www.reliaquest.com Open in urlscan Pro
141.193.213.20  Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1717034980538%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252Fblog%252Fblacksuit-attack-analysis%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAIzMAFsH6zwAAAY_HQpeZ4ONEuAe4PZbOqn1VO2yfKzWrGDlV5Z6l3u3vZgSbLkg1_2o

Request Chain 64

• https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 302
• https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 307
• https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID HTTP 302
• https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2251648426891217404

Request Chain 114

• https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737 HTTP 303
• https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737&_bee_ppp=1 HTTP 303
• https://tracking.contanuity.com/usersync?bwcookie=AAHdRk7Mr8AAABg3Eborog

Request Chain 120

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&RedC=c.clarity.ms&MXFR=0C0ECE45ECB866591ECCDACAE8B86840 HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&MUID=2B1A15A2B06563372D00012DB1C9622B

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.reliaquest.com/blog/blacksuit-attack-analysis/	142 KB 32 KB	303ms 223ms	Document text/html	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / WP Engine Resource Hash 0bf3f84606b0095add489578a68b5511ada1e3b22ed9819777c54b928fa69c99 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control max-age=600, must-revalidate cf-cache-status DYNAMIC cf-ray 88bb2ef06c5e453a-TXL content-encoding br content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Thu, 30 May 2024 02:09:40 GMT last-modified Wed, 29 May 2024 09:03:50 GMT link <https://www.reliaquest.com/wp-json/>; rel="https://api.w.org/" <https://www.reliaquest.com/wp-json/wp/v2/posts/88930>; rel="alternate"; type="application/json" <https://www.reliaquest.com/?p=88930>; rel=shortlink server cloudflare strict-transport-security max-age=63072000; includeSubDomains; vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie x-cache HIT: 1 x-cache-group normal x-cacheable SHORT x-content-type-options nosniff x-frame-options SAMEORIGIN x-powered-by WP Engine x-xss-protection 1; mode=block
GET H3	200	all.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/	100 KB 19 KB	90ms 47ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 2356103 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 18778 last-modified Wed, 02 Aug 2023 21:01:56 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "64cac444-495a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPBAV6l5YT8Y7SS%2BwfopS7uSvvCDIDMAloDvwZ5mSg8gvGWqVi9r663ozaO7XTDABhtlqbzvX2Gh1vLEvX%2Fav5lBmczIguMFI6T9BdxTPplx1hQ2CJ%2FHJqbG2xa1SnhXCBoRbSz8"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef21fe59b94-FRA expires Tue, 20 May 2025 02:09:40 GMT
GET H2	200	select2.min.css cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/	16 KB 3 KB	153ms 48ms	Stylesheet text/css	2a04:4e42::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 30 May 2024 02:09:40 GMT x-content-type-options nosniff content-encoding br age 8217310 x-jsd-version 4.1.0-rc.0 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 2487 x-served-by cache-fra-eddf8230031-FRA, cache-mxp6968-MXP x-jsd-version-type version etag W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H3	200	/ www.reliaquest.com/_jb_static/	230 KB 43 KB	308ms 308ms	Stylesheet text/css	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / WP Engine Resource Hash f9f9bf9ce4517c2e44a824e9dda21d15cea50ee2f0bf480f4f69bf924ff00efe Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT x-cache-group normal x-content-type-options nosniff content-security-policy upgrade-insecure-requests x-cacheable YES:31536000.000 strict-transport-security max-age=63072000; includeSubDomains; content-encoding br x-powered-by WP Engine x-cache HIT: 42 cf-cache-status DYNAMIC alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Thu, 09 May 2024 11:41:36 GMT server cloudflare x-page-optimize cached etag W/"3741b8a36195e0aa161a35108bf84284" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie x-frame-options SAMEORIGIN content-type text/css;charset=UTF-8 access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 88bb2ef36e1444fe-TXL
GET H2	200	jquery.min.js Show response www.reliaquest.com/wp-includes/js/jquery/	86 KB 31 KB	236ms 235ms	Script application/javascript	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Mon, 28 Aug 2023 17:14:23 GMT server cloudflare etag W/"64ecd5ef-15601" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef1deb7453a-TXL
GET H3	200	all.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/	98 KB 17 KB	111ms 78ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 460520 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 17041 last-modified Tue, 22 Mar 2022 17:32:26 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "623a082a-4291" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFx7y72ZdY5kNmzyNihScUoFy%2BM7tgRzm94K2z%2FQvuUKEoZ70Khassv%2BMAHgLeTrsvtjdrwyM52bbh%2F%2B2puyNbJV5yF3QR0kLF5%2BAQ28eHLkHeu56sE4717CcxaxQrfM9ScU%2FPc9"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef21fe49b94-FRA expires Tue, 20 May 2025 02:09:40 GMT
GET H3	200	logo.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	6 KB 3 KB	244ms 242ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2298d58f76f75135d021b0f1aa558defa9e66a1cc384b3eedde0f0904fa72def Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Fri, 03 Feb 2023 19:11:50 GMT server cloudflare etag W/"63dd5c76-1768" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0144fe-TXL
GET H3	200	logo-dark.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	6 KB 3 KB	281ms 279ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo-dark.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash bc46e11ef889c4607d9befe335305d246d312cb0cda290d3beb75a722d417979 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Fri, 28 Apr 2023 16:56:25 GMT server cloudflare etag W/"644bfab9-177e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0244fe-TXL
GET H2	200	nav-collapse-decor.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	2 KB 730 B	311ms 310ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/nav-collapse-decor.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 90cd085fb1b820cab7d04a52702a189d2a3cf9ffbcf1ef3b354283d65d7fa24a Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Fri, 03 Feb 2023 19:11:50 GMT server cloudflare etag W/"63dd5c76-760" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef1debb453a-TXL
GET H2	200	lazy_placeholder.gif www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/	42 B 156 B	265ms 264ms	Image image/gif	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 42 x-xss-protection 1; mode=block last-modified Fri, 01 Sep 2023 19:24:58 GMT server cloudflare etag "64f23a8a-2a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef1deba453a-TXL
GET H3	200	decor-cta.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	2 KB 927 B	245ms 243ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/decor-cta.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 572f5c7956c6df267d7a9725e35602fb2b414dd5c48e53512468e627f0ef3a3c Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Wed, 15 Feb 2023 18:20:41 GMT server cloudflare etag W/"63ed2279-9f8" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0644fe-TXL
GET H3	200	facebook.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	1 KB 799 B	264ms 262ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/facebook.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Tue, 25 Jul 2023 20:42:44 GMT server cloudflare etag W/"64c033c4-407" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0844fe-TXL
GET H3	200	twitter.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	1 KB 882 B	246ms 245ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/twitter.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status MISS content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Wed, 20 Sep 2023 19:58:43 GMT server cloudflare etag W/"650b4ef3-50e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0a44fe-TXL
GET H3	200	linkedin.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	1 KB 869 B	247ms 246ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/linkedin.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status MISS content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Tue, 25 Jul 2023 20:42:44 GMT server cloudflare etag W/"64c033c4-4e4" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0d44fe-TXL
GET H3	200	link.svg www.reliaquest.com/wp-content/themes/t220908406929/dist/images/	2 KB 1 KB	248ms 246ms	Image image/svg+xml	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/link.svg Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Tue, 25 Jul 2023 20:42:44 GMT server cloudflare etag W/"64c033c4-913" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e0f44fe-TXL
GET H3	200	gsap.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/	69 KB 25 KB	90ms 48ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 21569 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 25150 last-modified Tue, 04 Oct 2022 19:36:11 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "633c8b2b-623e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1oVI8GYzt%2BiuRhJerf%2BEIm6tzET0ygNJNyjgxDsWSOCokp%2BR9dXy9bokeHuRmv4iFWEDrXPz4TA9X8ZZQn1vxBZWnBMXSLkF58sVonfzXOe4Ufkq145s3dSXAb6UahGzwv%2BpxQBn"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef22cbe3a72-FRA expires Tue, 20 May 2025 02:09:40 GMT
