www.recordedfuture.com Open in urlscan Pro
104.18.35.90 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Submission: On October 07 via api (October 7th 2024, 12:52:36 pm UTC) from IN — Scanned from DE

Summary HTTP 106 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 24 domains to perform 106 HTTP transactions. The main IP is 104.18.35.90, located in and belongs to CLOUDFLARENET, US. The main domain is www.recordedfuture.com. The Cisco Umbrella rank of the primary domain is 407422.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on February 7th 2024. Valid for: a year.

This is the only time www.recordedfuture.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 49	104.18.35.90 104.18.35.90	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
10	23.53.42.251 23.53.42.251	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.52.157 146.75.52.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:272... 2600:9000:2724:1a00:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.16.138.209 104.16.138.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.157.122.248 18.157.122.248	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.186.168 142.250.186.168	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8d11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:480... 2a02:26f0:480:22::1726:62ce	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.60.103.254 199.60.103.254	() ()
106	32

49 104.18.35.90 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.53.42.251 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-251.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.52.157 (Milan, Italy)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2724:1a00:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.138.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.157.122.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-122-248.eu-central-1.compute.amazonaws.com

recordedfuture.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8d11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.82 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:22::1726:62ce (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.231.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.60.103.254 (None, )

ASN- ()

go.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	recordedfuture.com 1 redirects www.recordedfuture.com — Cisco Umbrella Rank: 407422 cms.recordedfuture.com — Cisco Umbrella Rank: 458257 go.recordedfuture.com	2 MB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 b.6sc.co — Cisco Umbrella Rank: 3611 eps.6sc.co — Cisco Umbrella Rank: 11869	29 KB
8	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2896	156 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3554 track.hubspot.com — Cisco Umbrella Rank: 2324 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687 forms.hubspot.com — Cisco Umbrella Rank: 5962	29 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	3 KB
4	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 16929 recordedfuture.matomo.cloud — Cisco Umbrella Rank: 567154	130 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	311 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	76 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 927	17 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3796	905 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 479	704 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	19 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5740	92 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 962	393 B
1	t.co t.co — Cisco Umbrella Rank: 859	627 B
1	google.de www.google.de — Cisco Umbrella Rank: 11271	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	559 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4401
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2500	882 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 412	31 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 960	15 KB
106	24

	Domain	Requested by
43	www.recordedfuture.com	1 redirects www.recordedfuture.com
8	dev.visualwebsiteoptimizer.com	www.recordedfuture.com
7	b.6sc.co
6	cms.recordedfuture.com	www.recordedfuture.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	www.googletagmanager.com	www.recordedfuture.com www.googletagmanager.com
2	eps.6sc.co	j.6sc.co
2	track.hubspot.com
2	www.facebook.com
2	recordedfuture.matomo.cloud	cdn.matomo.cloud
2	cdn.matomo.cloud	www.recordedfuture.com
2	connect.facebook.net	www.recordedfuture.com connect.facebook.net
2	ssl.google-analytics.com	www.recordedfuture.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
1	go.recordedfuture.com
1	perf-na1.hsforms.com
1	forms.hubspot.com	js.hsleadflows.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	analytics.twitter.com
1	t.co
1	www.google.de
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com
1	js.hs-scripts.com	www.googletagmanager.com
1	ajax.googleapis.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
106	35

This site contains links to these domains. Also see Links.

Domain
app.recordedfuture.com
go.recordedfuture.com
www.youtube.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
*.recordedfuture.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
upload.video.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-16` - `2024-10-14`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M02	`2024-09-25` - `2025-10-23`	a year	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.matomo.cloud Amazon RSA 2048 M02	`2024-05-21` - `2025-06-19`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.google.de WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-30` - `2025-09-29`	a year	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
hsleadflows.net WE1	`2024-09-29` - `2024-12-28`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
eps.6sc.co Amazon RSA 2048 M02	`2024-08-29` - `2025-09-27`	a year	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
go.recordedfuture.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Frame ID: 8AE4F268F42086561C3B4E606BF5B0EC
Requests: 104 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Error Page | Recorded Future

Page URL History Show full URLs

https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/ HTTP 308
https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

106
Requests

98 %
HTTPS

52 %
IPv6

24
Domains

35
Subdomains

32
IPs

5
Countries

3191 kB
Transfer

8101 kB
Size

34
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://app.recordedfuture.com/live/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo?utm_campaign=demo-button-2023-top-nav-bar&utm_source=recordedfuture&utm_medium=website&utm_content=20231003&utm_term=website
Title: Get a demo

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/cyber-daily?utm_campaign=rf-404-page-cyber-daily&utm_source=recordedfuture&utm_medium=website&utm_content=rf-404-page-cyber-daily&utm_term=rf-404-page-cyber-daily
Title: Subscribe to Cyber DailyStay updated with the latest cybersecurity news and research insights.Subscribe to Cyber Daily

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo?utm_campaign=rf-404-page-demo-cta&utm_source=recordedfuture&utm_medium=website&utm_content=rf-404-page-demo-cta&utm_term=rf-404-page-demo-cta
Title: Request a Demo Request a Demo

Search URL Search Domain Scan URL

URL: https://go.recordedfuture.com/demo
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://twitter.com/RecordedFuture

Search URL Search Domain Scan URL

URL: https://www.instagram.com/recordedfuture/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/ HTTP 308
https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2&e_ipv6=AQLdhvQGtrK1BQAAAZJnCdXpgCOV4wIQoOhMeuHMTXjmlozNf-F-OPHAN2A7HOw_IA

106 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request chinese-group-calypso-exploiting-microsoft-exchange Show response
www.recordedfuture.com/
Redirect Chain

https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/
https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

105 KB
16 KB

221ms
221ms

Document
text/html

104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

93411a2690b52b44a288932d7871219bfcd365cab8ba767d1234e8bb90b1ff5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: s-maxage=30, stale-while-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8cee073c7cb71e56-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 12:52:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
traceresponse: 00-17fc2cbca58d4eda707051222bbd5389-9d60c3856b42a0f8-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-nextjs-cache: HIT
x-powered-by: Next.js

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 8cee073ada881e56-FRA
content-length: 52
content-type: text/plain; charset=utf-8
date: Mon, 07 Oct 2024 12:52:25 GMT
location: /chinese-group-calypso-exploiting-microsoft-exchange
refresh: 0;url=/chinese-group-calypso-exploiting-microsoft-exchange
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
traceresponse: 00-17fc2cbc95e63f8642ca3b3bd0eccca6-d3ce3b5fc625bb81-01
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4 i-72f68d9e5fc844fb8d11227fc18ff9f4

GET
H2 200 brand_logo_long_black_f2ead5b5c6.svg
cms.recordedfuture.com/uploads/ 4 KB
1 KB 313ms
87ms Image
image/svg+xml 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/brand_logo_long_black_f2ead5b5c6.svg?w=640

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d0ca87959e23cb77cff2f1d7fe2337ecc770de12b1d20762373321d7d287183

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6229d4fa-eab"
age: 224
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:53:42 GMT
traceresponse: 00-17fbd9b07c4d923ccda1f82ef725f3fa-d0cdef3527652766-01
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Mar 2022 10:37:46 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee07411b461e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 fonts.css
www.recordedfuture.com/fonts/ 1 KB
379 B 176ms
175ms Stylesheet
text/css 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/fonts/fonts.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

712a64e252b8b2276803abea9f4ec37e39bc91a63c34159f311b690f988c3a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"416-19266ace1b8"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbcc2cf97beb7ae425af587ec13-6ba4c3fe39759e5c-01
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Mon, 07 Oct 2024 11:10:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=0
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee073f89591e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
content-length: 208
server: cloudflare

GET
H2 200 dcb2301ce8f93234.css
www.recordedfuture.com/_next/static/css/ 69 KB
15 KB 127ms
126ms Stylesheet
text/css 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47ff98a1962e172bf408a4878244aa29b759659aeb49278eced504b297949316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-bgj: minify
etag: W/"114f3-19257531ab0"
age: 263496
cf-cache-status: HIT
x-content-type-options: nosniff
traceresponse: 00-17fb3d16c32578fbf640c3934f43c78d-d03dabb2229db89b-01
cf-polished: origSize=70899
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:37 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee073f895d1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 1a6394c91d198e5b.css
www.recordedfuture.com/_next/static/css/ 25 KB
6 KB 137ms
137ms Stylesheet
text/css 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/1a6394c91d198e5b.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb675729c9065818c208dd27f067e0c3b1772918af3166d4992beea43041c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-bgj: minify
etag: W/"62b7-191e19bf264"
age: 1534818
cf-cache-status: HIT
x-content-type-options: nosniff
traceresponse: 00-17f466de82c1f1ecd9a76b1c0fbbd061-cf367def84a00457-01
cf-polished: origSize=25271
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 11 Sep 2024 15:02:59 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-served-by: cache-fra-eddf8230112-FRA
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee073f895e1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 webpack-d5ccf4b164b72d16.js Show response
www.recordedfuture.com/_next/static/chunks/ 5 KB
2 KB 87ms
85ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/webpack-d5ccf4b164b72d16.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcd4c5fe2248fe1b7668411b46db4b6481525f02524c73a5037f0deaaed7b37c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1578-19257531a5b"
age: 263486
x-content-type-options: nosniff
traceresponse: 00-17fb3d194bc810b14abd11fe1bc3c3f1-c78e1ff0c5c5844a-01
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:37 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee07432dac1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
accept-ranges: bytes
content-length: 2274
server: cloudflare

GET
H2 200 framework-467b11a89995b152.js Show response
www.recordedfuture.com/_next/static/chunks/ 138 KB
45 KB 97ms
96ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/framework-467b11a89995b152.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d9ec892dee44ec1c6a5778b93c71fbb4357b8dc8e00ba61eb7baeb6b0af79fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"2270d-18fe8783003"
age: 8897428
x-content-type-options: nosniff
traceresponse: 00-17d6819ab902f4300ec2ca52763e2771-cc42ed1f611d9f10-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 05 Jun 2024 12:55:41 GMT
x-served-by: cache-fra-eddf8230157-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee07432dae1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
content-length: 45457
server: cloudflare

