URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Submission: On October 20 via api from DE — Scanned from DE

Summary

This website contacted 48 IPs in 5 countries across 37 domains to perform 218 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.menlosecurity.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 25th 2022. Valid for: a year.
This is the only time www.menlosecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
46 141.193.213.21 209242 (CLOUDFLAR...)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 104.17.72.206 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
11 23.79.139.87 16625 (AKAMAI-AS)
1 199.232.188.157 54113 (FASTLY)
1 13.225.78.103 16509 (AMAZON-02)
1 142.250.184.226 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 23.45.104.85 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 54.203.228.209 16509 (AMAZON-02)
1 2600:9000:21f... 16509 (AMAZON-02)
6 52.44.206.121 14618 (AMAZON-AES)
64 13.224.189.50 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 151.101.14.109 54113 (FASTLY)
3 3 2620:1ec:22::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 13.224.189.51 16509 (AMAZON-02)
1 185.89.210.122 29990 (ASN-APPNEX)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 104.244.42.197 13414 (TWITTER)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
10 13.224.189.101 16509 (AMAZON-02)
1 206.19.49.24 7018 (ATT-INTER...)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.122 16509 (AMAZON-02)
1 192.28.147.68 15224 (OMNITURE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 35.157.228.184 16509 (AMAZON-02)
1 52.18.136.97 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 3 54.87.106.23 14618 (AMAZON-AES)
1 34.98.64.218 396982 (GOOGLE-CL...)
1 35.244.174.68 15169 (GOOGLE)
1 54.163.122.158 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
4 50.16.7.188 14618 (AMAZON-AES)
218 48
Apex Domain
Subdomains
Transfer
64 driftt.com
js.driftt.com — Cisco Umbrella Rank: 5317
865 KB
52 menlosecurity.com
www.menlosecurity.com
info.menlosecurity.com
1 MB
12 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6573
c.6sc.co — Cisco Umbrella Rank: 9944
ipv6.6sc.co — Cisco Umbrella Rank: 7039
b.6sc.co — Cisco Umbrella Rank: 4599
15 KB
10 fullcircleinsights.com
st.fullcircleinsights.com — Cisco Umbrella Rank: 76997
11 KB
10 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 413
157 KB
7 hushly.com
app.hushly.com — Cisco Umbrella Rank: 62997
hubfront.hushly.com — Cisco Umbrella Rank: 217501
219 KB
6 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 3384
9 KB
5 clickagy.com
tags.clickagy.com — Cisco Umbrella Rank: 6263
aorta.clickagy.com — Cisco Umbrella Rank: 1520
hemsync.clickagy.com — Cisco Umbrella Rank: 6011
15 KB
5 gstatic.com
fonts.gstatic.com
116 KB
4 drift.com
bootstrap.api.drift.com — Cisco Umbrella Rank: 6206
metrics.api.drift.com — Cisco Umbrella Rank: 5887
333 B
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 375
www.linkedin.com — Cisco Umbrella Rank: 591
px4.ads.linkedin.com — Cisco Umbrella Rank: 6090
3 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 619
script.hotjar.com — Cisco Umbrella Rank: 789
vars.hotjar.com — Cisco Umbrella Rank: 916
in.hotjar.com — Cisco Umbrella Rank: 1656
69 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
3 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
1 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 11211
431 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6045
564 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 5017
www.google.com — Cisco Umbrella Rank: 2
852 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
203 B
2 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 14729
apt.techtarget.com — Cisco Umbrella Rank: 19275
2 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 2933
6 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
111 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
160 KB
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 584
98 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 409
304 B
1 mktoresp.com
281-owv-899.mktoresp.com
318 B
1 t.co
t.co — Cisco Umbrella Rank: 483
377 B
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 438
705 B
1 vimeocdn.com
extend.vimeocdn.com — Cisco Umbrella Rank: 9022
6 KB
1 cloudfront.net
d2i34c80a0ftze.cloudfront.net
11 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4889