GET H3	200	ScrollTrigger.min.js Show response cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/	39 KB 15 KB	47ms 47ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollTrigger.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 22257 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 14847 last-modified Tue, 04 Oct 2022 19:36:11 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "633c8b2b-39ff" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4e4gYJlYt3gO1KKTU7Mz6uQMCKeWJGLwTp0gj8cXSCX%2FlBajMrXWXObI8L9T5Ly4138Mp8obSYgVmb1riUYRQfYrxdSzIYxwi%2BTxuMLz96nAHEQmvj2djpnJ5QnPSBZfHEVhU%2Bp"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef2bd203a72-FRA expires Tue, 20 May 2025 02:09:40 GMT
GET H2	200	select2.min.js Show response cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/	71 KB 72 KB	49ms 48ms	Script application/javascript	2a04:4e42::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 30 May 2024 02:09:40 GMT x-content-type-options nosniff age 7352040 x-jsd-version 4.1.0-rc.0 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 73163 x-served-by cache-fra-eddf8230125-FRA, cache-mxp6968-MXP x-jsd-version-type version etag W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H3	200	page.js Show response static.addtoany.com/menu/	3 KB 2 KB	96ms 52ms	Script application/javascript	172.67.39.148 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/page.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 10425 content-encoding br alt-svc h3=":443"; ma=86400 referrer-policy strict-origin-when-cross-origin cf-bgj minify server cloudflare etag W/"e346c2841e4abbb66ee259e9540abb61" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PgVcuyexPCXFpRW5kF9OnydB12y1CM29EC3VMes935eceYTKl%2FlgYJBwewm9YiDDUJgSk37LhckWW%2BflNXx8FVShCTMmLXh4y1M4BxvSgZebdWL9D279Jcc1NIv6TSu0beeS90fG"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=86400, stale-while-revalidate=30, public cf-ray 88bb2ef3ba5b8f27-FRA
GET H3	200	addtoany.min.js Show response www.reliaquest.com/wp-content/plugins/add-to-any/	129 B 340 B	264ms 263ms	Script application/javascript	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/wp-content/plugins/add-to-any/addtoany.min.js?m=1713260663 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Tue, 16 Apr 2024 09:44:23 GMT server cloudflare etag W/"661e4877-81" vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e1044fe-TXL
GET H2	200	Bootstrap.js Show response nexus.ensighten.com/choozle/15024/	28 KB 9 KB	147ms 42ms	Script application/javascript	2600:9000:26da:c00:2:8f43:5780:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nexus.ensighten.com/choozle/15024/Bootstrap.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:c00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 9b9971d96411c9db199cb76e0e3ba2973a1992524321435dacd754e96ac9dace Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 17 Dec 2023 00:28:01 GMT x-amz-version-id IJXqJsiAmnn3dYEBr3SaqCBrdkDwMMaF content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 age 14262100 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Sat, 28 Oct 2023 15:00:20 GMT server CloudFront etag W/"acf96a761753df6a9a8c06f5b3165a06" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=300 x-amz-cf-id snMWNPvai-jg1dx6HZ42JqfdQi8DsV8PqXp--Xf2-oDB3w6uOdC8Gg==
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	153ms 47ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 2891161 x-cache HIT, HIT content-length 30875 x-served-by cache-lga21931-LGA, cache-mxp6970-MXP last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1717034980.499531,VS0,VE0 etag W/"28feccc0-15d9d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 5, 626180
GET H3	200	bootstrap.bundle.min.js Show response cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/	79 KB 24 KB	81ms 38ms	Script application/javascript	151.101.193.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 30 May 2024 02:09:40 GMT x-content-type-options nosniff content-encoding br age 1292875 x-jsd-version 5.2.2 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 24684 x-served-by cache-fra-etou8220051-FRA x-jsd-version-type version etag W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H3	200	/ Show response www.reliaquest.com/_jb_static/	49 KB 18 KB	213ms 212ms	Script application/javascript	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/_jb_static/??-eJx1jMEOgyAQRP+mp+ICkloPpt+y0o1CEYm71X5+Tbj00tvkzcyDoyi/ZqEsIDMtxCDW6l7fnb71tq+wiXyFn2VJ7ylkhoITqRTyi5Ws8AwskOlQguO/BxNufj6LFHZSGPGjKgJkJmGIuCP7LRSpvpqbJeRT+VgG0xnXtaZ1+uLHwXwBvFdD7A== Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / WP Engine Resource Hash a2a4c14ee1b8f583f11100c088f9d302a97ac02603409992146cd28000c3020b Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT x-cache-group normal x-content-type-options nosniff content-security-policy upgrade-insecure-requests x-cacheable YES:31536000.000 strict-transport-security max-age=63072000; includeSubDomains; content-encoding br x-powered-by WP Engine x-cache HIT: 42 cf-cache-status DYNAMIC alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Fri, 03 May 2024 10:15:40 GMT server cloudflare x-page-optimize cached etag W/"049c5b5b9bd5eb61ca80bc52ae9054df" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 88bb2ef36e0044fe-TXL
GET H3	200	body-da00d8671e31253499cc18fa0a622103d0754b1c.js Show response www.reliaquest.com/wp-content/cache/asset-cleanup/js/	212 KB 63 KB	286ms 285ms	Script application/javascript	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-da00d8671e31253499cc18fa0a622103d0754b1c.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 435431fd6746f356f026904bb7f2203996bf27dbdf2d8fb45339c312c90a21f1 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED content-encoding br alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Wed, 15 May 2024 19:11:30 GMT server cloudflare etag W/"664508e2-351fa" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88bb2ef36e1344fe-TXL
GET H2	200	6si.min.js Show response j.6sc.co/	66 KB 18 KB	189ms 40ms	Script application/javascript	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:40 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 09 May 2024 06:01:25 GMT server nginx/1.14.0 (Ubuntu) etag "663c66b5-106b3" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 18038 expires Thu, 30 May 2024 02:09:40 GMT
GET H2	200	sl.js Show response scout-cdn.salesloft.com/	6 KB 3 KB	163ms 48ms	Script application/javascript	2606:4700::6810:4769 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://scout-cdn.salesloft.com/sl.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4769 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT x-amz-version-id 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc x-content-type-options nosniff cf-cache-status HIT content-encoding br strict-transport-security max-age=31536000; includeSubDomains x-amz-request-id EZPGEPEQRJ835T56 age 514 alt-svc h3=":443"; ma=86400 x-amz-id-2 vj/H9CfyiKNwtvLJrelCw6CtXo93qB0KDTwbomYs8Kf/kZA94jYHXVgMqek/RNtsa+9eO7BrPxA= last-modified Mon, 13 Dec 2021 16:28:37 GMT server cloudflare etag W/"d74cc4825c8e333b2116da3fcc649db1" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=14400 cf-ray 88bb2ef45c659a12-FRA expires Thu, 30 May 2024 06:09:40 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	47 KB 17 KB	123ms 42ms	Script application/javascript	2a02:26f0:3500:16::215:149b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 06 May 2024 17:20:18 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=11881 accept-ranges bytes content-length 16683
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	230ms 41ms	Script application/x-javascript	104.102.38.132 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-38-132.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 30 May 2024 02:09:40 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	serverComponent.php Show response nexus.ensighten.com/choozle/15024/	286 B 617 B	81ms 81ms	Script text/javascript	2600:9000:26da:c00:2:8f43:5780:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nexus.ensighten.com/choozle/15024/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/15024/code/&publishedOn=Sat%20Oct%2028%2015:00:11%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F Requested by Host: nexus.ensighten.com URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:c00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 94fc1f6bef4d580d1fca2055930d713857bca21df1de28774c148dd0e1ce65d9 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) server CloudFront x-amz-cf-pop MUC50-P4 x-cache Miss from cloudfront content-type text/javascript cache-control no-cache, no-store alt-svc h3=":443"; ma=86400 content-length 286 x-amz-cf-id 8118-LxaoXbflW9noAuwdEW1iNq3rnxWY14iK6ACqID3Nosv4LuLFQ== expires Thu, 30 May 2024 02:09:39 GMT
GET H3	200	sm.25.html static.addtoany.com/menu/ Frame 1A91	0 0	96ms 55ms	Document text/html	172.67.39.148 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/sm.25.html Requested by Host: static.addtoany.com URL: https://static.addtoany.com/menu/page.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * age 27112 alt-svc h3=":443"; ma=86400 cache-control max-age=315360000, immutable cf-cache-status HIT cf-ray 88bb2ef45bec3722-FRA content-encoding br content-type text/html; charset=utf-8 date Thu, 30 May 2024 02:09:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy strict-origin-when-cross-origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zf100L6iTlFg050p7ry6jRCgFGHrlS0bsxSt474zPbv6Js%2FpRKoLWALzrYpDxRf3QjEFWUE4M2zn0fPIU%2FMuTy3YgdnJMM4pjeMhyeSgmPbO3S%2BATW9DbP6u5N%2FFxnuqjOOjZMjq"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff
GET H3	200	core.BRQnzO8v.js Show response static.addtoany.com/menu/modules/	70 KB 26 KB	95ms 53ms	Script application/javascript	172.67.39.148 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/modules/core.BRQnzO8v.js Requested by Host: static.addtoany.com URL: https://static.addtoany.com/menu/page.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 26218 content-encoding br alt-svc h3=":443"; ma=86400 referrer-policy strict-origin-when-cross-origin cf-bgj minify server cloudflare etag W/"25da5432b1057724b8210f17e9b9db05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDpslTtPhDxISMZPqcVJuFlP5sA5KpTRlQNofmgMYl9tfHk1NUXj7vcSW4W%2BhquQo74qP8k10XbJLRUwD2D1PM8OdaTFtzNBGovy%2FXA8QVGAy%2FqETs6r2a1z6nLnuUEv5XDCEWHN"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=315360000, immutable cf-ray 88bb2ef45ff69b7a-FRA
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 1 KB	428ms 341ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept * Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"priority":"0","trigger_data":"4"}],"filters":[{"c":["304663576"]},{"c":["298127876"]},{"c":["296730183"]},{"c":["276342793"]},{"c":["268883726"]}],"debug_key":"12618332"} content-encoding gzip date Thu, 30 May 2024 02:09:40 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 2331E5048F4247A6801CF56189D37642 Ref B: FRAEDGE1920 Ref C: 2024-05-30T02:09:40Z access-control-allow-methods GET, OPTIONS content-type application/json access-control-allow-origin * x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYZolwXO9okIPjr3I0TVQ== x-fs-uuid 000619a25c173bda2420f8ebdc8d1355
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1717034980538%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAIzM...	0 264 B	275ms 192ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAIzMAFsH6zwAAAY_HQpeZ4ONEuAe4PZbOqn1VO2yfKzWrGDlV5Z6l3u3vZgSbLkg1_2o Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers date Thu, 30 May 2024 02:09:41 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 336E2F66809A42E0973E2466D2A06625 Ref B: FRAEDGE1714 Ref C: 2024-05-30T02:09:41Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYZolwkPavRow4pEHDh4w== Redirect headers date Thu, 30 May 2024 02:09:40 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: C1650AB5906D47F7BCC24FFB04B9E14F Ref B: FRAEDGE1121 Ref C: 2024-05-30T02:09:41Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1717034980538&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&cookiesTest=true&liSync=true&e_ipv6=AQLAIzMAFsH6zwAAAY_HQpeZ4ONEuAe4PZbOqn1VO2yfKzWrGDlV5Z6l3u3vZgSbLkg1_2o x-li-proto http/2 content-length 0 x-li-uuid AAYZolwgE84bCRfRJxHIBQ==
GET H3	200	d3d14424fac71699bdbff068d9b1184b.js Show response nexus.ensighten.com/choozle/15024/code/	2 KB 802 B	40ms 40ms	Script application/javascript	108.138.26.5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nexus.ensighten.com/choozle/15024/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905 Requested by Host: nexus.ensighten.com URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.26.5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-26-5.fra56.r.cloudfront.net Software CloudFront / Resource Hash e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 17 Dec 2023 00:28:03 GMT x-amz-version-id xy0TboscelqpDiztVyy6vWffI6grZ0by content-encoding br via 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront) age 14262098 x-amz-cf-pop FRA56-P7 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Sat, 28 Oct 2023 15:00:24 GMT server CloudFront etag W/"e8e93310d35a9462151b8fdab5b436ce" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=315360000 x-amz-cf-id A8vwI9LTMtga6r1iSd6V3u19bctQiSWqXSBqzRxuPVbMwXGHE5_ixQ==
GET		_blog_blacksuit-attack-analysis_.js kdl.keywee.co/www.reliaquest.com/	0 0
GET H2	200	tracking.js Show response trk.techtarget.com/	3 KB 2 KB	177ms 74ms	Script text/javascript	2606:4700:4400::6812:24c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk.techtarget.com/tracking.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT via 1.1 google content-encoding br cf-cache-status HIT cf-bgj minify last-modified Tue, 13 Dec 2022 15:01:39 GMT strict-transport-security max-age=0; includeSubDomains; preload age 37189 server cloudflare vary Accept-Encoding content-type text/javascript cache-control public, max-age=1200 cf-ray 88bb2ef539906955-FRA expires Thu, 30 May 2024 02:29:40 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	328 KB 109 KB	158ms 70ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 02f72965605f947f9440aa558cfa08117f82ef0a34ded5e8e5ebaad5017bfe86 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 111586 x-xss-protection 0 last-modified Thu, 30 May 2024 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 30 May 2024 02:09:40 GMT
GET H2	200	r Show response scout.salesloft.com/	41 B 359 B	392ms 119ms	XHR application/json	54.164.216.159 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDExMzd9.jbjhYTjr5EtKJiZNcg3fApVy8OrVLI90V1gxGsVoF9E Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 54.164.216.159 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-164-216-159.compute-1.amazonaws.com Software / Resource Hash aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.reliaquest.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 41 x-request-id 0abb8a08364989cf5596e221349d4222
GET H3	200	de.js Show response static.addtoany.com/menu/locale/	750 B 1018 B	53ms 52ms	Script application/javascript	172.67.39.148 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/locale/de.js Requested by Host: static.addtoany.com URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 22393 cf-polished origSize=902 content-encoding br alt-svc h3=":443"; ma=86400 referrer-policy strict-origin-when-cross-origin cf-bgj minify server cloudflare etag W/"86610d84a116a5704d658324728b063f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VCqZkLFLaAtDar4MG4Y2ucoUxuoBjhfPEe2%2BABo7WsaCHG83LEH5Ri0PWeW7nnMh9HK2zwHwe26VXLb5uk2LBQ6blDdjJ7WmmzLwr4vfER0aw%2FivTiL3XRXKKyL6JkL%2FvR5rzXGWr5wpqwXMuBEeBHd"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=86400, stale-while-revalidate=30, public cf-ray 88bb2ef50b098f27-FRA
GET H2	200	/ Show response c.6sc.co/	7 B 195 B	48ms 39ms	XHR text/html	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.reliaquest.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	19 B 310 B	200ms 40ms	XHR text/html	2a02:26f0:480:23::1726:62a7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a0ae602e4b19bb4491ccba1bab200ae243fa876b70cefdd8894ae0111a788306 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:40 GMT vary Origin content-type text/html access-control-allow-origin https://www.reliaquest.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:1338:92::9 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717034980741_388391911_58595061_28_1064_42_79_219";dur=1 content-length 19 expires Thu, 30 May 2024 02:09:40 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	142ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A40%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:40 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:40 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	143ms 135ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:40 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:40 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	40ms 40ms	Script application/x-javascript	104.102.38.132 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-102-38-132.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 30 May 2024 02:09:40 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Sat, 07 Sep 2024 02:09:40 GMT
POST H/1.1	200 OK	visitWebPage 438-kyk-786.mktoresp.com/webevents/	2 B 318 B	688ms 131ms	Ping text/plain	192.28.144.124 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://438-kyk-786.mktoresp.com/webevents/visitWebPage?_mchNc=1717034980688&_mchCn=&_mchId=438-KYK-786&_mchTk=_mch-reliaquest.com-1717034980687-29540&_mchHo=www.reliaquest.com&_mchPo=&_mchRu=%2Fblog%2Fblacksuit-attack-analysis%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.144.124 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 30 May 2024 02:09:41 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 71a5ff5c-c564-403a-80f9-941e14bb108c
GET H3	200	icomoon.ttf www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/	4 KB 5 KB	316ms 316ms	Font application/octet-stream	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/icomoon.ttf?5zkpkv Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79 Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/_jb_static/??-eJylj8uOwjAMRf9mVhi3Fa8uEN9ikkA7ahIrdlv4e0ILK2A0Eis/z/U1jgwmBnVBkbv+3AZBGc4gPXNMikamWoBUyTQ+7y1zb4FvuDEmy8mJAEfuO0o5igqSiMvhLjUyv+DaOO8EtaqKutitik1d1WhbmY97asP/ENFr5z6aE0fJNHnQtYMD+qULzK2nvQkXPKUJtA8ATjF5+Vr1b29kLWgECtd7qjEnSz+/ffD7cluuq/VqV29+zHFf3gC+Yp79 Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 4592 x-xss-protection 1; mode=block last-modified Wed, 15 Feb 2023 18:20:41 GMT server cloudflare etag "63ed2279-11f0" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/octet-stream access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef5d93d44fe-TXL
GET DATA	200 OK	truncated /	713 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3760892dc66f80b7b377185200f21d8f710fbeac41253683455f6a7206254f99 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	fa-brands-400.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/	103 KB 104 KB	46ms 46ms	Font application/octet-stream	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-brands-400.woff2 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=15780000 x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 13727 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 105536 last-modified Tue, 22 Mar 2022 17:32:26 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "623a082a-19c40" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYuz8cE%2FmhyZQI1kfmIbyvsfTpoFKtiYuVk9gxXtQQw4C7pksuhYKDOXWFqkMTGNRtXWh9oB6kveymWXeIrb4QibEmWIKG5rT4CfnHo3DHgMPuF7F%2F64oY9FmoHuZvMNNoeLWYVc"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef5e9d89b94-FRA expires Tue, 20 May 2025 02:09:40 GMT