GET
H2 200 main-75bdb96a41ba80f4.js Show response
www.recordedfuture.com/_next/static/chunks/ 113 KB
32 KB 194ms
25ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a556b35758f8a2ade1b662eeec7a45a4739325de831c2eca6cbe1171fbc6bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1c3b0-1922eb4e51e"
age: 542326
x-content-type-options: nosniff
traceresponse: 00-17fa3f7ed2749c39782fe06811c5fa1a-8d4a3e2f464a275c-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 14:21:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf691e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
server: cloudflare

GET
H2 200 _app-7dce919248be9c19.js Show response
www.recordedfuture.com/_next/static/chunks/pages/ 129 KB
40 KB 249ms
80ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/_app-7dce919248be9c19.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c75f8c06d78926e0624b04af9e6d0fb3339cb4b52ff00034661ca8f0c29d81c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"20521-190a6c879a6"
age: 7520436
x-content-type-options: nosniff
traceresponse: 00-17e174ee0b77c515ca0accee99e116e1-b370aaeb5b9179fe-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 12 Jul 2024 11:51:14 GMT
x-served-by: cache-fra-eddf8230079-FRA
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0744bf6a1e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
content-length: 40876
server: cloudflare

GET
H2 200 769-f95d08d81b193fa5.js Show response
www.recordedfuture.com/_next/static/chunks/ 262 KB
77 KB 194ms
25ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/769-f95d08d81b193fa5.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43f20d0a51f32376a232ae9fbc41e803d09610000eacfe5b851bc46e191be5ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"419c1-1922eb4e4cb"
age: 575126
x-content-type-options: nosniff
traceresponse: 00-17fa21aa10e2b841be963a4e54027f30-5be71385a82d51b3-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 14:20:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf6d1e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
server: cloudflare

GET
H2 200 129-82bd73d6c6af04c1.js Show response
www.recordedfuture.com/_next/static/chunks/ 37 KB
12 KB 254ms
85ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/129-82bd73d6c6af04c1.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dd46059902b99d86c42588668824486114180f5e1c385cb504a23e53b2d7bef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"958c-19126a298c1"
age: 5375389
x-content-type-options: nosniff
traceresponse: 00-17e913cc9d33c328b5f5c2a7b36f1452-486b2f76759f7f69-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 06 Aug 2024 07:41:15 GMT
x-served-by: cache-fra-eddf8230149-FRA
x-cache-hits: 1
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0744bf6e1e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
content-length: 11656
server: cloudflare

GET
H2 200 911-ff01f8a62625f045.js Show response
www.recordedfuture.com/_next/static/chunks/ 55 KB
19 KB 260ms
91ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/911-ff01f8a62625f045.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8af77a655a0e1ecfd86c2a3aaf8f3492ed33e1a358be8f4bb0d1794db79aa4fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ddd2-18fce75f480"
age: 8903036
x-content-type-options: nosniff
traceresponse: 00-17d5bca39ded00001e5b95db40da2f10-1633ecf1e18f2847-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 31 May 2024 11:43:07 GMT
x-served-by: cache-fra-eddf8230085-FRA
x-cache-hits: 2
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0744bf6f1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
accept-ranges: bytes
content-length: 18806
server: cloudflare

GET
H2 200 81-2528521366cfa8f4.js Show response
www.recordedfuture.com/_next/static/chunks/ 11 KB
5 KB 259ms
90ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/81-2528521366cfa8f4.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd0aa2edbf70120a3664d67d62c7be974905b21305d74bf06b58d4570bb81dc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"2cc8-190545adb72"
age: 8903383
x-content-type-options: nosniff
traceresponse: 00-17dc8b2886c947fedb173a5b0477a592-da85c986cc3dfab8-01
x-cache: MISS
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 26 Jun 2024 11:42:38 GMT
x-served-by: cache-fra-eddf8230082-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0744bf701e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
accept-ranges: bytes
content-length: 4641
server: cloudflare

GET
H2 200 488-ff8e7f65c07fdefb.js Show response
www.recordedfuture.com/_next/static/chunks/ 19 KB
5 KB 246ms
91ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/488-ff8e7f65c07fdefb.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bcb0fc9204904e818d65cb8e6178f4f27a73d5da5fcbefb6dd20d4977465786

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"4d66-19257531781"
age: 263493
x-content-type-options: nosniff
traceresponse: 00-17fb3d17d5466c4ed9100cca5cdc04b9-ef837c318d256e6e-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf721e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
server: cloudflare

GET
H2 200 398-38da39585391f140.js Show response
www.recordedfuture.com/_next/static/chunks/ 196 KB
50 KB 240ms
85ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/398-38da39585391f140.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a2ced70daa935dd1fc2d8bc665a35044729ee6684edf3b0cc35ddbdcbdbe2d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3107c-19257531772"
age: 263495
x-content-type-options: nosniff
traceresponse: 00-17fb3d1752f2aae42260eca1c1d1a0b2-330f5744d8a03436-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf731e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
server: cloudflare

GET
H2 200 267-fa0dc1740bfabc59.js Show response
www.recordedfuture.com/_next/static/chunks/ 48 KB
12 KB 245ms
90ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/267-fa0dc1740bfabc59.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2d02d5f5b95c51c99da75486561f118d1945d1c5bdff3166cd68f89f42241ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"c11f-1922eb4e49c"
age: 541667
x-content-type-options: nosniff
traceresponse: 00-17fa4018486859529b2ecccf0936abda-7dcb4f8302279fcd-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 26 Sep 2024 14:20:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf741e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 96-ec48c74760f41115.js Show response
www.recordedfuture.com/_next/static/chunks/ 202 KB
43 KB 246ms
91ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/96-ec48c74760f41115.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

783216a157bd808ef48ba34b2830f7a2fe23585a4d610dc4cd4b857a162fb208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"329b8-1926627ba4e"
age: 14617
x-content-type-options: nosniff
traceresponse: 00-17fc1f71cc7d1ac016f025b5d37d18e8-123e9e4b2a0f0d8e-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 07 Oct 2024 08:45:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744bf751e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
server: cloudflare

GET
H2 200 _error-4d12a698c7149cc4.js Show response
www.recordedfuture.com/_next/static/chunks/pages/ 4 KB
2 KB 279ms
125ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/_error-4d12a698c7149cc4.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

868952679c13a0031de5eaaeb29ccfd79758da60f973c2d55ddd1cac93c1907e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1073-1926627baac"
age: 13382
x-content-type-options: nosniff
traceresponse: 00-17fc209147c6627e98f3651fb78c4b98-3d8aaad0e28c21ad-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 07 Oct 2024 08:45:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744df9a1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
server: cloudflare

GET
H2 200 _buildManifest.js Show response
www.recordedfuture.com/_next/static/RaERMpS7CDfl03UgKUq4l/ 3 KB
1 KB 279ms
125ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/RaERMpS7CDfl03UgKUq4l/_buildManifest.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f581b363d05fc339b45b6325008324982bfddefed536ecf1bf31107613ba4677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"d10-19266b2a228"
age: 5656
x-content-type-options: nosniff
traceresponse: 00-17fc27980868739a22017f0616d14bff-ea0fd32fdae5ae10-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 07 Oct 2024 11:17:15 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744df9e1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 _ssgManifest.js Show response
www.recordedfuture.com/_next/static/RaERMpS7CDfl03UgKUq4l/ 253 B
314 B 277ms
124ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/RaERMpS7CDfl03UgKUq4l/_ssgManifest.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6ffffdf9d96a960659b14bf150c51f63171ee71811e0f2484731c042475f26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"fd-19266b2a238"
age: 5656
x-content-type-options: nosniff
traceresponse: 00-17fc279808a5178a517d135b8532f555-2144dc64d6ac84a6-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 07 Oct 2024 11:17:15 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee0744df9f1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
server: cloudflare

GET
H2 200 x-social-media-black-icon.svg
www.recordedfuture.com/images/ 456 B
559 B 180ms
169ms Image
image/svg+xml 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recordedfuture.com/images/x-social-media-black-icon.svg

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8837339f39b4de89bcdc5b4705e44d0007a8728881c70d1010f9973dff06306

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=0
content-encoding: gzip
cf-cache-status: MISS
etag: W/"1c8-19266ace1b8"
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-content-type-options: nosniff
cf-ray: 8cee0745a89d1e56-FRA
traceresponse: 00-17fc2cbcfd4902a175c997fcbbd7a65e-cb618e24c601eb34-01
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: image/svg+xml
last-modified: Mon, 07 Oct 2024 11:10:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Inter-Regular.86422bf3.ttf
www.recordedfuture.com/_next/static/media/ 303 KB
144 KB 53ms
52ms Font
font/ttf 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Regular.86422bf3.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

494a9c8817786531126dd245c93f8a85aa6afa405c7b8a2e45b667538470ce7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"4ba44-18f7bb364af"
age: 11198512
x-content-type-options: nosniff
traceresponse: 00-17cfa3c2ea643ab582f2ae29ab03f983-9dfd7ecdfbe616fe-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: font/ttf
last-modified: Wed, 15 May 2024 10:01:45 GMT
x-served-by: cache-fra-eddf8230081-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0746496f1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
accept-ranges: bytes
content-length: 147167
server: cloudflare

GET
H2 200 Inter-Bold.0b1aaf81.ttf
www.recordedfuture.com/_next/static/media/ 309 KB
154 KB 57ms
56ms Font
font/ttf 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Bold.0b1aaf81.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ad83f2446566c5ecf7c261cc07884a5d5f71965b5df8fd7bb809f83a42bf470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"4d2c4-18f61c04d32"
age: 11198512
x-content-type-options: nosniff
traceresponse: 00-17cf4d55490c727c338ec305a19fb73a-9e7bf5fccc7ef3f1-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: font/ttf
last-modified: Fri, 10 May 2024 09:05:43 GMT
x-served-by: cache-fra-eddf8230020-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee074649731e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
content-length: 157388
server: cloudflare

GET
H2 200 icomoon.ttf
www.recordedfuture.com/icons/fonts/ 6 KB
3 KB 178ms
176ms Font
font/ttf 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/icons/fonts/icomoon.ttf?j8daoh