2 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 742
3 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 131
15 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 624
15 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 678
374 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 216
7 KB
0 twitter.com Failed
analytics.twitter.com Failed
218 37
Domain Requested by
64 js.driftt.com www.menlosecurity.com
js.driftt.com
46 www.menlosecurity.com www.menlosecurity.com
10 st.fullcircleinsights.com d2i34c80a0ftze.cloudfront.net
10 cdn.cookielaw.org www.menlosecurity.com
cdn.cookielaw.org
9 b.6sc.co www.menlosecurity.com
6 tags.srv.stackadapt.com www.menlosecurity.com
tags.srv.stackadapt.com
6 app.hushly.com www.menlosecurity.com
app.hushly.com
6 info.menlosecurity.com www.menlosecurity.com
info.menlosecurity.com
5 fonts.gstatic.com fonts.googleapis.com
4 fonts.googleapis.com www.menlosecurity.com
info.menlosecurity.com
3 aorta.clickagy.com 2 redirects tags.clickagy.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 metrics.api.drift.com js.driftt.com
2 bootstrap.api.drift.com js.driftt.com
2 epsilon.6sense.com j.6sc.co
2 www.google.de www.menlosecurity.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 www.facebook.com www.menlosecurity.com
2 px.ads.linkedin.com 2 redirects
2 munchkin.marketo.net www.menlosecurity.com
munchkin.marketo.net
2 connect.facebook.net www.menlosecurity.com
connect.facebook.net
2 www.googletagmanager.com www.menlosecurity.com
www.googletagmanager.com
1 www.google.com www.menlosecurity.com
1 hemsync.clickagy.com tags.clickagy.com
1 id.rlcdn.com www.menlosecurity.com
1 us-u.openx.net www.menlosecurity.com
1 in.hotjar.com script.hotjar.com
1 tags.clickagy.com ws.zoominfo.com
1 281-owv-899.mktoresp.com munchkin.marketo.net
1 vars.hotjar.com static.hotjar.com
1 region1.analytics.google.com www.googletagmanager.com
1 apt.techtarget.com www.menlosecurity.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 t.co www.menlosecurity.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 script.hotjar.com static.hotjar.com
1 px4.ads.linkedin.com www.menlosecurity.com
1 www.linkedin.com 1 redirects
1 extend.vimeocdn.com www.googletagmanager.com
1 trk.techtarget.com www.menlosecurity.com
1 d2i34c80a0ftze.cloudfront.net www.googletagmanager.com
1 hubfront.hushly.com www.menlosecurity.com
1 ws.zoominfo.com www.menlosecurity.com
1 snap.licdn.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 j.6sc.co www.menlosecurity.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 cdnjs.cloudflare.com www.menlosecurity.com
0 analytics.twitter.com Failed www.menlosecurity.com
218 53
Subject Issuer Validity Valid
www.menlosecurity.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-25 -
2023-07-01
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
info.menlosecurity.com
Cloudflare Inc ECC CA-3
2022-04-30 -
2023-04-30
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-01-12 -
2023-01-12
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.6sc.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-08 -
2023-03-11
a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-22 -
2023-08-22
a year crt.sh
*.hotjar.com
Amazon
2021-11-25 -
2022-12-23
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2022-03-01 -
2023-03-01
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-07-29 -
2022-10-27
3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2022-02-06 -
2023-02-07
a year crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3
2022-05-04 -
2023-05-04
a year crt.sh
*.hushly.com
Amazon
2022-08-15 -
2023-09-12
a year crt.sh
*.srv.stackadapt.com
Amazon
2022-10-09 -
2023-11-07
a year crt.sh
drift.com
Amazon
2022-08-24 -
2023-09-21
a year crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
*.vimeocdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-05-17 -
2023-06-18
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
aws-st.fullcircleinsights.com
Amazon
2022-06-13 -
2023-07-11
a year crt.sh
*.techtarget.com
Thawte RSA CA 2018
2022-09-27 -
2023-10-28
a year crt.sh
www.google.de
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-05 -
2023-11-05
a year crt.sh
*.6sense.com
Amazon
2022-05-31 -
2023-06-29
a year crt.sh
*.clickagy.com
Amazon
2021-12-15 -
2023-01-12
a year crt.sh
www.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.google.de
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh

This page contains 6 frames:

Primary Page: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Frame ID: 2755BAFB57DB2CBD7AB82027C07878BA
Requests: 142 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-c1417f7b48595d0dbca01c86f95d6dbb.html
Frame ID: C16CC8CA8720EEC8CC6F9CE800D81082
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 486B44C71778949723C4C21A111FBA34
Requests: 1 HTTP requests in this frame

Frame: https://info.menlosecurity.com/index.php/form/XDFrame
Frame ID: 23B36B40C87124D7D568DF3CDF746F6E
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Frame ID: D50C8216B9FEED74DD0D588F8332D493
Requests: 32 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Frame ID: 2235F53FC578FA8B66CBAFBF97B80023
Requests: 33 HTTP requests in this frame

Screenshot

Page Title

An anatomy of HEAT attacks used by Qakbot campaigns - Blog | Menlo SecurityBack ButtonFilter Button

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • lodash.*\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

218
Requests

98 %
HTTPS

46 %
IPv6

37
Domains

53
Subdomains

48
IPs

5
Countries

3300 kB
Transfer

7887 kB
Size

43
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1666278494223%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%252Fblog%252Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true&e_ipv6=AQL0H5nKVNpI0gAAAYP18BHYeCtvHZFs5nc5ZDqGyQ633B9Q9ZZx_kcXZKOgymq6P2VXWv4_3XK7
Request Chain 111
  • https://aorta.clickagy.com/pixel.gif?clkgypv=jstag HTTP 302
  • https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
Request Chain 112
  • https://aorta.clickagy.com/liveramp_redir HTTP 302
  • https://id.rlcdn.com/711861.gif