GET H3	200	052824-Blacksuit-blog-header-512x354@2x.png www.reliaquest.com/wp-content/uploads/2024/05/	425 KB 425 KB	923ms 923ms	Image image/png	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/uploads/2024/05/052824-Blacksuit-blog-header-512x354@2x.png Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 358dffef967f7a7faea576296a63f03f20f54448d9068b53e21895723db6a3c1 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 435298 x-xss-protection 1; mode=block last-modified Tue, 28 May 2024 11:31:02 GMT server cloudflare etag "6655c076-6a462" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef5d93444fe-TXL
GET H3	200	avatar_user_49_1680192593-80x80.png www.reliaquest.com/wp-content/uploads/2023/03/	8 KB 8 KB	231ms 230ms	Image image/png	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/uploads/2023/03/avatar_user_49_1680192593-80x80.png Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8cf6822be42df21c4a253dbaf5814735acf5690ea42578de3009d443f475b527 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 7852 x-xss-protection 1; mode=block last-modified Fri, 31 Mar 2023 19:48:33 GMT server cloudflare etag "64273911-1eac" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef5d93644fe-TXL
GET H3	200	052824-Blacksuit-blog-header-512x354@2x-512x354.png www.reliaquest.com/wp-content/uploads/2024/05/	102 KB 102 KB	257ms 257ms	Image image/png	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/uploads/2024/05/052824-Blacksuit-blog-header-512x354@2x-512x354.png Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4ef2b5a94dc1c773f64aa7ce1185515c81542ca881f84eb929fe21daaecba32b Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 104133 x-xss-protection 1; mode=block last-modified Tue, 28 May 2024 11:31:01 GMT server cloudflare etag "6655c075-196c5" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef5d93944fe-TXL
GET H3	200	avatar_user_49_1680192593-60x60.png www.reliaquest.com/wp-content/uploads/2023/03/	5 KB 5 KB	230ms 229ms	Image image/png	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://www.reliaquest.com/wp-content/uploads/2023/03/avatar_user_49_1680192593-60x60.png Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ea02b94e06bb17ed0ec54d4cd5731eb009178215258f8471198b591b583d60b8 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 4836 x-xss-protection 1; mode=block last-modified Fri, 31 Mar 2023 19:48:33 GMT server cloudflare etag "64273911-12e4" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2ef5d93b44fe-TXL
GET H2	200	gif.gif Show response ibc-flow.techtarget.com/a/	43 B 449 B	148ms 148ms	XHR image/gif	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1717034980768&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&version=2.4 Requested by Host: trk.techtarget.com URL: https://trk.techtarget.com/tracking.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers ibc_rate_tier 3089143 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT via 1.1 google x-guploader-uploadid ABPtcPrESdJP-K2SE7caac5gEm_BNqN5_Dx-ZN9aQWTTBF3oFc6-N4mKiaB-7fcuBoCGwT3_gLA x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 last-modified Thu, 08 Dec 2022 21:19:29 GMT server nginx/1.20.2 etag "fc94fb0c3ed8a8f909dbc7630a0987ff" vary Origin x-goog-generation 1670534369365034 content-type image/gif access-control-allow-origin * x-goog-hash crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w== cache-control public, max-age=3600 access-control-allow-methods GET, POST, OPTIONS x-goog-stored-content-length 43 accept-ranges bytes access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range expires Thu, 30 May 2024 03:09:41 GMT
OPTIONS H2	200	gif.gif ibc-flow.techtarget.com/a/ Frame	0 0	230ms 142ms	Preflight text/html	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1717034980768&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&version=2.4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash Request headers Accept */* Access-Control-Request-Headers ibc_rate_tier Access-Control-Request-Method GET Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Thu, 30 May 2024 02:09:40 GMT expires Thu, 30 May 2024 02:09:40 GMT server nginx/1.20.2 vary Origin via 1.1 google x-guploader-uploadid ABPtcPrJk18I_yqvLY5xQoWz9-4YhXnWYWWl8iX3aRZH_z9iOtBxtLqMAN3NM8ZidjxK2kYobHs
GET H2	200	9d89db09-be43-47ea-ad23-917183e7e184.js Show response j.6sc.co/j/	4 KB 2 KB	423ms 423ms	Script application/javascript	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/9d89db09-be43-47ea-ad23-917183e7e184.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id sxJBNdZM0KwPO0ekiHjaqh_8uY4ftINC content-encoding gzip date Thu, 30 May 2024 02:09:41 GMT x-amz-cf-pop FRA2-C2 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 1278 pragma no-cache last-modified Thu, 22 Jun 2023 20:33:18 GMT server AmazonS3 etag "b42798d5bff7ef62660f4db5bb3c6429" vary Accept-Encoding content-type application/javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes x-amz-cf-id -mk7_JiDVsUadDhSDDX1qbuUgDGgd8gME7ADYVjS9v6jPdn2mL3knw== expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	347 KB 110 KB	64ms 63ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a04d9481d479c06c407e0b00fcfc61cb169d3706239a3bab9be1d983f09be5fa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 112953 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 30 May 2024 02:09:40 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	131ms 39ms	Script text/javascript	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 30 May 2024 00:29:08 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 6032 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Thu, 30 May 2024 02:29:08 GMT
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	205ms 67ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Thu, 30 May 2024 02:09:40 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 1C27BEFF47A94855858AE108D855B632 Ref B: FRA31EDGE0705 Ref C: 2024-05-30T02:09:40Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	hotjar-2441060.js Show response static.hotjar.com/c/	15 KB 5 KB	159ms 79ms	Script application/javascript	18.66.192.39 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2441060.js?sv=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.192.39 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-39.muc50.r.cloudfront.net Software / Resource Hash 8acabd96307d4f928ebba68aa5faef2bb2a7d80896809c4a46aac2d311830adb Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=2592000; includeSubDomains content-encoding br x-content-type-options nosniff date Thu, 30 May 2024 02:09:40 GMT via 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P1 etag W/8ffdf0b32f222d7ef3dc39f36d1151f8 vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cache-control max-age=60 cross-origin-resource-policy cross-origin x-amz-cf-id Wvkl2NqTJW6fRUoHZqfI_ZzMaevfq3cS-bTNbBdPRxtKwYQdwcETzQ==
GET H2	200	uvut6nv3vzk9.js Show response js.driftt.com/include/1717035000000/	221 KB 62 KB	490ms 375ms	Script application/javascript	54.230.228.103 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1717035000000/uvut6nv3vzk9.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.230.228.103 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-103.muc50.r.cloudfront.net Software istio-envoy / Resource Hash ee507a80e7d618662cd5b3ed0d235a0ba26075f36a6d67ebc1c3dc987d74bb76 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT x-amz-version-id gj8VUVPkj2iLcF2YOdaIKxTq5sopP50v content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains via 1.1 b10eef4dff0375003ae9795596a9615c.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P5 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront x-envoy-upstream-service-time 45 last-modified Wed, 29 May 2024 21:05:08 GMT server istio-envoy etag W/"65bba957d488e1f8c16ac25653c94ff2" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id ghFnSRy8XuYwRYU16EjLTmF0JBRpY7WTsA2ft3bUao9Mw5uVl--1vw==
GET H/1.1	200 OK	up_loader.1.1.0.js Show response js.adsrvr.org/	12 KB 5 KB	129ms 40ms	Script application/x-javascript	18.172.103.101 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/up_loader.1.1.0.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.172.103.101 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-172-103-101.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 424ce4e99e7476fca8e9d27d6c15b60466ab7cf1c7d7c896e1c63f7cd6a818c8 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Wed, 29 May 2024 04:46:20 GMT Content-Encoding gzip Via 1.1 df64c46f895e81567061da0488368914.cloudfront.net (CloudFront) Last-Modified Tue, 28 May 2024 04:42:45 GMT Server AmazonS3 X-Amz-Cf-Pop FRA60-P8 Age 77001 x-amz-server-side-encryption AES256 ETag W/"a60a4e2650f94da6f243b9518761b381" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript X-Cache Hit from cloudfront Connection keep-alive X-Amz-Cf-Id B2G7hj4ZV27JXonsmVXZW0CivIepwNYE6Z_C8p23E8ilx6q5gWCz-w==
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	152ms 48ms	Script application/javascript	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Wed, 22 May 2024 17:01:28 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "16b7761205515ddc0668c12c434e8f00" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 12104
GET H2	200	heap-2502874633.js Show response cdn.heapanalytics.com/js/	116 KB 37 KB	296ms 199ms	Script application/javascript	18.173.154.74 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.heapanalytics.com/js/heap-2502874633.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.173.154.74 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-173-154-74.muc50.r.cloudfront.net Software nginx / Express Resource Hash a067ffc02e7155a17a4fc72deb1294a3a64a54cbab3b88d208f36930ac8a67a1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-encoding br via 1.1 106a2e3801afa4dfd5bd4bfaeb93d526.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains server nginx x-amz-cf-pop MUC50-P3 x-powered-by Express etag W/"1d12a-kb+fkmD+4uqWz4EfiOhewFhR18M" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript; charset=utf-8 cache-control public, max-age=120 alt-svc h3=":443"; ma=86400 x-amz-cf-id wy2cV7-mZcvZz9ZJHYhDqSa4r1693yPPLOxD7gADLcStHNH3zQVl5w==