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cea068537a9ce7722b6a08c23bc67dff6b49a272be984b95c2e9156411d2636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=0
content-encoding: gzip
cf-cache-status: MISS
etag: W/"160c-19266ace1b8"
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-content-type-options: nosniff
cf-ray: 8cee074649751e56-FRA
traceresponse: 00-17fc2cbd02d5b63208e922b6acf8edaa-1a1b14a718d48378-01
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: font/ttf
last-modified: Mon, 07 Oct 2024 11:10:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Inter-ExtraBold.d19caa02.ttf
www.recordedfuture.com/_next/static/media/ 309 KB
154 KB 51ms
51ms Font
font/ttf 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-ExtraBold.d19caa02.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb3140db2839cabd3662044ef7791206df377b2211046abc71dd039f05fe082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"4d52c-18f39b6d7f2"
age: 11198512
x-content-type-options: nosniff
traceresponse: 00-17cd2770b17753cc13f545bba9039f09-ae499b3ccee02cc6-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: font/ttf
last-modified: Thu, 02 May 2024 14:30:35 GMT
x-served-by: cache-fra-eddf8230073-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee074649771e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
content-length: 157010
server: cloudflare

GET
H2 200 Inter-Medium.6ee661b3.ttf
www.recordedfuture.com/_next/static/media/ 307 KB
152 KB 30ms
30ms Font
font/ttf 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/media/Inter-Medium.6ee661b3.ttf

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b1f949528f7a3a2d2ff3b6df67c6c1b5cb8f62a2eba6eb5e06adff2d5795f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/_next/static/css/dcb2301ce8f93234.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"4cd58-1901090f9b4"
age: 9384118
x-content-type-options: nosniff
traceresponse: 00-17d8813cc23df002bf6300bc5dc3c1b2-b4f03831d9cc14ef-01
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: font/ttf
last-modified: Thu, 13 Jun 2024 07:47:34 GMT
x-served-by: cache-fra-eddf8230128-FRA
x-cache-hits: 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee0746497b1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
accept-ranges: bytes
content-length: 155503
server: cloudflare

GET
H2 200 service_support_community_header_488952ca5f.jpg
cms.recordedfuture.com/uploads/format_webp/ 433 KB
434 KB 822ms
820ms Image
image/webp 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/format_webp/service_support_community_header_488952ca5f.jpg?w=640

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e604ed620cde25b7cb019a9c34e982ca5222795ec859c952800cc2b1ea0e90ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cf-cache-status: REVALIDATED
etag: "6c566-1w2NmQpjfWs4+d0sTjMcx+ows1g"
x-content-type-options: nosniff
traceresponse: 00-17f81011ad68922ef84586ac4d7d8766-62fd1cb5d08b0535-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: image/webp
last-modified: 1650559511000
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300, public, s-maxage=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074649831e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
content-length: 443750
server: cloudflare

GET
H2 200 browser_extension_overview_2_alt_1b8d64b20e.png
cms.recordedfuture.com/uploads/format_webp/ 30 KB
30 KB 389ms
388ms Image
image/webp 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/format_webp/browser_extension_overview_2_alt_1b8d64b20e.png?w=640

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab77c45abab064a07150e489eb132ec77dc1cbb1cb6d2d52d94b6edd8e05d87a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cf-cache-status: REVALIDATED
etag: "78fa-IWlwX8Nok8bcfjEWcPfAYog3X0c"
x-content-type-options: nosniff
traceresponse: 00-17fbf768ddb25d60295d7806efe3f0f4-638bdece8e75f849-01
date: Mon, 07 Oct 2024 12:52:27 GMT
content-type: image/webp
last-modified: 1659444505702
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300, public, s-maxage=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074649861e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
content-length: 30970
server: cloudflare

GET
H2 200 cyber_daily_in_your_inbox_0089a093cc.png
cms.recordedfuture.com/uploads/format_webp/ 45 KB
45 KB 523ms
463ms Image
image/webp 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/format_webp/cyber_daily_in_your_inbox_0089a093cc.png?w=640

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b318ef40d63862e41dac76084a91dc0477df0b17f03da157e643542d022cd26b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cf-cache-status: REVALIDATED
etag: "b34c-QP+NqCkRTo2kCoBl8qK4u30S/PU"
x-content-type-options: nosniff
traceresponse: 00-17f81013d69c3d612a7133f95a50c892-e446bb1487103936-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: image/webp
last-modified: 1663868002298
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300, public, s-maxage=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074a7ef41e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
accept-ranges: bytes
content-length: 45900
server: cloudflare

GET
H2 200 service_support_training_header_0d14eafb62.jpg
cms.recordedfuture.com/uploads/format_webp/ 488 KB
489 KB 886ms
826ms Image
image/webp 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/format_webp/service_support_training_header_0d14eafb62.jpg?w=640

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

482fa259337593d58303e281f6ecf323eecf4d6bd4a735cf3af6cce29287ad11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cf-cache-status: REVALIDATED
etag: "7a16a-rv9S2Gxq4IMJmPpoSmW83zeuzow"
x-content-type-options: nosniff
traceresponse: 00-17f80f31488f4a8e17f99786657e77fc-0375d61910f926fb-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: image/webp
last-modified: 1650559496000
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300, public, s-maxage=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074a7efa1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
accept-ranges: bytes
content-length: 500074
server: cloudflare

GET
H2 200 brand_logo_white_ab2a1e056e.svg
cms.recordedfuture.com/uploads/ 5 KB
1 KB 399ms
349ms Image
image/svg+xml 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.recordedfuture.com/uploads/brand_logo_white_ab2a1e056e.svg?w=256

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e15b399e5be9732a12e7c2fcb42428cefb0ea79f89df93dae6e79eb5c018e5f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"6229d4fa-1379"
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:28 GMT
traceresponse: 00-17f7fc4a1335aa1588b005aab801c229-5db19ed930288d81-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Mar 2022 10:37:46 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=300
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074b58b81e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 blog.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 47 KB
8 KB 378ms
376ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/blog.json?slug=blog

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

375860c8397810902150c8e9729f0a30ebdcc09a637aab094670ea27628bbad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "14kmhzjd9sr10z3"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd57c1ac29ba0493525a99aa58-b6ff6cbd308423ec-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dac911e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: HIT
server: cloudflare

GET
H2 200 %5B%5B...slug%5D%5D-9a5f4441b03777f0.js
www.recordedfuture.com/_next/static/chunks/pages/ 0
0 33ms
33ms Other
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-9a5f4441b03777f0.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

cache-control: public, max-age=31536000, immutable
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1767-192575317f4"
x-debug-info: eyJyZXRyaWVzIjowfQ==
age: 263490
x-content-type-options: nosniff
cf-ray: 8cee074f4ecb1e56-FRA
traceresponse: 00-17fb3d18a1696b4084597f54834275cb-647524416e747c06-01
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:36 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 careers.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 82 KB
14 KB 349ms
347ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/careers.json?slug=careers

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

381979d4a7fc47b60e2ca2003bb86a77fc9e3d36d3054ce41887246963d177f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "3i7167d1v41shy"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55f9d08c5db888d85c1ae817-379d9318405ed642-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dac921e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 contact.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 56 KB
10 KB 354ms
352ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/contact.json?slug=contact

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28bc9b1c1de9676087252ef6b0f9fd77d360534b702823bd7eb50be2fbfaafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "g39a307sg617wt"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55dccc6ea7dcb2522572bc7f-a1a4a6f1d9f9193e-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dac971e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 index.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 200 KB
30 KB 346ms
344ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/index.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ded36abed7df72299e178fad6815610d94db0090ee9f7ad0b0cd3f3f8e685beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "hdxgfq5lba4e19"
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-nextjs-matched-path: /[[...slug]]
x-content-type-options: nosniff
cf-ray: 8cee074dac9a1e56-FRA
traceresponse: 00-17fc2cbd55cc0db5a805eef67c22a497-8d0861bf155f4375-01
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: STALE
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare

GET
H2 200 intelligence-cloud.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/platform/ 80 KB
14 KB 319ms
317ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/platform/intelligence-cloud.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adba195b2335efaa248dec95d745481c3b7dfc9a61a5b54ba290c7b98254865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "13ynk6kn4fa1r6w"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd493ccac5ac3c48d85e5dd267-bc3a3b409b0b3e51-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dac9b1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 outcomes.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 80 KB
14 KB 344ms
342ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/outcomes.json?slug=outcomes

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c706c9ace0ed1fdc221453793090feae0c5af7646b9e17a73b6a2d36c563f917

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "129jx1h3vvn1qsy"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55962ca48fe0dbe343a0a28a-d65eba609003631d-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dac9d1e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 client-success.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/services-support/ 54 KB
10 KB 338ms
336ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/services-support/client-success.json

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d362ebe549f9ed79d16714cd8780b44668d52d90c6573caabeb1e2c48640fd1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "sxten8ax1r16gw"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd5552b6ae74810f3b78699993-1f5ffd00d29d4ab7-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074daca21e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 research.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 57 KB
10 KB 352ms
351ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/research.json?slug=research

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc7dca6ba357eef56b8ffc24339882a59036a558dff240c3babc49c957b89fcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "9yh6xhrq3j18z5"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55e81843146fa3af83b1ac39-da93e44a804d5fdf-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074daca61e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 resources.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 60 KB
10 KB 373ms
372ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/resources.json?slug=resources

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a183888fcf1c0e637eb7d8bc2edaeb0640df51278d8ba0f9141e8fe9bec1824e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "wwqpwljp4y1brz"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55c22588cb1b570a15e0ede9-bbad90a286c99939-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074daca81e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 company.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 53 KB
10 KB 374ms
372ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/company.json?slug=company

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d463aa98f7ca989332916f998fc2b51b79ee44e69979f28621c6c3c4c3f7404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "7xc214bfsi15pm"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd561db94be27c1a7f3afb0560-8580f0468a486203-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dacab1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 blog.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 47 KB
8 KB 354ms
352ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/blog.json?utm_campaign=rf-404-page-blog-cta&utm_source=recordedfuture&utm_medium=website&utm_content=rf-404-page-blog-cta&utm_term=rf-404-page-blog-cta

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

375860c8397810902150c8e9729f0a30ebdcc09a637aab094670ea27628bbad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "14kmhzjd9sr10z3"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd5685c8354a72393670b6a880-8f9e94b25ab5d58c-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dbcb21e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: HIT
server: cloudflare