218 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
108 KB
21 KB
Document
General
Full URL
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
98b2a09094dab7265586a29153116e2643100c1c4bfe6ef424af859ffb639ccf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
75d2aae2aa0a914d-FRA
content-encoding
br
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-type
text/html; charset=UTF-8
date
Thu, 20 Oct 2022 15:08:13 GMT
link
<https://www.menlosecurity.com/wp-json/>; rel="https://api.w.org/" <https://www.menlosecurity.com/wp-json/wp/v2/posts/4681>; rel="alternate"; type="application/json" <https://www.menlosecurity.com/?p=4681>; rel=shortlink
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains;
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-pass-why
custom-path
x-pingback
https://www.menlosecurity.com/xmlrpc.php
x-powered-by
WP Engine
OtAutoBlock.js
cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/
12 KB
3 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/OtAutoBlock.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9f4550700e5b31a1b49eba49ed6962e0775bcb1beeae987d0968f273a35effd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
TV0+ku1RWSTv6i4UVe9r6A==
age
364
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3051
x-ms-lease-status
unlocked
last-modified
Fri, 23 Sep 2022 22:17:52 GMT
server
cloudflare
etag
0x8DA9DB1752A3D74
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
eaa17447-901e-0035-4ebd-cf76b3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aae9bea78fd6-FRA
expires
Thu, 20 Oct 2022 19:08:13 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
e0VkrpV+7zqDAjQ/RMXPsw==
age
11931
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
7151
x-ms-lease-status
unlocked
last-modified
Thu, 20 Oct 2022 05:40:10 GMT
server
cloudflare
etag
0x8DAB25D8D6DD081
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
7fecab3b-701e-003f-2257-e46f3a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aae9bea98fd6-FRA
lodash.min.js
cdnjs.cloudflare.com/ajax/libs/lodash.js/0.10.0/
18 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/lodash.js/0.10.0/lodash.min.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
958c2ecbdd6c6708cf566ceb9b10ffd133ceef822ce81ef460db8ca29e44bcb5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1419678
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6419
last-modified
Mon, 04 May 2020 16:12:02 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ed2-464d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1K5YVoVxodzefoBHjvV7b17noPT10E6Z8juHKyfmSH2JvHLnhZWKkb7AE9uCBqTHb9Nf181ipTSZo8IJbNR6PhhJYWwNuHnpeRGpeuiaLvqMNvqVCtRyQ2z7FojCh3K75D9xR6kBkZTGatxDx7Rix%2By2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
75d2aae9b95c6977-FRA
expires
Tue, 10 Oct 2023 15:08:13 GMT
autoptimize_24c3c93b166afd33ee76a72c88f01442.css
www.menlosecurity.com/wp-content/cache/autoptimize/1/css/
497 KB
73 KB
Stylesheet
General
Full URL
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba0b426871cf3c89e977488b25871492240ea776a74d4e5894245cdeb2883634
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
351499
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:59:48 GMT
server
cloudflare
etag
W/"6347fdb4-7c596"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aae9a9c6914d-FRA
dashicons.min.css
www.menlosecurity.com/wp-includes/css/
58 KB
35 KB
Stylesheet
General
Full URL
https://www.menlosecurity.com/wp-includes/css/dashicons.min.css?ver=6.0.2
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
402255
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:03 GMT
server
cloudflare
etag
W/"6347fd4b-e688"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aae9a9c9914d-FRA
jquery.min.js
www.menlosecurity.com/wp-includes/js/jquery/
87 KB
31 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1340690
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 05 Oct 2022 02:31:10 GMT
server
cloudflare
etag
W/"633cec6e-15db1"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aae9a9ca914d-FRA
icon-search.svg
www.menlosecurity.com/wp-content/themes/menlo/resources/images/temp/
384 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/temp/icon-search.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d31c8324cb19809562244b53cc52b67032e5cb663b758de4cdc5a28169743d99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
73429
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:00:58 GMT
server
cloudflare
etag
W/"634f5a5a-180"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb599b86-FRA
icon-close.svg
www.menlosecurity.com/wp-content/themes/menlo/resources/images/temp/
577 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/temp/icon-close.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b065a0026be768ecfa77a6645a074c5c65a789f2889c1d1c4b22e96fd38f1da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
73429
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:00:58 GMT
server
cloudflare
etag
W/"634f5a5a-241"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb5a9b86-FRA
Qakbot_blog_new.jpg
www.menlosecurity.com/wp-content/uploads/2022/08/
67 KB
68 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/Qakbot_blog_new.jpg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c49d9c346ac743df2351f62a73c3087dd91b1f51c86f6a824b2944394e04d92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origSize=79729, status=webp_bigger
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
68470
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:51 GMT
server
cloudflare
etag
"63513a53-13771"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeabb5b9b86-FRA
email-decode.min.js
www.menlosecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
871 B
Script
General
Full URL