GET H/1.1	200 OK	tag.js Show response abm-tracking.demandscience.com/	2 KB 2 KB	647ms 208ms	Script application/javascript	52.32.164.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://abm-tracking.demandscience.com/tag.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-32-164-86.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 30 May 2024 02:09:41 GMT Last-Modified Thu, 09 May 2024 12:00:49 GMT Server nginx/1.18.0 (Ubuntu) X-Powered-By Express ETag W/"82b-18f5d3a3d78" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 2091
GET H2	200	/ attr.ml-api.io/ Redirect Chain https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2251648426891217404	4 B 281 B	539ms 421ms	Image application/json	2600:9000:26db:b200:5:7a81:86c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2251648426891217404 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Server 2600:9000:26db:b200:5:7a81:86c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers date Thu, 30 May 2024 02:09:41 GMT via 1.1 fd4a06b35c482e680f7f3fd9baaa0090.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P3 x-cache Miss from cloudfront content-type application/json alt-svc h3=":443"; ma=86400 content-length 4 apigw-requestid Yj_r9iPKIAMEa7A= x-amz-cf-id HSVfPsID3j760QFSgbtECkvQkfr2WZE8ShPPFMQnaXtFgUSeeGIqXA== Redirect headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT an-x-request-uuid cd004446-5282-4116-abca-f8cd32abc8d7 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2251648426891217404 x-proxy-origin 80.255.7.107; 80.255.7.107; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 333 B	193ms 193ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://www.reliaquest.com/ sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 3E0629AF38EF4DF4B5E5FBA17FF25BE3 Ref B: FRAEDGE1121 Ref C: 2024-05-30T02:09:40Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 access-control-allow-origin https://www.reliaquest.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYZolwazj3h0RqgcRxqyQ==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	134ms 133ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A9%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H3	200	fa-brands-400.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/	107 KB 108 KB	45ms 45ms	Font application/octet-stream	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css Origin https://www.reliaquest.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:40 GMT strict-transport-security max-age=15780000 x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 347094 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 109808 last-modified Wed, 02 Aug 2023 21:01:56 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "64cac444-1acf0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdFmbTF8PhgivqGZ2qChbnRzUlN5yLOLDmwl%2Fkbrr7Up8KwxdzgAlBcOe4kK%2FUJ4WZCA2fqJWKneY04E38pmzCfXK4OXm6fUZ7ZQMaBfbwd6F0seLsHnIrrs9agK5vFtPsHNXBsj"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 88bb2ef6ba519b94-FRA expires Tue, 20 May 2025 02:09:40 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 256 B	139ms 46ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je45m0v871663715z872282274za200zb72282274&_p=1717034980551&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1509661079.1717034981&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1717034980&sct=1&seg=0&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debug_mode=true&tfd=1141 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.reliaquest.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 56 B	65ms 51ms	Ping text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-G6184BWDDN&cid=1509661079.1717034981&gtm=45je45m0v871663715z872282274za200zb72282274&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.reliaquest.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	97ms 49ms	Image image/gif	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-G6184BWDDN&cid=1509661079.1717034981&gtm=45je45m0v871663715z872282274za200zb72282274&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2032354160 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	i Show response scout.salesloft.com/	48 B 467 B	119ms 119ms	XHR application/json	54.164.216.159 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/i Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 54.164.216.159 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-164-216-159.compute-1.amazonaws.com Software / Resource Hash cedbe92a6cb1699d3d06b8d16094d555a692ed385f2940f5382c41ef35f88fb8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.reliaquest.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 48 x-request-id 87ed50823eaef9ba5663af7f441a687a
GET H2	200	modules.7b6d7646601d8cd7fb5f.js Show response script.hotjar.com/	222 KB 55 KB	124ms 44ms	Script application/javascript	54.230.228.64 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.7b6d7646601d8cd7fb5f.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2441060.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.230.228.64 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-64.muc50.r.cloudfront.net Software / Resource Hash 0f38a63a4786988c8739a89b8ce5e8599ddef3c3d283eff939be3008cbeef0f8 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 28 May 2024 12:31:06 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P5 age 135515 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 56114 last-modified Tue, 28 May 2024 12:30:49 GMT etag "ee291f5775291ceb078ff8007ea3aad3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id TxYRo1NOeJbUS9lqY9ceQ81dNHCFypbXiShVglqQvW9B85wMgVrieQ==
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_vref6ti7/	3 B 124 B	129ms 41ms	XHR application/json	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_vref6ti7/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-encoding gzip via 1.1 varnish content-type application/json access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes content-length 27
GET H2	200	t2_vref6ti7_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	148ms 53ms	XHR application/json	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_vref6ti7_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 98
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	118ms 39ms	Image image/gif	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1717034980994&id=t2_vref6ti7&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=daf41195-a743-481a-9227-2913cf8ebe6f&aaid=0000000000000000000000000000000000000000000000000000000000000001&em=0000000000000000000000000000000000000000000000000000000000000001&external_id=0000000000000000000000000000000000000000000000000000000000000001&idfa=0000000000000000000000000000000000000000000000000000000000000001&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc= Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 211 B	47ms 47ms	XHR text/plain	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2024161309&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&ul=de-de&de=UTF-8&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1511846739&gjid=1490524916&cid=1509661079.1717034981&tid=UA-10904891-3&_gid=88532785.1717034981&_r=1&_slc=1&gtm=45He45m0n71NPQTDRv72282274za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=1406165485 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.reliaquest.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	134470029.js Show response bat.bing.com/p/action/	4 KB 2 KB	62ms 62ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/134470029.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 04cebe711703810d543514fe8c16916db39d4036d60c25a8c21e0a90c9103a49 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Thu, 30 May 2024 02:09:40 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 73674A5347174214A9541F2743AFC48D Ref B: FRA31EDGE0705 Ref C: 2024-05-30T02:09:41Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=60
GET H2	204	0 bat.bing.com/action/	0 286 B	99ms 99ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=134470029&tm=gtm002&Ver=2&mid=28389af0-5e35-4309-b3dc-0e29b36646e3&sid=ac9f88a01e2911efaad219394564f225&vid=ac9f87e01e2911efa15deb1cf2009198&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&p=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&r=&lt=922&evt=pageLoad&sv=1&rn=157843 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 30 May 2024 02:09:40 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: CC8D7CD15E364DD3A6F8715E831E5E17 Ref B: FRA31EDGE0705 Ref C: 2024-05-30T02:09:41Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 351 B	152ms 49ms	XHR text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-10904891-3&cid=1509661079.1717034981&jid=1511846739&gjid=1490524916&_gid=88532785.1717034981&npa=1&_u=YADAAEAAAAAAACAAI~&z=1032555390 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.reliaquest.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	134470029 Show response www.clarity.ms/tag/uet/	828 B 1 KB	425ms 235ms	Script application/x-javascript	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/134470029?insights=1 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/134470029.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 41474c9e6f4cb3df284b5d63c10d9d001393767c234bfab441e3dd08a0307333 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Thu, 30 May 2024 02:09:41 GMT x-azure-ref 20240530T020941Z-164d49668c6wzjnbcfam28k3sg00000000wg000000005yq6 x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 828 request-context appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