GET
H2 200 browser-extension.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/platform/ 50 KB
9 KB 358ms
357ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/platform/browser-extension.json?utm_campaign=rf-404-page-browser-extension-cta&utm_source=recordedfuture&utm_medium=website&utm_content=rf-404-page-browser-extension-cta&utm_term=rf-404-page-browser-extension-cta

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f50680baeccfe515bedbdd26ff988515c35e407f9aae4b2571cd1940d1d423d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "4eg5ctdxj613c4"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd56542dc34bb042f9a0c7edec-695f0afc481f7a25-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dbcb51e56-FRA
x-platform-server: i-72f68d9e5fc844fb8d11227fc18ff9f4, i-72f68d9e5fc844fb8d11227fc18ff9f4
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 resources.json Show response
www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/ 60 KB
10 KB 349ms
349ms Fetch
application/json 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/data/RaERMpS7CDfl03UgKUq4l/resources.json?utm_campaign=rf-404-page-resources-cta&utm_source=recordedfuture&utm_medium=website&utm_content=rf-404-page-resources-cta&utm_term=rf-404-page-resources-cta

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a183888fcf1c0e637eb7d8bc2edaeb0640df51278d8ba0f9141e8fe9bec1824e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

x-nextjs-data: 1
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "wwqpwljp4y1brz"
x-content-type-options: nosniff
traceresponse: 00-17fc2cbd55e575e314b67d822dee88c2-33db2bc5bfe7bf9a-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/json
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: s-maxage=30, stale-while-revalidate
x-nextjs-matched-path: /[[...slug]]
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074dbcb61e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
x-nextjs-cache: STALE
server: cloudflare

GET
H2 200 %5B%5B...slug%5D%5D-9a5f4441b03777f0.js Show response
www.recordedfuture.com/_next/static/chunks/pages/ 6 KB
2 KB 52ms
29ms Script
application/javascript 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/chunks/pages/%5B%5B...slug%5D%5D-9a5f4441b03777f0.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fc1cd60b50fecf2f101660312d3ad57e227c37fb15c667475c0935b0b683577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1767-192575317f4"
age: 263490
x-content-type-options: nosniff
traceresponse: 00-17fb3d18a1696b4084597f54834275cb-647524416e747c06-01
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 11:38:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8cee074f4ecb1e56-FRA
x-platform-server: i-bac7380798664d7697b0cf11d33520e7, i-bac7380798664d7697b0cf11d33520e7
server: cloudflare

GET
H2 200 1a6394c91d198e5b.css Show response
www.recordedfuture.com/_next/static/css/ 25 KB
0 11ms
11ms Fetch
text/css 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/_next/static/css/1a6394c91d198e5b.css

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/_next/static/chunks/main-75bdb96a41ba80f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb675729c9065818c208dd27f067e0c3b1772918af3166d4992beea43041c53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

content-encoding: gzip
cf-bgj: minify
etag: W/"62b7-191e19bf264"
age: 1534818
cf-cache-status: HIT
x-content-type-options: nosniff
traceresponse: 00-17f466de82c1f1ecd9a76b1c0fbbd061-cf367def84a00457-01
cf-polished: origSize=25271
x-cache: HIT
date: Mon, 07 Oct 2024 12:52:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 11 Sep 2024 15:02:59 GMT
vary: Accept-Encoding
x-cache-hits: 0
x-served-by: cache-fra-eddf8230112-FRA
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
via: 1.1 varnish
cf-ray: 8cee073f895e1e56-FRA
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
server: cloudflare

GET
H2 200 favicon.ico
www.recordedfuture.com/ 17 KB
848 B 136ms
136ms Other
image/x-icon 104.18.35.90
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recordedfuture.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.90 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b73b7e0eaffe020cd9d4eaccd4afc57904bba61c4a3423f8640e4a05abf1b7ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=0
content-encoding: gzip
cf-cache-status: MISS
etag: W/"423e-19266ace1b8"
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-content-type-options: nosniff
cf-ray: 8cee075048451e56-FRA
traceresponse: 00-17fc2cbd626e0a787c2a94469ddf7273-a6c711459e4924aa-01
x-platform-server: i-be21b5795622437d8136c8a0cedbd8d0, i-be21b5795622437d8136c8a0cedbd8d0
date: Mon, 07 Oct 2024 12:52:28 GMT
content-type: image/x-icon
last-modified: Mon, 07 Oct 2024 11:10:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 30 KB
9 KB 441ms
8ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=880669&u=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&vn=2.1&x=true
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra2 /
Resource Hash: 1f7926e9d9afbb324043f0457f954c57d8c4c657bf527202cf5826bbcb1420e4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.recordedfuture.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gfra2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 330 KB
109 KB 460ms
26ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d3ccfc18cd58fffbfd0ebcfb18ce90a14c919111d4e481f75671dc945af8dc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 07 Oct 2024 12:52:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 110810
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 worker-b0d363a401093f288c66a8fb01ee7befbr.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 263 KB
63 KB 46ms
31ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-b0d363a401093f288c66a8fb01ee7befbr.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 8364af5956f2875ad4a7e129eb32f3fa539111a8a45662256877a88fc6b2efc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=dCCLag==, md5=1vAdb9/nvdn6DQErR6rANw==
etag: "d6f01d6fdfe7bdd9fa0d012b47aac037"
age: 268933
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 64961
date: Fri, 04 Oct 2024 10:10:16 GMT
last-modified: Fri, 04 Oct 2024 09:46:39 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AD-8ljup2LInKOl1b0Vpk4tRSqemMP5bwzc9DHHZcRqXT5yebyS4bzF4zpMH8kDxRuEkdhsBTvmIughJ9w
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1728035199437071
content-length: 64961
content-language: en
server: UploadServer

GET
H3 200 va_gq-ca192c2beb893628a5ae5f404573b624br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 273 KB
71 KB 47ms
33ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-ca192c2beb893628a5ae5f404573b624br.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2edfb1a8a946770606586e0c9e528ce201582c9c88e67a8b208ceec33881c3b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=rkcvhQ==, md5=5a+QqFE/lWEkgN0RqTuO6Q==
etag: "e5af90a8513f95612480dd11a93b8ee9"
age: 246178
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 72430
date: Fri, 04 Oct 2024 16:29:31 GMT
last-modified: Fri, 04 Oct 2024 16:14:48 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AD-8ljvyWL9YhVE0HOat9QqPMwbATbzw8im4Zy_mUXUhwjvS8CHbKcH0KvSQknxJ_l9Sdvk6oyM
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1728058488173621
content-length: 72430
content-language: en
server: UploadServer

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 118ms
104ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=880669&d=recordedfuture.com&u=D5C49DC28E6F7F0DC467A16C97F524B14&h=77ebcdcc5f9e7ba95a35391b36c32ff2&t=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv03c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Mon, 07 Oct 2024 12:52:29 GMT
content-type: image/gif
server: gnv03c

GET 107508ca-047b-482b-a5c5-3d5b6b087f22
https://www.recordedfuture.com/ 0
0

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 127ms
117ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=880669&u=D5C49DC28E6F7F0DC467A16C97F524B14&s=1728305549&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22de-de%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1728305549887%2C%22tO%22%3A-2%2C%22tz%22%3A%22Europe%2FBerlin%22%7D&cu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1728305549927&v=e618aac1e

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv03c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Mon, 07 Oct 2024 12:52:29 GMT
content-type: image/gif
server: gnv03c

GET
H3 200 nc-5c6a4ba1f62b60fdf90f5cf8c2585e95br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 17 KB
5 KB 10ms
9ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/nc-5c6a4ba1f62b60fdf90f5cf8c2585e95br.js
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: af7fc268bd3adf07f27781ccf76232966e8a0e44dc879a4777e3ea337130634b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=/7fzaQ==, md5=FGx1LyE87timzhMRLK+wBg==
etag: "146c752f213ceed8a6ce13112cafb006"
age: 246177
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 5575
date: Fri, 04 Oct 2024 16:29:32 GMT
last-modified: Fri, 04 Oct 2024 16:15:40 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AD-8lju3kGwWeUbcBr50-NmoVAOQ2GvZB2LZlisxMHnMvVmNEtNnG3kPolC3L8cBwRrloGC1EA
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1728058540459857
content-length: 5575
content-language: en
server: UploadServer

GET
H2 200 64dc3ec5-330c-4652-88d3-147ee65e90ba.js Show response
j.6sc.co/j/ 8 KB
8 KB 3396ms
19ms Script
application/javascript 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/64dc3ec5-330c-4652-88d3-147ee65e90ba.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-251.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4512d280d6e3770022a6aced807c4b08d410ae107294c0ac19801ad24f6ef0f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-amz-server-side-encryption: AES256
content-type: application/javascript
cache-control: private, max-age=1800
x-amz-version-id: MbzeuKlSNW9OmZUUgXztIvtYg.jH191L
etag: "3fdac343b2a409e8e59493c09517ac69"
expires: Mon, 07 Oct 2024 13:22:33 GMT
accept-ranges: bytes
content-length: 7759
x-amz-cf-id: kJ9ZQOaM4LLHkR7zBn0nAEFJAjenerzcyxixbQLFbHVwyA_sGPL9Sg==
date: Mon, 07 Oct 2024 12:52:33 GMT
last-modified: Thu, 25 Jul 2024 13:22:42 GMT
vary: Accept-Encoding
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-meta-content-type: application/json

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 325 KB
107 KB 105ms
105ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

079ffe543fe1e82c40b81c55cc8ef83ab8b3b290881900c57e6506cf259dea11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 12:52:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109305
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
96 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1003136084&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b9869f82ad1480257239f7e749705cdd70bea5cc60466741246fabc3041aa42d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 12:52:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97471
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 731ms
14ms Script
application/javascript 146.75.52.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.52.157 Milan, Italy, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15412
date: Mon, 07 Oct 2024 12:52:30 GMT
x-tw-cdn: FT
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000168-IAD, cache-lin1730040-LIN
x-amz-server-side-encryption: AES256

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 418ms
13ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=65148
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 07 Oct 2024 12:52:30 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 417ms
11ms Script
text/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
age: 1451
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 14:28:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:28:19 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 17168
server: Golfe2