https://www.menlosecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 Oct 2022 13:38:05 GMT
server
cloudflare
etag
W/"634571bd-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
75d2aae9f9a49b86-FRA
expires
Sat, 22 Oct 2022 15:08:13 GMT
forms2.min.js
info.menlosecurity.com/js/forms2/js/
208 KB
69 KB
Script
General
Full URL
https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 04 Oct 2022 18:03:49 GMT
server
cloudflare
age
241
etag
"640399-33e51-5ea394834ab40"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
75d2aaea482669a3-FRA
expires
Thu, 20 Oct 2022 19:08:13 GMT
regenerator-runtime.min.js
www.menlosecurity.com/wp-includes/js/dist/vendor/
6 KB
4 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
407
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 20 Oct 2022 12:08:22 GMT
server
cloudflare
etag
W/"63513a36-194b"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeaab349b86-FRA
wp-polyfill.min.js
www.menlosecurity.com/wp-includes/js/dist/vendor/
19 KB
8 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
348508
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:01 GMT
server
cloudflare
etag
W/"6347fd49-4ac6"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb449b86-FRA
dom-ready.min.js
www.menlosecurity.com/wp-includes/js/dist/
498 B
2 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/dom-ready.min.js?ver=d996b53411d1533a84951212ab6ac4ff
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
351176
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:01 GMT
server
cloudflare
etag
W/"6347fd49-1f2"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb519b86-FRA
hooks.min.js
www.menlosecurity.com/wp-includes/js/dist/
5 KB
3 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
25143
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:00:15 GMT
server
cloudflare
etag
W/"634f5a2f-132e"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb539b86-FRA
i18n.min.js
www.menlosecurity.com/wp-includes/js/dist/
10 KB
5 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
351173
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:04 GMT
server
cloudflare
etag
W/"6347fd4c-27ee"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb569b86-FRA
a11y.min.js
www.menlosecurity.com/wp-includes/js/dist/
2 KB
2 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-includes/js/dist/a11y.min.js?ver=a38319d7ba46c6e60f7f9d4c371222c5
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
308591
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:01 GMT
server
cloudflare
etag
W/"6347fd49-9cc"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb589b86-FRA
autoptimize_b8b6ea80717e90323b072574f4f1f9b5.js
www.menlosecurity.com/wp-content/cache/autoptimize/1/js/
285 KB
79 KB
Script
General
Full URL
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/js/autoptimize_b8b6ea80717e90323b072574f4f1f9b5.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4611e98122a2c3ddb76f6e0d3e88d1fdeee2844edb65d1a4e03aa1335c56a901
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
292565
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:59:41 GMT
server
cloudflare
etag
W/"6347fdad-4759e"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeabb5d9b86-FRA
1a750de4-f18f-43d4-8b13-4ead3aa824f4.json
cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/1a750de4-f18f-43d4-8b13-4ead3aa824f4.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7241e72a9b6c21a28ce6531b73eed7bd11ca1bc737d88f86d74bda1682b4a123
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
0ARsqMrhy93oIwoj9vs61g==
age
448
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1550
x-ms-lease-status
unlocked
last-modified
Fri, 23 Sep 2022 22:17:52 GMT
server
cloudflare
etag
0x8DA9DB174EAF32B
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
867b5c7e-701e-013b-33ac-cfdced000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaea0f50692b-FRA
expires
Thu, 20 Oct 2022 19:08:13 GMT
gtm.js
www.googletagmanager.com/
246 KB
84 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
408d18c5c5d429ce94649d396aaa742d86136acd98457af199dca14a7a9ffc24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85407
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 20 Oct 2022 15:08:13 GMT
css2
fonts.googleapis.com/
10 KB
738 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Raleway:wght@300;400;600;700;800;900&display=swap
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ea6028aa03c2eda8725a67ffaff79e8498b464975d8a1744f983d9809c6810e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 15:08:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Oct 2022 15:08:13 GMT
css2
fonts.googleapis.com/
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 13:18:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Oct 2022 15:08:13 GMT
css2
fonts.googleapis.com/
4 KB
709 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;700&display=swap
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e87a8ee30b7f3e1fd90688380586a85641bc7a432e83be99cce7526e5f702136
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 14:06:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Oct 2022 15:08:13 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
178 B
374 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:929e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f102cff3d47f725c68e30506037a66920a19fd6bce42273fa0d012c38d57b29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
75d2aaea6dff6983-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202209.1.0/
376 KB
90 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bcbd83d020ff272645c59dff179841df9374a6295f324eee00b9de4e67bc1cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
229oLfugqvtMNLM3e0uPaA==
age
260