GET H2	200	h heapanalytics.com/	37 B 261 B	368ms 120ms	Image image/gif	52.72.17.12 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://heapanalytics.com/h?a=2502874633&u=6202197527812874&v=3753400690642795&s=1919201045958427&b=web&tv=4.0&z=0&h=%2Fblog%2Fblacksuit-attack-analysis%2F&d=www.reliaquest.com&t=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&ts=1717034981151&ubv=125.0.6422.112&upv=10.0.0&st=1717034981153 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.72.17.12 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-72-17-12.compute-1.amazonaws.com Software nginx / Resource Hash bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT strict-transport-security max-age=31536000; includeSubDomains server nginx etag W/"25-4iFqfptz9csCeTUceM5hwzR1zqc" content-type image/gif cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate content-length 37
GET BLOB	200 OK	2ba13ecc-9930-4326-b602-01f3ab856287 https://www.reliaquest.com/	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL blob:https://www.reliaquest.com/2ba13ecc-9930-4326-b602-01f3ab856287 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Length 43 Content-Type image/gif
GET H2	204	2441060 Show response vc.hotjar.io/sessions/	0 233 B	182ms 74ms	XHR text/plain	54.230.228.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/2441060?s=0.25&r=0.12652835038662458 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.7b6d7646601d8cd7fb5f.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.230.228.126 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-126.muc50.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Thu, 30 May 2024 02:09:41 GMT cache-control no-store via 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P5 x-amz-cf-id uTDHEUNXo1QjfWmQU4c1hRf2BCHLjoUqWJBtpyVGNZUbkpSYXk8qkA== x-cache Miss from cloudfront
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	131ms 51ms	Image image/gif	172.217.18.4 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1509661079.1717034981&jid=1511846739&npa=1&_u=YADAAEAAAAAAACAAI~&z=263783382 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.18.4 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s22-in-f4.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	51ms 51ms	Image image/gif	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1509661079.1717034981&jid=1511846739&npa=1&_u=YADAAEAAAAAAACAAI~&z=263783382 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	getuidj Show response secure.adnxs.com/	11 B 701 B	147ms 56ms	XHR application/json	37.252.172.123 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT an-x-request-uuid b86be72a-8ab0-4c0d-9b0c-f354766e8b28 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type application/json; charset=utf-8 access-control-allow-origin https://www.reliaquest.com cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 80.255.7.107; 80.255.7.107; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 11 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 195 B	41ms 40ms	XHR text/html	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.reliaquest.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	135ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22609%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	135ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	134ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%225f27aa2807b5216b6b87511c46db116091ad7f0c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	134ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	135ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	130ms 129ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	129ms 129ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	135ms 135ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	134ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%229d89db09-be43-47ea-ad23-917183e7e184%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	130ms 130ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	137ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22610%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	134ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22611%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 195 B	79ms 39ms	XHR text/html	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.reliaquest.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	19 B 309 B	40ms 40ms	XHR text/html	2a02:26f0:480:23::1726:62a7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a0ae602e4b19bb4491ccba1bab200ae243fa876b70cefdd8894ae0111a788306 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT vary Origin content-type text/html access-control-allow-origin https://www.reliaquest.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:1338:92::9 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717034981271_388391911_58595097_19_978_41_0_219";dur=1 content-length 19 expires Thu, 30 May 2024 02:09:41 GMT
GET H2	200	details Show response epsilon.6sense.com/v3/company/	725 B 709 B	118ms 46ms	XHR application/json	13.248.142.121 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.248.142.121 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 Authorization Token 5f27aa2807b5216b6b87511c46db116091ad7f0c User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 X-6s-CustomID WebTag 9d89db09-be43-47ea-ad23-917183e7e184 Referer https://www.reliaquest.com/ sec-ch-ua-platform "Win32" Response headers x-trace-id 4575196315098776245 date Thu, 30 May 2024 02:09:41 GMT content-encoding gzip server nginx vary Origin, Accept-Encoding content-type application/json x-6si-region eu-central-1a access-control-allow-origin https://www.reliaquest.com access-control-expose-headers X-6si-Region access-control-allow-credentials true timing-allow-origin https://6sense.com, https://www.ssga.com content-length 387
OPTIONS H2	200	details epsilon.6sense.com/v3/company/ Frame	0 0	116ms 41ms	Preflight	13.248.142.121 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.248.142.121 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,x-6s-customid Access-Control-Request-Method GET Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization,x-6s-customid access-control-allow-methods OPTIONS,GET access-control-allow-origin https://www.reliaquest.com access-control-expose-headers X-6si-Region access-control-max-age 1800 date Thu, 30 May 2024 02:09:41 GMT server nginx timing-allow-origin https://6sense.com, https://www.ssga.com x-6si-region eu-central-1a x-trace-id 481110038979662815
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.32/	61 KB 26 KB	78ms 78ms	Script application/javascript	2620:1ec:bdf::45 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.32/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/134470029?insights=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:41 GMT content-encoding br last-modified Fri, 10 May 2024 17:30:20 GMT etag W/"0x8DC7116DE09E645" vary Accept-Encoding x-azure-ref 20240530T020941Z-164d49668c6wzjnbcfam28k3sg00000000wg000000005yqh content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id c75ddf5e-101e-0065-750a-aa809f000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
OPTIONS H2	200	site-visitors intentstream.contanuity.com/api/ Frame	0 0	625ms 205ms	Preflight	44.226.187.177 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest Protocol H2 Security TLS 1.3, , AES_128_GCM Server 44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-226-187-177.us-west-2.compute.amazonaws.com Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubdomains Request headers Accept */* Access-Control-Request-Headers x-pixel-auth Access-Control-Request-Method GET Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-headers Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth access-control-allow-methods GET access-control-allow-origin https://www.reliaquest.com access-control-expose-headers WWW-Authenticate,Server-Authorization access-control-max-age 86400 cache-control no-cache content-length 0 date Thu, 30 May 2024 02:08:49 GMT server nginx strict-transport-security max-age=15724800; includeSubdomains
GET H3	200	fp.min.js Show response cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/	33 KB 15 KB	39ms 39ms	Script application/javascript	151.101.193.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js Requested by Host: abm-tracking.demandscience.com URL: https://abm-tracking.demandscience.com/tag.js Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff content-encoding br age 16226 x-jsd-version 3.4.2 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 15023 x-served-by cache-fra-etou8220109-FRA x-jsd-version-type version etag W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H2	200	site-visitors Show response intentstream.contanuity.com/api/	137 B 397 B	208ms 208ms	Fetch application/json	44.226.187.177 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest Requested by Host: abm-tracking.demandscience.com URL: https://abm-tracking.demandscience.com/tag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-226-187-177.us-west-2.compute.amazonaws.com Software nginx / Resource Hash d8ea8f7424c4697ddc460bcb19dd53425fdfde2560dc12edc9fe25aa7a1f4cc5 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubdomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 x-pixel-auth true sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:08:49 GMT strict-transport-security max-age=15724800; includeSubdomains server nginx vary origin content-type application/json; charset=utf-8 access-control-allow-origin https://www.reliaquest.com access-control-expose-headers WWW-Authenticate,Server-Authorization cache-control no-cache accept-ranges bytes content-length 137