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 529ms
15ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
age: 257950
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 13:13:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 04 Oct 2024 13:13:20 GMT
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31017
x-xss-protection: 0
server: sffe

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
60 KB 229ms
16ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=3, c=11, mss=1297, tbw=2913, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: w3JAknwa0tP56+0IeYnWLfbmYD68U5xSU+5pbD0WfC8UmH7/U7E63Jx11NiFja2Ot/kH3b5nHJoT+o4FkDkzWA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 container_nbhoRDM8.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 245 KB
70 KB 243ms
12ms Script
application/javascript 2600:9000:2724:1a00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.matomo.cloud/recordedfuture.matomo.cloud/container_nbhoRDM8.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2724:1a00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

267deecfad2b9924d74326202da22380d2abf89a64af40c2faf912bb95b07e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
etag: W/"6ac904165a60680e2103258587689240"
x-amz-version-id: LiKAVTEKYBRglYD6JkR2bAArbQvBnTa2
age: 2923
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: j_M3z2H4mZkF8J1b89V0kMREb7ZjVozfj7cQL1D8qhC6SG8L2JamVw==
date: Mon, 07 Oct 2024 12:03:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Oct 2024 23:14:47 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: max-age=691200
via: 1.1 65c5d5104f267ee43cce97d81871c884.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P12
server: CloudFront

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/recordedfuture.matomo.cloud/ 202 KB
59 KB 243ms
12ms Script
application/javascript 2600:9000:2724:1a00:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js

Requested by

Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2724:1a00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

7d1e4da46e65ade35e0017500907b2d3bc738bb33b10266f679f2113cc56861c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
etag: W/"5c359e1fa9398dc7248bc8740cc8eb49"
x-amz-version-id: nUcBrzhVy9JMMaAtFkxpvW8b5Jy3nYQT
age: 3088
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: g9cjSHoNwworRCVa1gyplj-InIc79qs2T_BFbuMniDo7-r3glgnEnw==
date: Mon, 07 Oct 2024 12:01:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 29 Apr 2024 00:09:25 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
x-amz-replication-status: FAILED
cache-control: max-age=691200
via: 1.1 65c5d5104f267ee43cce97d81871c884.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P12
server: CloudFront

GET
H2 200 252628.js Show response
js.hs-scripts.com/ 2 KB
882 B 503ms
65ms Script
application/javascript 104.16.138.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/252628.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-539N74N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.138.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5073c3f9b85629e91f85c40bb08925faaab4717de831ebc2d0a40a6df100b880

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

access-control-max-age: 3600
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 9
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:54:00 GMT
cf-polished: origSize=2008
date: Mon, 07 Oct 2024 12:52:30 GMT
x-hubspot-correlation-id: b0eac9c1-c077-4c93-b55a-b200b562067d
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:52:21 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8cee075adaa0db06-FRA
access-control-allow-origin: https://bgpview.io
server: cloudflare

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 37 KB
7 KB 18ms
17ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=880669&settings_type=1&vn=&eventArch=1&uuid=&ec=1456764&exc=39
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra2 /
Resource Hash: 9035883a272c40f66265e88a4272d38741acc0ffb9c951d225e33ec630821c7c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
content-encoding: gzip
etag: W/"1728289762_EA"
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/javascript; charset=UTF-8
server: gfra2

GET
H2 200 194163687656043 Show response
connect.facebook.net/signals/config/ 78 KB
15 KB 120ms
83ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/194163687656043?v=2.9.170&r=stable&domain=www.recordedfuture.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48e70862fc2a5dcb0eb3cadb5a4d9ddf756c7e6c1424a72b4cff594001efd404

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=3, c=64, mss=1297, tbw=64781, tp=-1, tpl=-1, uplat=83, ullat=0
pragma: public
x-fb-debug: Doa5FWOokYtKoGFsxW26IFcj3tgnprh32Ep9c1xyxpibl9rj6mQNbxtMayokAufXZWahY7QhE02yFD1FHw4PBg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 matomo.php
recordedfuture.matomo.cloud/ 0
179 B 304ms
36ms Ping
text/plain 18.157.122.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://recordedfuture.matomo.cloud/matomo.php?action_name=www.recordedfuture.com%2FError%20Page%20%7C%20Recorded%20Future&idsite=1&rec=1&r=319038&h=14&m=52&s=30&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&_id=&_idn=1&send_image=0&_refts=0&pv_id=mo3XSK&pf_net=0&pf_srv=221&pf_tfr=231&pf_dm1=709&pf_dm2=1991&pf_onl=0&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200

Requested by

Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.157.122.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-122-248.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: https://www.recordedfuture.com/

Response headers

strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.recordedfuture.com
date: Mon, 07 Oct 2024 12:52:30 GMT
vary: X-Forwarded-Proto,User-Agent
server: Apache
access-control-allow-credentials: true

GET
H2 200 configs.php Show response
recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/ 116 B
297 B 201ms
27ms Script
application/javascript 18.157.122.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://recordedfuture.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=1&trackerid=FHKJ97&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange

Requested by

Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/recordedfuture.matomo.cloud/matomo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.157.122.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-122-248.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

9c955f0593c63d7c43d63ec8e1f934487cf5d3c6dfc4d7529e69673870cdd639

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

strict-transport-security: max-age=31536000
content-length: 119
content-encoding: gzip
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/javascript
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
server: Apache

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
624 B 372ms
178ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DAF2C55DEA17436C8A842B81BC828A6C Ref B: FRAEDGE1612 Ref C: 2024-10-07T12:52:30Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYj4n5sICB+a7dK+YmFIg==
x-li-proto: http/2
access-control-allow-origin: https://www.recordedfuture.com
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:52:30 GMT
vary: Origin

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 333ms
177ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-methods: GET, OPTIONS
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/json
access-control-allow-headers: *
x-li-pop: afd-prod-ltx1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-fs-uuid: 000623e27e6bc5bdd00224a1b0d19c45
x-msedge-ref: Ref A: ABDF4602052C47BAAB2EF0C04C37D358 Ref B: FRAEDGE1118 Ref C: 2024-10-07T12:52:30Z
x-restli-protocol-version: 1.0.0
x-li-uuid: AAYj4n5rxb3QAiShsNGcRQ==
access-control-allow-origin: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2&e_ipv6...

0
265 B

343ms
229ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2&e_ipv6=AQLdhvQGtrK1BQAAAZJnCdXpgCOV4wIQoOhMeuHMTXjmlozNf-F-OPHAN2A7HOw_IA
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3D84360F8F204D6FAEA2BD229665B076 Ref B: FRAEDGE1219 Ref C: 2024-10-07T12:52:31Z
x-li-fabric: prod-lva1
x-li-uuid: AAYj4n5vzWtVJvidDQVJeg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3869953%2C26800&time=1728305550604&url=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tm=gtmv2&e_ipv6=AQLdhvQGtrK1BQAAAZJnCdXpgCOV4wIQoOhMeuHMTXjmlozNf-F-OPHAN2A7HOw_IA
x-msedge-ref: Ref A: 9860C9CCD86948B58F38128EE43092A8 Ref B: FRAEDGE1612 Ref C: 2024-10-07T12:52:30Z
x-li-fabric: prod-lva1
x-li-uuid: AAYj4n5rezKUqMK/leci6g==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 12:52:30 GMT

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
57 B 34ms
31ms Image
image/gif 142.250.186.168
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1728876139&utmhn=www.recordedfuture.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=de-de&utmje=0&utmfl=-&utmdt=Error%20Page%20%7C%20Recorded%20Future&utmhid=603893192&utmr=-&utmp=%2Fchinese-group-calypso-exploiting-microsoft-exchange&utmht=1728305550624&utmac=UA-XXXYYYZZZ-1&utmcc=__utma%3D93161374.1008925093.1728305551.1728305551.1728305551.1%3B%2B__utmz%3D93161374.1728305551.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1899657674&utmredir=1&utmu=qhAgAAAAAAAAAAAAAAAAAAAE~

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:169:0"}],}
x-content-type-options: nosniff
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:169:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:30 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
server: Golfe2

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 118ms
17ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=194163687656043&ev=PageView&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&rl=&if=false&ts=1728305550661&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728305550655.720814535216941267&cs_est=true&ler=empty&cdl=API_unavailable&it=1728305550468&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1297, tbw=2962, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 303ms
203ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=194163687656043&ev=PageView&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&rl=&if=false&ts=1728305550661&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728305550655.720814535216941267&cs_est=true&ler=empty&cdl=API_unavailable&it=1728305550468&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423015815660311342"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423015815660311342"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 12:52:30 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: wztL0dmuQn5TfwsDBMyO4AHbY1z54Kmk5FTJzN5ldOlSoG/fwkmB76icYtApW4RFmsSsrND5bX44dAA93To86g==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423015815660311342", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cache-control: private, no-store, no-cache, must-revalidate
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=10, mss=1297, tbw=3279, tp=-1, tpl=-1, uplat=179, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 164ms
14ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MHTMF48BZH&gtm=45je4a20v873499763z8830966511za200zb830966511&_p=1728305549111&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101529666~101671035~101747727&cid=2001958108.1728305551&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1728305550&sct=1&seg=0&dl=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&dt=Error%20Page%20%7C%20Recorded%20Future&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5576
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.recordedfuture.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:31 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
559 B 169ms
20ms Ping
text/plain 2a00:1450:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MHTMF48BZH&cid=2001958108.1728305551&gtm=45je4a20v873499763z8830966511za200zb830966511&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101529666~101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MHTMF48BZH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.recordedfuture.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:31 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 93ms
51ms Image
image/gif 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MHTMF48BZH&cid=2001958108.1728305551&gtm=45je4a20v873499763z8830966511za200zb830966511&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101529666~101671035~101747727&tag_exp=101529666~101671035~101747727&z=1294239476

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 12:52:31 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 adsct
t.co/i/ 43 B
627 B 188ms
152ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=0fed53a4-7383-44ce-a407-6e40d502741b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8759c0ff-0514-449c-a457-a545554e8707&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv0r6&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 13d3f7e025a6b8ba
cache-control: no-cache, no-store, max-age=0
x-connection-hash: f32c6e60b1ed09d858b6da6884b8088bcbd0537cd74044d066cdd3432c94d939
cf-cache-status: DYNAMIC
cf-ray: 8cee075e59d9d9d2-FRA
x-response-time: 104
content-length: 43
date: Mon, 07 Oct 2024 12:52:31 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_o

