x-amz-version-id mi4mtB4aFvR25WPQCmnfUnVk6AWhr_W6 cf-cache-status HIT x-amz-request-id 2HMTVDXWHRZ097M7 age 10607136 x-amz-server-side-encryption AES256 content-length 105804 x-amz-id-2 YD0z6E8yfMvUoX00yyhaPzBel56CXdfQkpFrBSUa2Gb4Y85wQsKNp3wT67eM7XPXdMbk10RgCP0= last-modified Fri, 28 Apr 2023 01:11:03 GMT server cloudflare etag "007ad31a53f4ab3f58ee74f2308482ce" access-control-max-age 3600 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cache-control public, max-age=31557600 accept-ranges bytes cf-ray 7fe0831afdac30e8-FRA expires Wed, 28 Aug 2024 06:00:09 GMT
POST H/1.1	200 OK	/ Show response sentry.io/api/1332833/envelope/ Frame D860	2 B 559 B	606ms 144ms	Fetch application/json	35.188.42.15 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1 Requested by Host: assets.qualified.com URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-369223c5490f8cdcf187.chunk.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 15.42.188.35.bc.googleusercontent.com Software nginx / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload Request headers Referer https://app.qualified.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Tue, 29 Aug 2023 00:00:10 GMT strict-transport-security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload Server nginx vary origin,access-control-request-method,access-control-request-headers Content-Type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 1 cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 2
OPTIONS H3	200	events gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame	0 0	31ms 30ms	Preflight	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://open.spotify.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context access-control-allow-methods DELETE,GET,PATCH,POST,PUT,OPTIONS access-control-allow-origin https://open.spotify.com access-control-max-age 604800 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Tue, 29 Aug 2023 00:00:11 GMT server envoy vary Accept-Encoding via HTTP/2 edgeproxy, 1.1 google
POST H3	200	events Show response gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 1B64	13 B 58 B	120ms 119ms	XHR application/json	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://open.spotify.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 content-type application/json Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff date Tue, 29 Aug 2023 00:00:11 GMT via HTTP/2 edgeproxy, 1.1 google server envoy content-type application/json access-control-allow-origin https://open.spotify.com cache-control private, max-age=0 access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39
POST H3	200	events Show response gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 1B64	13 B 58 B	143ms 143ms	XHR application/json	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Requested by Host: embed-cdn.spotifycdn.com URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-32f605a2ab8a4fe6.js Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://open.spotify.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 content-type application/json Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff date Tue, 29 Aug 2023 00:00:11 GMT via HTTP/2 edgeproxy, 1.1 google server envoy content-type application/json access-control-allow-origin https://open.spotify.com cache-control private, max-age=0 access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 39
OPTIONS H3	200	events gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame	0 0	31ms 31ms	Preflight	2600:1901:1:81:: GOOGLE
General Check archive.org Show headers Download Go to Full URL https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events Protocol H3 Security QUIC, , AES_128_GCM Server 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US), Reverse DNS Software envoy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://open.spotify.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context access-control-allow-methods DELETE,GET,PATCH,POST,PUT,OPTIONS access-control-allow-origin https://open.spotify.com access-control-max-age 604800 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Tue, 29 Aug 2023 00:00:11 GMT server envoy vary Accept-Encoding via HTTP/2 edgeproxy, 1.1 google
GET H/1.1	200 OK	d23c0c4e194430380ef64982f7fd6ecf318cd5881017bc61dec0ef8955cc0079.png qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame D860	13 KB 13 KB	396ms 130ms	Image image/png	52.216.37.250 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://qualified-production.s3.us-east-1.amazonaws.com/uploads/d23c0c4e194430380ef64982f7fd6ecf318cd5881017bc61dec0ef8955cc0079.png Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.37.250 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 9a586f0b3e8add35ad17a2eec2cee97cbe175f48d7c47e34492dd973aa0f8381 Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:13 GMT Last-Modified Thu, 20 Oct 2022 23:47:27 GMT Server AmazonS3 x-amz-request-id FJX558GPYM3K7BPS ETag "fd481ec600c1b3fad6f9e29aa732a946" x-amz-server-side-encryption AES256 Content-Type image/png Cache-Control Cache-Control: public, max-age=31536000 Accept-Ranges bytes Content-Length 12932 x-amz-id-2 NMZ4/fWRFznMgGtFn0oldx0ti1ScfWQAbPZAhOD+f/mVsab8b0xg4iuFGIy5NP1yjLcVRZKwQRw=
GET H/1.1	200 OK	b34302d7d25df402909dab75f43c994eaa9697d42e982abeee77e1d6cb8e2697.png qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame D860	13 KB 13 KB	120ms 119ms	Image image/png	52.216.37.250 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://qualified-production.s3.us-east-1.amazonaws.com/uploads/b34302d7d25df402909dab75f43c994eaa9697d42e982abeee77e1d6cb8e2697.png Requested by Host: redcanary.com URL: https://redcanary.com/threat-detection-report/threats/cobalt-strike/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.37.250 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 00bbc66153e493c73e6ee4448a25fac555d74e1fd957f6f804754ff27bb9884f Request headers accept-language de-DE,de;q=0.9 Referer https://app.qualified.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Tue, 29 Aug 2023 00:00:14 GMT Last-Modified Thu, 20 Oct 2022 23:48:08 GMT Server AmazonS3 x-amz-request-id 2QYY2F56KA0GBD6M ETag "7797b96a7f999ac42de528bede3329af" x-amz-server-side-encryption AES256 Content-Type image/png Cache-Control Cache-Control: public, max-age=31536000 Accept-Ranges bytes Content-Length 13099 x-amz-id-2 mV5kbd/J6j1GYWjZ5u0VZ5ZG6cj5qV+lEqOfQIHPXWoPE9o4SXl6a8RArbmJ67AH8VS1owljmWw=

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

analytics.twitter.com

URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=bf805dde-1ab4-463a-a659-84f1e379f479&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=9dcf5317-c246-4837-bf05-366fbb400056&tw_document_href=https%3A%2F%2Fredcanary.com%2Fthreat-detection-report%2Fthreats%2Fcobalt-strike%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o015g&type=javascript&version=2.3.29