GET H3	200	collect www.google-analytics.com/	35 B 55 B	40ms 40ms	Image image/gif	142.250.186.46 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=2024161309&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&ul=de-de&de=UTF-8&dt=BlackSuit%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=1509661079.1717034981&tid=UA-10904891-3&_gid=88532785.1717034981&gtm=45He45m0n71NPQTDRv72282274za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&cd1=&cd2=&cd3=Germany&cd5=&cd7=&npa=1&z=1827870226 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Wed, 29 May 2024 15:04:08 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 39933 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	133ms 133ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A40%20GMT%22%2C%22timeSpent%22%3A%221033%22%2C%22totalTimeSpent%22%3A%221033%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:41 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:41 GMT
GET H/1.1	200 OK	https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F Show response abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/	2 B 665 B	212ms 212ms	Script application/json	52.32.164.86 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F?visitorId=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737&&clientId=DS&&cookieEnabled=true Requested by Host: abm-tracking.demandscience.com URL: https://abm-tracking.demandscience.com/tag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-32-164-86.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Thu, 30 May 2024 02:09:41 GMT Server nginx/1.18.0 (Ubuntu) X-Powered-By Express ETag W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8" Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, DELETE Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept, Authorization Content-Length 2 Expires -1
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 298 B	632ms 388ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/x-clarity-gzip Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.reliaquest.com Date Thu, 30 May 2024 02:09:42 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
GET H/1.1	200 OK	tracking Show response tracking.contanuity.com/	2 B 762 B	644ms 214ms	Script application/json	54.203.236.163 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tracking.contanuity.com/tracking?visitorId=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737&&clientId=DS&&cookieEnabled=true Requested by Host: abm-tracking.demandscience.com URL: https://abm-tracking.demandscience.com/tag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-203-236-163.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Thu, 30 May 2024 02:09:42 GMT Server nginx/1.18.0 (Ubuntu) X-Powered-By Express ETag W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8" Access-Control-Allow-Methods GET, POST, OPTIONS, PUT, PATCH, DELETE Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept, Authorization Content-Length 2 Expires -1
GET H3	200	gtm.js Show response www.googletagmanager.com/	174 KB 63 KB	56ms 55ms	Script application/javascript	142.250.181.232 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-KFM7P3KL Requested by Host: abm-tracking.demandscience.com URL: https://abm-tracking.demandscience.com/tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.232 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f8.1e100.net Software Google Tag Manager / Resource Hash c3cface6aa0bb047c3c0ab327ef9672c3056852b741fb0db690e5b8478411c8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:42 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 64541 x-xss-protection 0 last-modified Thu, 30 May 2024 00:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 30 May 2024 02:09:42 GMT
GET		usersync tracking.contanuity.com/ Redirect Chain https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737 https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=1e0fa2d6fd5bcdfc550600eaa66735d4_1717034981737&_bee_ppp=1 https://tracking.contanuity.com/usersync?bwcookie=AAHdRk7Mr8AAABg3Eborog	0 0
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	134ms 134ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222034%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:42 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:42 GMT
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 298 B	127ms 127ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/x-clarity-gzip Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.reliaquest.com Date Thu, 30 May 2024 02:09:43 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
GET H2	200	core js.driftt.com/ Frame 7F98	0 0	424ms 347ms	Document text/html	54.230.228.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=545a1fa5-e6c2-400f-890d-7602efad31d6&sessionStarted=1717034983.086&campaignRefreshToken=519ee157-b2cb-4db9-9662-6c76c65da8cd&hideController=false&pageLoadStartTime=1717034980119&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717035000000/uvut6nv3vzk9.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.230.228.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-32.muc50.r.cloudfront.net Software istio-envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Thu, 30 May 2024 02:09:43 GMT etag W/"f2bf0bf9df23e696cf900342501cd378" last-modified Wed, 29 May 2024 21:04:57 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront) x-amz-cf-id dzITMqKJzWcOOvj1yra_eu1fa1fuKHMn8GMI1e7OfxWML6ZvbxwrFw== x-amz-cf-pop MUC50-P5 x-amz-server-side-encryption AES256 x-amz-version-id KuthLKIRYonDWV_xytcyjnS1HaC8r5WQ x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 22
GET H2	200	chat js.driftt.com/core/ Frame B65B	0 0	435ms 359ms	Document text/html	54.230.228.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1717034980119 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717035000000/uvut6nv3vzk9.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.230.228.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-228-32.muc50.r.cloudfront.net Software istio-envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Thu, 30 May 2024 02:09:43 GMT etag W/"f2bf0bf9df23e696cf900342501cd378" last-modified Wed, 29 May 2024 21:04:57 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront) x-amz-cf-id VJ_9gDAk-_4UABs99DUwhLZBlvI1x7lGiPRPE3BkGf5H5yBkCuHIfw== x-amz-cf-pop MUC50-P5 x-amz-server-side-encryption AES256 x-amz-version-id KuthLKIRYonDWV_xytcyjnS1HaC8r5WQ x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 28
GET H3	200	zi-tag.js Show response js.zi-scripts.com/	9 KB 3 KB	444ms 399ms	Script application/javascript	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/zi-tag.js Requested by Host: www.reliaquest.com URL: https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:43 GMT x-amz-version-id 4TVPkf0eH3kVl0Vjj3KPZI_FUiecs6et content-encoding gzip cf-cache-status DYNAMIC via 1.1 a562ca83738058b5cb3c4586dbd6afa6.cloudfront.net (CloudFront) x-amz-cf-pop BAH53-C1 age 42458 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Wed, 15 May 2024 06:37:27 GMT server cloudflare etag W/"5c7228fc2640a4dfce48217428980fe3" vary Accept-Encoding content-type application/javascript cf-ray 88bb2f04c9d96a77-TXL x-amz-cf-id CN9tEVjkQLRn7xDPnhdiNQc2CtjvVnYdmSIUEB7g-DxuKF87eyPAkA==
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&RedC=c.clarity.ms&MXFR=0C0ECE45ECB866591ECCDACAE8B86840 https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&MUID=2B1A15A2B06563372D00012DB1C9622B	42 B 441 B	60ms 60ms	Image image/gif	68.219.88.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&MUID=2B1A15A2B06563372D00012DB1C9622B Protocol H2 Server 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers pragma no-cache date Thu, 30 May 2024 02:09:43 GMT last-modified Fri, 01 Mar 2024 22:54:48 GMT server Microsoft-IIS/10.0 etag "3e26b762b6cda1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Thu, 30 May 2024 02:09:42 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 4E572065D0BD44D2B2ABE77AB35388AA Ref B: FRA31EDGE0705 Ref C: 2024-05-30T02:09:43Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=508714B8C60D4F14936777E0614A42B6&MUID=2B1A15A2B06563372D00012DB1C9622B cache-control private, no-cache, proxy-revalidate, no-store content-length 0
GET H2	200	up insight.adsrvr.org/track/ Frame D85E	0 0	169ms 55ms	Document text/html	35.71.131.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://insight.adsrvr.org/track/up?adv=e1vlmxc&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&upid=nzz4w81&upv=1.1.0 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/up_loader.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.131.137 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software Kestrel / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.reliaquest.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-length 0 content-type text/html date Thu, 30 May 2024 02:09:43 GMT server Kestrel