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
393 B 155ms
119ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=0fed53a4-7383-44ce-a407-6e40d502741b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8759c0ff-0514-449c-a457-a545554e8707&tw_document_href=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv0r6&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 711959424a132f19
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 2b0b0adfbe49084a40fff58b5c1aac1adc79a601439b958f01565dcc9c9b49ea
x-response-time: 104
content-length: 43
date: Mon, 07 Oct 2024 12:52:30 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_o

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 10ms
10ms Script
application/javascript 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/64dc3ec5-330c-4652-88d3-147ee65e90ba.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 15:52:33 GMT
accept-ranges: bytes
content-length: 18819
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
25 KB 147ms
122ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b0fdaa32feffbdbd15bda3619624e0aa8e1d647fd720e31b7645654e7fb551e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/

Response headers

x-request-id: b6096203-563c-4f26-8b7f-4112dcba2ddd
content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"6b513baaf4c77cddc702f596c3dd62d9"
x-amz-version-id: ntxqQzn.1wWRtdFp_E4nJAhKHFNI4WSr
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kWA6QrzmnQT4WrKzRUApwNme8Cx0ugIMGvl7Ma9J7ZUgzJUz6sHyc0ze7rA%2FQ9Lhzt5lPqJPdsFLgwl62D30vX0jq4Y9XrHbF1lyAsTksWJQH0HyvPKRWBE%2FEjdNBdXuWaA45QlB6iFsJYAt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: GKkyfRj-MQwQnl73415jTkOQsaIiU152XFTw_ICJhzH1V44oE8-nbg==
x-hubspot-correlation-id: b6096203-563c-4f26-8b7f-4112dcba2ddd
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 11:58:06 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-zfmpl
x-envoy-upstream-service-time: 2
x-hs-target-asset: web-interactives-embed/static-2.1554/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Mon, 07 Oct 2024 12:52:33 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1554/bundles/project.js&cfRay=8cee076d3adfdbc9-FRA
via: 1.1 06c1d28e93bdae8f6401a12c10b2f570.cloudfront.net (CloudFront)
cf-ray: 8cee076d3adfdbc9-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 252628.js Show response
js.hs-analytics.net/analytics/1728305400000/ 69 KB
25 KB 40ms
21ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1728305400000/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46b7363d841e5b4ef5addfd1b4040c8db631bc2e62903502afee0053012baf74

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: c1321f63-62fa-4bb4-8fde-319601ab96cc
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2d25bc9bf49f3ea3dd34254a176f08a5"
x-amz-version-id: null
age: 101
expires: Mon, 07 Oct 2024 12:55:52 GMT
x-evy-trace-listener: listener_https
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: c1321f63-62fa-4bb4-8fde-319601ab96cc
content-type: text/javascript
last-modified: Tue, 01 Oct 2024 15:27:31 GMT
vary: origin, Accept-Encoding
x-amz-id-2: JK6GjvsAPusAZ0CHpiKVERkfD3ay+SgXc1EQhKHqVgWVkjZz5yr/laA1xw93GvCCv89W8BeVSsA=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-wbs7w
x-envoy-upstream-service-time: 26
access-control-allow-credentials: false
x-amz-request-id: A8TVRK17N9XX71N2
cf-ray: 8cee076d2d5ed22a-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 41ms
21ms Script
application/javascript 2606:4700::6812:8d11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.recordedfuture.com
Referer: https://www.recordedfuture.com/

Response headers

x-request-id: 3c724400-b109-421d-93ce-9ccf3f0748d8
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: WgPQEOT.QDI5zKnRYhaKsuHqDz44RIEz
etag: W/"7d65c542c3a53442feef1a0f44071183"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 83138
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: F-HFlbg7XBf8YaF61TBPrGU8sVhC_iGHyfGbOzKrwVm7pg-ZxUxZGQ==
x-hubspot-correlation-id: 3c724400-b109-421d-93ce-9ccf3f0748d8
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Sep 2024 08:49:54 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-4qh4m
x-envoy-upstream-service-time: 34
x-hs-target-asset: lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Mon, 07 Oct 2024 12:52:33 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js&cfRay=8c1ea6180d80abf8-ARN
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
cf-ray: 8cee076d2f2abc01-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 252628.js Show response
js.hs-banner.com/ 62 KB
19 KB 45ms
21ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/252628.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/252628.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfb12bb49b914abebe510f3db1d251c4f716a6bc7d756d3cec1e86a3ff5c22d2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: d232190f-41cc-4a84-a630-073294fcb159
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c52f58bd4ec4f3ccbcb2164c8210fcc7"
x-amz-version-id: GAPviEB0_qVTRwAgcciO.APQcIZeYu3z
age: 231
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Mon, 07 Oct 2024 12:53:42 GMT
x-evy-trace-listener: listener_https
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: d232190f-41cc-4a84-a630-073294fcb159
content-type: text/javascript; charset=UTF-8
last-modified: Wed, 26 Jun 2024 15:57:47 GMT
vary: origin, Accept-Encoding
x-amz-id-2: bMRWZkCBmC/81hIhSpEuRWSsR+5WTLw1+nRQjm8A7Sjw8paxDeZwH0vsmAhShUXU07Fkfpv2Bwc=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-d9dbd
x-envoy-upstream-service-time: 34
access-control-allow-credentials: true
x-amz-request-id: 96Y2PSP2ESSFNB96
cf-ray: 8cee076d3af0bb8c-FRA
access-control-allow-origin: https://bgpview.io
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
704 B 91ms
44ms XHR
application/json 185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.199; 80.255.10.199; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.recordedfuture.com
an-x-request-uuid: 0de8d20f-0720-413e-82c7-1090bb2cb107
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 12:52:33 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
198 B 17ms
16ms XHR
text/html 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-251.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.recordedfuture.com
content-length: 7
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 15 B
307 B 89ms
43ms XHR
text/html 2a02:26f0:480:22::1726:62ce
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:22::1726:62ce Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9b7ed5ed6777f1ec508c24bfa91b195b02d982363f2d723806e266a471292605

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a01:4a0:5a::11
expires: Mon, 07 Oct 2024 12:52:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728305553505_389993742_1111393905_29_1304_6_14_219";dur=1
access-control-allow-origin: https://www.recordedfuture.com
content-length: 15
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: text/html
vary: Origin

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 194ms
145ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&t=Error+Page+%7C+Recorded+Future&cts=1728305553518&vi=dc278a528463d91e35ae0f24f7c5a2f3&nc=true&u=57501621.dc278a528463d91e35ae0f24f7c5a2f3.1728305553515.1728305553515.1728305553515.1&b=57501621.1.1728305553515&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: none
x-request-id: 6a3d2c12-f640-4b31-b97f-87b763c9c63d
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3sGaXVSlYeihxC6%2BokOUqtNKHBu%2BQfAjWMBMFF%2B2pKKYHFsBdkMyjJvya8eqf9YzioWsEtsYGAF%2FnuEpX7DJyDXz9%2BVxnvmkeCIM1BrTOTkmQItrM7%2Bp%2FXf1W4V1iKdDHvDIIV8iDBG0qQHf7YI9"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: 6a3d2c12-f640-4b31-b97f-87b763c9c63d
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-s77gd
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8cee076dd80e9bf4-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
124ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:33 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 133ms
126ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22f2675e8089b7d209a58fce8ad312f51c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2247c555096cc32557d3e6e7a333d7cb3ea692cee1%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2264dc3ec5-330c-4652-88d3-147ee65e90ba%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:33 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 130ms
123ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A5a%3A%3A11%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&ipv6=2a01%3A4a0%3A5a%3A%3A11&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:33 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

OPTIONS
H2 200 details
eps.6sc.co/v3/company/ 0
0 85ms
16ms Preflight 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.recordedfuture.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.recordedfuture.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Mon, 07 Oct 2024 12:52:33 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 details Show response
eps.6sc.co/v3/company/ 630 B
580 B 74ms
39ms XHR
application/json 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: a2080acecd874df2baccc6faf67013cf9b7bf8d4a755bbecb6e1e00ff73077ea

Request headers

Authorization: Token 47c555096cc32557d3e6e7a333d7cb3ea692cee1
X-6s-CustomID: WebTag 64dc3ec5-330c-4652-88d3-147ee65e90ba
Referer: https://www.recordedfuture.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.recordedfuture.com
content-length: 316
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: application/json
vary: Origin, Accept-Encoding

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 135ms
133ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=252628&currentUrl=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&utk=dc278a528463d91e35ae0f24f7c5a2f3&__hstc=57501621.dc278a528463d91e35ae0f24f7c5a2f3.1728305553515.1728305553515.1728305553515.1&__hssc=57501621.1.1728305553515

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: c96435b2-afea-4fd1-9771-44c1684cead8
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59IFmESZgm2%2B9Pchi8tBonCyohrecuTSnMdKcCTS5r8h%2Bdi82xmG%2Fl%2FmaSdCM8r5SwHjHj2hjNwPA%2FMb7uFCyPix9FIO7x%2B1%2FyB8Sq5ArNt7jLwIRsAkly8XhuBY013jcVO9sGjA9Fdu8ql45lVMzWA1c6sI034aiiI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: c96435b2-afea-4fd1-9771-44c1684cead8
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-qwtjj
x-envoy-upstream-service-time: 18
access-control-allow-credentials: true
cf-ray: 8cee076e3e63dbc9-FRA
access-control-allow-origin: https://www.recordedfuture.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H3 200 t
dev.visualwebsiteoptimizer.com/events/ 0
36 B 139ms
139ms Ping
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/events/t?en=vwo_syncVisitorProp&a=880669&v=e618aac1e&_cu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange
Requested by: Host: www.recordedfuture.com
URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gnv03c /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.recordedfuture.com/

Response headers

content-encoding: gzip
access-control-allow-methods: GET, POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:52:33 GMT
content-type: application/javascript; charset=UTF-8
server: gnv03c
access-control-allow-headers: X-Device-User-Agent, Vwo-X-Forwarded-For

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 163ms
151ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=252628&utk=dc278a528463d91e35ae0f24f7c5a2f3&__hstc=57501621.dc278a528463d91e35ae0f24f7c5a2f3.1728305553515.1728305553515.1728305553515.1&__hssc=57501621.1.1728305553515&currentUrl=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

752f3b3c4dae1b8e8ee6c8fe78bfbd71b3550aaee6f2404f680f3edd212824b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: fd0b3043-6105-4955-a021-c4bd9f02dd04
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MmH8R9fSnOuAaj29FIKmzUMKaY5I%2FyFGg13J7P557JdpF68Fyy4otRQigaXhlBhCAFXOcUNf%2BJQpiBMdSN6iULtHuRRkCzbPZZR63pC1wpwcxOO9bwgabs3jaQz8dF7AHRpKWaMyE38Pi4p4p%2Bui"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: fd0b3043-6105-4955-a021-c4bd9f02dd04
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-sr42p
x-envoy-upstream-service-time: 31
access-control-allow-credentials: false
cf-ray: 8cee076e9facdbc9-FRA
access-control-allow-origin: https://www.recordedfuture.com
x-evy-trace-route-configuration: listener_https/all
content-length: 1084
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
905 B 231ms
203ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: none
x-request-id: 412fb2c2-a356-4225-9e71-a31cef5d2122
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Mon, 07 Oct 2024 12:52:33 GMT
x-hubspot-correlation-id: 412fb2c2-a356-4225-9e71-a31cef5d2122
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:52:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-j45xs
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8cee076f4bfbdbea-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
463 B 159ms
159ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=e887dce6-7b34-4ba5-9eac-4d2ca9a2983c&lfi=2694383&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=252628&rcu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pu=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&t=Error+Page+%7C+Recorded+Future&cts=1728305553868&vi=dc278a528463d91e35ae0f24f7c5a2f3&nc=true&u=57501621.dc278a528463d91e35ae0f24f7c5a2f3.1728305553515.1728305553515.1728305553515.1&b=57501621.1.1728305553515&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: none
x-request-id: 0c74d666-f2ac-4d19-ae61-7d0604443fd8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27ASOjCRlLucd7O3kRZGYiNBg4TgF5SKoqnREODbJXCGnY7FdoWlS2PX5r6pqaagS5zdmomRIyJ%2Fvzu9DXBXD6CV8VZ0uO%2Bu95olzZRWaCj33wUgT5yggdgwglk4Zu2KvMCkncHPd%2BzoJYw7%2FqjU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Mon, 07 Oct 2024 12:52:34 GMT
x-hubspot-correlation-id: 0c74d666-f2ac-4d19-ae61-7d0604443fd8
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-hlgfl
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8cee076fb9ca9bf4-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 126ms
126ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A33%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&ipv6=2a01%3A4a0%3A5a%3A%3A11&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:34 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:34 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 iphone-cd1.jpg
go.recordedfuture.com/hubfs/ 83 KB
85 KB 483ms
104ms Image
image/webp 199.60.103.254

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://go.recordedfuture.com/hubfs/iphone-cd1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.254 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

ab221b9e81a8439634c9f73c15c96457f75d3632fea1f6256fa4833acc6a314a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "f5c3d1b581a50e5c3637310137a43f0e"
age: 548853
cache-tag: F-99167145604,P-252628,FLS-ALL
x-amz-version-id: CyJHfLHHqfqm77ShwrX4xZ78eMxn5Xvx
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmDGJoIsBxOyX%2Bvu%2B4Jxk1PobKLvuQCZOjQ04YzzhaUPZNu26KSQHBOdFPvINMg%2FgZZPc83L1EJ%2FsAJl4%2FwQwDqFFHBJBfRKrGB8aEwxxjtAGsiuOL9iY4fkO%2F2YhL0ekzRi0Is0aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-amz-cf-id: X3Fh41M218NZMrC9GEeubY31yxcsDIV4coBlAdSXS_KrPutBv3NrdA==
content-type: image/webp
content-disposition: inline; filename="iphone-cd1.webp"
last-modified: Thu, 19 Jan 2023 16:01:07 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-99167145604,P-252628,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5XXY6Y3F8Z2J7N44
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-99167145604,P-252628,FLS-ALL
content-length: 85082
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=229013
date: Mon, 07 Oct 2024 12:52:35 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: Q+EGg8avhD6gbkfwOg+vbM9o4P2TJ11RPChWE/8IGAjhetT9n5RznvO3mLhy24B4+tNrWKLLLAE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 b77e6c4c926acdb5c1a30b7465e6750e.cloudfront.net (CloudFront)
cf-ray: 8cee07785a38373b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1674144065940

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 116ms
116ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:35 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:35 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 125ms
125ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&ipv6=2a01%3A4a0%3A5a%3A%3A11&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:35 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:35 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 137ms
137ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=f2675e8089b7d209a58fce8ad312f51c&svisitor=null&visitor=139de92d-fe65-4ea9-8ce2-254542d6345f&session=4147386d-fe1f-48af-87f5-d1c794408f97&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A52%3A35%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recorded%20Future%20is%20the%20world%E2%80%99s%20largest%20intelligence%20company%20with%20complete%20coverage%20across%20adversaries%2C%20infrastructure%2C%20and%20targets.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Error%20Page%20%7C%20Recorded%20Future%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.recordedfuture.com%2Fchinese-group-calypso-exploiting-microsoft-exchange&pageViewId=a0320699-44f2-4da9-8205-46ab92f396c4&an_uid=0&webTagId=64dc3ec5-330c-4652-88d3-147ee65e90ba&ipv6=2a01%3A4a0%3A5a%3A%3A11&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.recordedfuture.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:52:36 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:52:36 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.recordedfuture.com
URL: blob:https://www.recordedfuture.com/107508ca-047b-482b-a5c5-3d5b6b087f22