GET H3	200	a www.googletagmanager.com/	0 11 B	46ms 46ms	Image text/html	142.250.181.232 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?v=3&t=l&pid=1225549613&rv=45m0&u=AAAAAAAIAAAAACA&ut=AgAAAQ&h=Ag&gtm=45je45m0v871663715za200zb72282274&ccid=71663715&cid=G-G6184BWDDN&l=L741.S28.B25.E2197.I814.EC7.TC30.HTC0~gtm.init.S0.V0.E33.TS5ogtgasend.TI108.TE0.TS5ogtcrossdomain.TI110.TE1.TS5ogtipmark.TI111.TE0.TS5ogtreferralexclusion.TI112.TE2.TS5ogtsessiontimeout.TI113.TE0.TS5ogt1pdatav2.TI114.TE1.TS5ccdgalast.TI115.TE0.TS5ccdautoredact.TI116.TE0.TS5ogteventcreate.TI117.TE0.TS5ogteventcreate.TI118.TE0.TS5ogteventcreate.TI119.TE0.TS5ogteventcreate.TI120.TE0.TS5ogteventcreate.TI121.TE0.TS5ogteventcreate.TI122.TE0.TS5ogteventcreate.TI123.TE0.TS5ogteventcreate.TI124.TE0.TS5ccdconversionmarking.TI125.TE0.TS5ccdemvideo.TI126.TE0.TS5ccdemsitesearch.TI127.TE0.TS5ccdemscroll.TI128.TE0.TS5ccdempageview.TI129.TE0.TS5ccdemoutboundclick.TI130.TE0.TS5ccdemform.TI131.TE0.TS5ccdemdownload.TI132.TE0.TS5ccdgaregscope.TI133.TE0.TS5ogtgooglesignals.TI134.TE0.TS5ccdgaadslink.TI135.TE0.TS5setproductsettings.TI136.TE0.TS5ccdgafirst.TI137.TE0~gtm.js.S0.V0.E20.TS5gct.TI105.TE0~gtm.dom.S0.V0.E8~*.S0.V0.E8~*.S0.V0.E5~gtm.load.S0.V0.E5~gtm.init_consent.S0.V0.E27~GA400.1120 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.181.232 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f8.1e100.net Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:43 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	getSubscriptions Show response js.zi-scripts.com/unified/v1/master/	199 B 555 B	817ms 817ms	Fetch application/json	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 06f7a57fe8d14b07151fdb8a489a0bf38445ed2ca214d6a2688139b2c9e489d3 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 Authorization Bearer 28bfd1c1ea1670271003 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.reliaquest.com/ visited_url https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Response headers date Thu, 30 May 2024 02:09:45 GMT via 1.1 4bc06bdfac9dee58bb5e9f5217e5dbaa.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status DYNAMIC x-amz-cf-pop BAH53-C1 x-powered-by Express x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 apigw-requestid Yj_sdiDmPHcESsQ= server cloudflare etag W/"c7-MMCzvX8qjMkB4fbTUtO2KBiD5gs" content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cf-ray 88bb2f0c9c1a6a77-TXL x-amz-cf-id TubU5gjwLsEdBszIXLh3762BiOre2PsA1gHKTYJdLJH_5-wpFQ9S0g==
OPTIONS H3	204	getSubscriptions js.zi-scripts.com/unified/v1/master/ Frame	0 0	848ms 815ms	Preflight	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type,visited_url Access-Control-Request-Method GET Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-headers * access-control-allow-methods * access-control-allow-origin * access-control-max-age 0 alt-svc h3=":443"; ma=86400 apigw-requestid Yj_sVhwKvHcEPVA= cf-cache-status DYNAMIC cf-ray 88bb2f078db06a77-TXL date Thu, 30 May 2024 02:09:44 GMT server cloudflare vary Access-Control-Request-Headers via 1.1 4bc06bdfac9dee58bb5e9f5217e5dbaa.cloudfront.net (CloudFront) x-amz-cf-id 1g7qs6ZYt9mVPxncCWbr3sAvIwHeR41D1h-KE7tpsARFV1aDIeFB4Q== x-amz-cf-pop BAH53-C1 x-cache Miss from cloudfront x-powered-by Express
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	130ms 130ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A42%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223034%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:43 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:43 GMT
GET H3	200	favicon-RGB-50x50.png www.reliaquest.com/wp-content/uploads/	653 B 884 B	253ms 252ms	Other image/png	141.193.213.20 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Full URL https://www.reliaquest.com/wp-content/uploads/favicon-RGB-50x50.png Protocol H3 Security QUIC, , AES_128_GCM Server 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 09ab21885d17e7aa5e86a8b8ed1afa1a63530750808748b3bbee7b2e3c7622b4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=63072000; includeSubDomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:44 GMT content-security-policy upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; cf-cache-status EXPIRED alt-svc h3=":443"; ma=86400 content-length 653 x-xss-protection 1; mode=block last-modified Tue, 22 Aug 2023 20:52:20 GMT server cloudflare etag "64e52004-28d" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88bb2f093bd344fe-TXL
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	130ms 130ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A43%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224034%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:44 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:44 GMT
POST H/1.1	204 No Content	collect Show response w.clarity.ms/	0 298 B	123ms 123ms	XHR text/plain	23.96.124.156 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://w.clarity.ms/collect Requested by Host: www.clarity.ms URL: https://www.clarity.ms/s/0.7.32/clarity.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/x-clarity-gzip Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.reliaquest.com Date Thu, 30 May 2024 02:09:45 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
OPTIONS H3	200	/ ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ Frame	0 0	294ms 259ms	Preflight text/html	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers _vtok,_zitok,content-type,visited-url Access-Control-Request-Method GET Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url access-control-allow-origin https://www.reliaquest.com allow GET,HEAD alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 88bb2f11fcc7453a-TXL content-encoding gzip content-type text/html; charset=utf-8 date Thu, 30 May 2024 02:09:45 GMT server cloudflare via 1.1 google x-content-type-options nosniff x-powered-by Express x-robots-tag noindex, nofollow
GET H3	200	formcomplete.js Show response ws-assets.zoominfo.com/	90 KB 27 KB	137ms 93ms	Script application/javascript	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws-assets.zoominfo.com/formcomplete.js Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:45 GMT content-encoding gzip cf-cache-status DYNAMIC age 2791 x-guploader-uploadid ABPtcPoEmqZBT_tFwraEO28M9hCzNnNNCSIZFdLA-EFRLc-GI3gpnJBkuSWknHfktHmBuLPReAU x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400 last-modified Thu, 16 May 2024 10:14:37 GMT server cloudflare etag W/"006455bd44ed289ddcc403d0ecd96ab0" x-goog-hash crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA== x-goog-generation 1715854477710382 content-type application/javascript cache-control public, max-age=3600 x-goog-stored-content-length 91778 cf-ray 88bb2f120e504528-TXL expires Thu, 30 May 2024 02:23:14 GMT
GET H3	404	/ Show response ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/	47 B 396 B	297ms 264ms	Fetch	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/javascript visited-url https://www.reliaquest.com/blog/blacksuit-attack-analysis/ Referer https://www.reliaquest.com/blog/blacksuit-attack-analysis/ _vtok ODAuMjU1LjcuMTA3 _zitok 5c188cd7485455d38f861717034985 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:45 GMT via 1.1 google x-content-type-options nosniff cf-cache-status DYNAMIC server cloudflare x-powered-by Express access-control-allow-origin https://www.reliaquest.com access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url content-length 47 cf-ray 88bb2f13c8cf4522-TXL alt-svc h3=":443"; ma=86400
OPTIONS H3	200	forms ws.zoominfo.com/formcomplete-v2/ Frame	0 0	279ms 279ms	Preflight text/html	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/formcomplete-v2/forms Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://www.reliaquest.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok access-control-allow-origin https://www.reliaquest.com allow POST alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 88bb2f12ddbb453a-TXL content-encoding gzip content-type text/html; charset=utf-8 date Thu, 30 May 2024 02:09:45 GMT server cloudflare via 1.1 google x-content-type-options nosniff x-powered-by Express x-robots-tag noindex, nofollow
POST H3	200	forms Show response ws.zoominfo.com/formcomplete-v2/	1 KB 861 B	234ms 234ms	Fetch application/json	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/formcomplete-v2/forms Requested by Host: ws-assets.zoominfo.com URL: https://ws-assets.zoominfo.com/formcomplete.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 44cc05657b3b4d888ed0c123999fa4e1eb40c8c90a18657abfbe8581c2512bb0 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 Authorization bearer 8ad2d798eb60be1b73f09dfc94ae0d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.reliaquest.com/ sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 02:09:45 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google x-powered-by Express alt-svc h3=":443"; ma=86400 server cloudflare etag W/"4d8-AANf4JqcOkI6V97LV45UwzPmND4" vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin https://www.reliaquest.com access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok cf-ray 88bb2f149a754522-TXL
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	134ms 133ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=21095172-1409-49a4-8b33-2d4a1fec680d&session=17875488-5cbd-4fc3-890f-dd5c294e6bc5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2030%20May%202024%2002%3A09%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225035%22%7D&isIframe=false&m=%7B%22description%22%3A%22April%202024%2C%20a%20ReliaQuest%20analysis%20revealed%20BlackSuit%20ransomware%27s%20tactics%2C%20from%20Kerberoasting%20to%20data%20exfiltration%2C%20targeting%20critical%20US%20sectors%20since%20May%202023.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackSuit%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fblacksuit-attack-analysis%2F&pageViewId=f03f4d0d-cab1-459e-81b4-8432490c328d&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.reliaquest.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 30 May 2024 02:09:45 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 30 May 2024 02:09:45 GMT
GET BLOB	200 OK	9506ffb9-244f-45aa-b7f7-6cbb040ccea4 Show response https://www.reliaquest.com/	47 B 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.reliaquest.com/9506ffb9-244f-45aa-b7f7-6cbb040ccea4 Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Length 47 Content-Type text/javascript

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

kdl.keywee.co

URL

https://kdl.keywee.co/www.reliaquest.com/_blog_blacksuit-attack-analysis_.js

Domain

tracking.contanuity.com

URL

https://tracking.contanuity.com/usersync?bwcookie=AAHdRk7Mr8AAABg3Eborog