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.recordedfuture.com/	1969-12-31 23:59:59	Name: _cfuvid Value: KzwwoLfGd3GWNmfnbT63jL4OCayM2zJVlqxItxYHLXo-1728305545536-0.0.1.1-604800000
.recordedfuture.com/	1970-01-21 08:52:07	Name: _vwo_uuid_v2 Value: D5C49DC28E6F7F0DC467A16C97F524B14\|77ebcdcc5f9e7ba95a35391b36c32ff2
.recordedfuture.com/	1970-01-21 08:51:02	Name: _vwo_uuid Value: D5C49DC28E6F7F0DC467A16C97F524B14
.recordedfuture.com/	1970-01-21 00:48:17	Name: _vwo_ds Value: 3%241728305549%3A55.74816131%3A%3A
.recordedfuture.com/	1970-01-21 00:05:07	Name: _vwo_sn Value: 0%3A1%3A%3A%3A1
.recordedfuture.com/	1970-01-21 02:14:41	Name: _gcl_au Value: 1.1.2100658713.1728305550
.recordedfuture.com/	1970-01-21 02:29:05	Name: _vis_opt_s Value: 1%7C
.recordedfuture.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.recordedfuture.com/	1970-01-21 09:41:05	Name: __utma Value: 93161374.1008925093.1728305551.1728305551.1728305551.1
.recordedfuture.com/	1969-12-31 23:59:59	Name: __utmc Value: 93161374
.recordedfuture.com/	1970-01-21 04:27:53	Name: __utmz Value: 93161374.1728305551.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.recordedfuture.com/	1970-01-21 00:05:06	Name: __utmt_sfga Value: 1
.recordedfuture.com/	1970-01-21 00:05:07	Name: __utmb Value: 93161374.1.10.1728305551
.recordedfuture.com/	1970-01-21 02:14:41	Name: _fbp Value: fb.1.1728305550655.720814535216941267
.recordedfuture.com/	1970-01-21 09:41:05	Name: _ga Value: GA1.1.2001958108.1728305551
.linkedin.com/	1970-01-21 08:50:41	Name: bcookie Value: "v=2&9b1558fa-da97-443b-84e3-ab289b1bdf46"
.linkedin.com/	1970-01-21 04:24:17	Name: li_gc Value: MTswOzE3MjgzMDU1NTA7MjswMjEghXRIIlr+wgIcsGszagudccfXwM3PUmmuaqpPbMkuKg==
.linkedin.com/	1970-01-21 00:06:31	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=3098:u=1:x=1:i=1728305550:t=1728391950:v=2:sig=AQHkQ-ufWk8kiKSPnGWlRSjCFidrj99L"
.twitter.com/	1970-01-21 09:41:05	Name: personalization_id Value: "v1_fI3N9gu/Itv4Is0ycA++7A=="
.t.co/	1970-01-21 09:41:05	Name: muc_ads Value: b83eef7e-1450-46c2-b9bc-fd036f3ce3eb
.t.co/	1970-01-21 00:05:07	Name: __cf_bm Value: o7am3dM5j8ZL_goJ2z2bhSAlRbHf7x0XUHb2mPzXN1g-1728305551-1.0.1.1-PkMRSoXXu9UgDqiQfiDDPB1u39diIe_aNEB_Y.MU4M0VTMJeIrc5zCJ8N4PcNTNmmHFLm8KsSZnwAwUWlM687g
.recordedfuture.com/	1970-01-21 04:24:17	Name: __hstc Value: 57501621.dc278a528463d91e35ae0f24f7c5a2f3.1728305553515.1728305553515.1728305553515.1
.recordedfuture.com/	1970-01-21 04:24:17	Name: hubspotutk Value: dc278a528463d91e35ae0f24f7c5a2f3
.recordedfuture.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.recordedfuture.com/	1970-01-21 00:05:07	Name: __hssc Value: 57501621.1.1728305553515
.adnxs.com/	1970-01-21 09:41:05	Name: receive-cookie-deprecation Value: 1
www.recordedfuture.com/	1970-01-21 00:15:10	Name: _an_uid Value: 0
www.recordedfuture.com/	1970-01-21 09:41:05	Name: _gd_visitor Value: 139de92d-fe65-4ea9-8ce2-254542d6345f
www.recordedfuture.com/	1970-01-21 00:05:19	Name: _gd_session Value: 4147386d-fe1f-48af-87f5-d1c794408f97
.hubspot.com/	1970-01-21 00:05:07	Name: __cf_bm Value: wT.05od2ONR8MGGDeys9iWxe6ehH33z9yzMCn7zRInU-1728305553-1.0.1.1-TS7_z.Ux0yqIuJZpCNintUQKOhjlGQK7Qm_OTe9z2a6SrzFPGXncUYBqTmJgukJZQyVkUYscDktEOBpFy6yIUQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: dOffuDaLZIjL6M_I.Lz.Jm_K_FdGDVry9NakWTEjexk-1728305553711-0.0.1.1-604800000
.recordedfuture.com/	1970-01-21 09:41:05	Name: _ga_MHTMF48BZH Value: GS1.1.1728305550.1.0.1728305553.57.0.0
.hsforms.com/	1970-01-21 00:05:07	Name: __cf_bm Value: ULRF9U5maIrGo6Fz2VHruRBh1imQNt_xFODQQZlAlMg-1728305553-1.0.1.1-fvcaFfyuADWaN7KDgozdxtnUf.RN7m5SHZG2Seljs.HR0b.UP6oFghk2VYt1Xb4gXlaCHYt6ZX8_b5Ylps13tw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Hoit4wUP1z1yvH9RL8N0L.mLvvNtHCR1iJRnPY_iK1U-1728305553950-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange Message: The resource https://www.recordedfuture.com/fonts/fonts.css was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
b.6sc.co
c.6sc.co
cdn.matomo.cloud
cms.recordedfuture.com
connect.facebook.net
cta-service-cms2.hubspot.com
dev.visualwebsiteoptimizer.com
eps.6sc.co
forms.hubspot.com
go.recordedfuture.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.hubspot.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
recordedfuture.matomo.cloud
region1.analytics.google.com
secure.adnxs.com
snap.licdn.com
ssl.google-analytics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
track.hubspot.com
www.facebook.com
www.google.de
www.googletagmanager.com
www.recordedfuture.com
www.recordedfuture.com
104.16.138.209
104.18.35.90
104.19.175.188
104.244.42.3
13.107.42.14
142.250.185.227
142.250.186.168
146.75.52.157
172.66.0.227
18.157.122.248
185.89.210.82
199.60.103.254
2001:4860:4802:32::36
23.53.42.251
2600:9000:2724:1a00:c:7d55:b3c0:93a1
2606:4700:4400::6812:28f0
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:a0a8
2606:4700::6812:8d11
2620:1ec:21::14
2a00:1450:4001:810::200a
2a00:1450:4001:81d::2008
2a00:1450:4001:828::2008
2a00:1450:400c:c0b::9d
2a02:26f0:3500:10::210:a99
2a02:26f0:480:22::1726:62ce
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
34.96.102.137
99.83.231.3
079ffe543fe1e82c40b81c55cc8ef83ab8b3b290881900c57e6506cf259dea11
0a556b35758f8a2ade1b662eeec7a45a4739325de831c2eca6cbe1171fbc6bfd
0fc1cd60b50fecf2f101660312d3ad57e227c37fb15c667475c0935b0b683577
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1d0ca87959e23cb77cff2f1d7fe2337ecc770de12b1d20762373321d7d287183
1f7926e9d9afbb324043f0457f954c57d8c4c657bf527202cf5826bbcb1420e4
267deecfad2b9924d74326202da22380d2abf89a64af40c2faf912bb95b07e3b
2ad83f2446566c5ecf7c261cc07884a5d5f71965b5df8fd7bb809f83a42bf470
2bcb0fc9204904e818d65cb8e6178f4f27a73d5da5fcbefb6dd20d4977465786
2edfb1a8a946770606586e0c9e528ce201582c9c88e67a8b208ceec33881c3b2
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
375860c8397810902150c8e9729f0a30ebdcc09a637aab094670ea27628bbad9
381979d4a7fc47b60e2ca2003bb86a77fc9e3d36d3054ce41887246963d177f9
3d9ec892dee44ec1c6a5778b93c71fbb4357b8dc8e00ba61eb7baeb6b0af79fa
43f20d0a51f32376a232ae9fbc41e803d09610000eacfe5b851bc46e191be5ff
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4512d280d6e3770022a6aced807c4b08d410ae107294c0ac19801ad24f6ef0f5
46b7363d841e5b4ef5addfd1b4040c8db631bc2e62903502afee0053012baf74
47ff98a1962e172bf408a4878244aa29b759659aeb49278eced504b297949316
482fa259337593d58303e281f6ecf323eecf4d6bd4a735cf3af6cce29287ad11
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
48e70862fc2a5dcb0eb3cadb5a4d9ddf756c7e6c1424a72b4cff594001efd404
494a9c8817786531126dd245c93f8a85aa6afa405c7b8a2e45b667538470ce7a
4a2ced70daa935dd1fc2d8bc665a35044729ee6684edf3b0cc35ddbdcbdbe2d9
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
5073c3f9b85629e91f85c40bb08925faaab4717de831ebc2d0a40a6df100b880
5cea068537a9ce7722b6a08c23bc67dff6b49a272be984b95c2e9156411d2636
5d463aa98f7ca989332916f998fc2b51b79ee44e69979f28621c6c3c4c3f7404
5dd46059902b99d86c42588668824486114180f5e1c385cb504a23e53b2d7bef
5f50680baeccfe515bedbdd26ff988515c35e407f9aae4b2571cd1940d1d423d
5fb675729c9065818c208dd27f067e0c3b1772918af3166d4992beea43041c53
6adba195b2335efaa248dec95d745481c3b7dfc9a61a5b54ba290c7b98254865
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b0fdaa32feffbdbd15bda3619624e0aa8e1d647fd720e31b7645654e7fb551e
6fb3140db2839cabd3662044ef7791206df377b2211046abc71dd039f05fe082
712a64e252b8b2276803abea9f4ec37e39bc91a63c34159f311b690f988c3a3f
752f3b3c4dae1b8e8ee6c8fe78bfbd71b3550aaee6f2404f680f3edd212824b2
783216a157bd808ef48ba34b2830f7a2fe23585a4d610dc4cd4b857a162fb208
7d1e4da46e65ade35e0017500907b2d3bc738bb33b10266f679f2113cc56861c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8364af5956f2875ad4a7e129eb32f3fa539111a8a45662256877a88fc6b2efc4
868952679c13a0031de5eaaeb29ccfd79758da60f973c2d55ddd1cac93c1907e
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8af77a655a0e1ecfd86c2a3aaf8f3492ed33e1a358be8f4bb0d1794db79aa4fa
9035883a272c40f66265e88a4272d38741acc0ffb9c951d225e33ec630821c7c
93411a2690b52b44a288932d7871219bfcd365cab8ba767d1234e8bb90b1ff5a
9b7ed5ed6777f1ec508c24bfa91b195b02d982363f2d723806e266a471292605
9c955f0593c63d7c43d63ec8e1f934487cf5d3c6dfc4d7529e69673870cdd639
9d3ccfc18cd58fffbfd0ebcfb18ce90a14c919111d4e481f75671dc945af8dc8
a0b1f949528f7a3a2d2ff3b6df67c6c1b5cb8f62a2eba6eb5e06adff2d5795f3
a183888fcf1c0e637eb7d8bc2edaeb0640df51278d8ba0f9141e8fe9bec1824e
a2080acecd874df2baccc6faf67013cf9b7bf8d4a755bbecb6e1e00ff73077ea
a28bc9b1c1de9676087252ef6b0f9fd77d360534b702823bd7eb50be2fbfaafb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab221b9e81a8439634c9f73c15c96457f75d3632fea1f6256fa4833acc6a314a
ab77c45abab064a07150e489eb132ec77dc1cbb1cb6d2d52d94b6edd8e05d87a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af7fc268bd3adf07f27781ccf76232966e8a0e44dc879a4777e3ea337130634b
b318ef40d63862e41dac76084a91dc0477df0b17f03da157e643542d022cd26b
b73b7e0eaffe020cd9d4eaccd4afc57904bba61c4a3423f8640e4a05abf1b7ca
b9869f82ad1480257239f7e749705cdd70bea5cc60466741246fabc3041aa42d
bc7dca6ba357eef56b8ffc24339882a59036a558dff240c3babc49c957b89fcb
bcd4c5fe2248fe1b7668411b46db4b6481525f02524c73a5037f0deaaed7b37c
bf6ffffdf9d96a960659b14bf150c51f63171ee71811e0f2484731c042475f26
c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20
c2d02d5f5b95c51c99da75486561f118d1945d1c5bdff3166cd68f89f42241ad
c706c9ace0ed1fdc221453793090feae0c5af7646b9e17a73b6a2d36c563f917
c75f8c06d78926e0624b04af9e6d0fb3339cb4b52ff00034661ca8f0c29d81c4
d362ebe549f9ed79d16714cd8780b44668d52d90c6573caabeb1e2c48640fd1b
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd0aa2edbf70120a3664d67d62c7be974905b21305d74bf06b58d4570bb81dc7
ded36abed7df72299e178fad6815610d94db0090ee9f7ad0b0cd3f3f8e685beb
dfb12bb49b914abebe510f3db1d251c4f716a6bc7d756d3cec1e86a3ff5c22d2
e15b399e5be9732a12e7c2fcb42428cefb0ea79f89df93dae6e79eb5c018e5f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e604ed620cde25b7cb019a9c34e982ca5222795ec859c952800cc2b1ea0e90ed
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f581b363d05fc339b45b6325008324982bfddefed536ecf1bf31107613ba4677
f8837339f39b4de89bcdc5b4705e44d0007a8728881c70d1010f9973dff06306
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.recordedfuture.com Open in urlscan Pro 104.18.35.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

106 Requests

98 %HTTPS

52 %IPv6

24 Domains

35 Subdomains

32 IPs

5 Countries

3191 kBTransfer

8101 kBSize

34 Cookies

9 Outgoing links

Page URL History

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.recordedfuture.com Open in urlscan Pro
104.18.35.90 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

98 %
HTTPS

52 %
IPv6

24
Domains

35
Subdomains

32
IPs

5
Countries

3191 kB
Transfer

8101 kB
Size

34
Cookies

106 HTTP transactions
0 data transactions