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
91423
x-ms-lease-status
unlocked
last-modified
Tue, 11 Oct 2022 04:36:30 GMT
server
cloudflare
etag
0x8DAAB422B1E6529
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
65ffbfc2-d01e-0039-6a3d-dd9842000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaeab89c8fd6-FRA
logo.svg
www.menlosecurity.com/wp-content/themes/menlo/resources/images/
5 KB
3 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/logo.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8bc4ed1493c1977120d12182cb046732ffad208a75d936ce32944c7deddddd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
348504
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:43 GMT
server
cloudflare
etag
W/"6347fd73-134c"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeacb769b86-FRA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 13:14:53 GMT
x-content-type-options
nosniff
age
525200
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Oct 2023 13:14:53 GMT
arrow-dropdown.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
207 B
1 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/arrow-dropdown.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7d6070b955f11f31a679ff7742f6fe382348f7b71934cf2e8596ef1908c684a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
206592
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 18 Oct 2022 00:36:40 GMT
server
cloudflare
etag
W/"634df518-cf"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeacb819b86-FRA
zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v14/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 17:39:55 GMT
x-content-type-options
nosniff
age
163698
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18000
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:46:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 18 Oct 2023 17:39:55 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/
45 KB
46 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Raleway:wght@300;400;600;700;800;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 08:23:46 GMT
x-content-type-options
nosniff
age
542667
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46524
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:58:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Oct 2023 08:23:46 GMT
fa-solid-900.woff2
www.menlosecurity.com/wp-content/themes/menlo/dist/fonts/@fortawesome/fontawesome-free/webfonts/
76 KB
78 KB
Font
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/fonts/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78196
last-modified
Thu, 20 Oct 2022 12:09:05 GMT
server
cloudflare
etag
"63513a61-13174"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeacb879b86-FRA
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 05:09:29 GMT
x-content-type-options
nosniff
age
554324
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 14 Oct 2023 05:09:29 GMT
Video_DelOroHEAT_NavImg-200x196.png
www.menlosecurity.com/wp-content/uploads/2022/10/
31 KB
32 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/Video_DelOroHEAT_NavImg-200x196.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7e93d524e61a486b5b61c0ac0d9a39ebaf8aa5056ffec6c313a2cd8b43eb190
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
351175
cf-polished
origFmt=png, origSize=49886
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="Video_DelOroHEAT_NavImg-200x196.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
31772
cf-bgj
imgq:100,h2pri
last-modified
Thu, 13 Oct 2022 11:58:33 GMT
server
cloudflare
etag
"6347fd69-c2de"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeadbbb9b86-FRA
eBook_HEAT-Ultimate-Buyers-Guide-NavImg-200x196.png
www.menlosecurity.com/wp-content/uploads/2022/10/
35 KB
36 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/eBook_HEAT-Ultimate-Buyers-Guide-NavImg-200x196.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
80589affb81f0acbdd860efbc855c0af00166d92d8bc7f30a01ee490f8a3bed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
351175
cf-polished
origFmt=png, origSize=54408
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="eBook_HEAT-Ultimate-Buyers-Guide-NavImg-200x196.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35392
cf-bgj
imgq:100,h2pri
last-modified
Thu, 13 Oct 2022 11:58:33 GMT
server
cloudflare
etag
"6347fd69-d488"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeafc019b86-FRA
eBook_How-hybrid-work-fuels-ransomware-attacks-NavImg-200x196.png
www.menlosecurity.com/wp-content/uploads/2022/10/
45 KB
47 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/eBook_How-hybrid-work-fuels-ransomware-attacks-NavImg-200x196.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
253144997d7f8a90e80bb5da26c0bfa3be27066f9a09cdfc094668a989d997be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
351174
cf-polished
origFmt=png, origSize=73269
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="eBook_How-hybrid-work-fuels-ransomware-attacks-NavImg-200x196.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
46212
cf-bgj
imgq:100,h2pri
last-modified
Thu, 13 Oct 2022 11:58:33 GMT
server
cloudflare
etag
"6347fd69-11e35"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeafc079b86-FRA
eBook_The-Ultimate-Buyer-Guide-Zero-Trust-Network-Access_NavImg-200x196.png
www.menlosecurity.com/wp-content/uploads/2022/10/
36 KB
38 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/eBook_The-Ultimate-Buyer-Guide-Zero-Trust-Network-Access_NavImg-200x196.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
703483cfe38c5b280522ae94ebb009e65d4bf4d9bf264ed6302a6bb4dad768c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
351174
cf-polished
origFmt=png, origSize=57561
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="eBook_The-Ultimate-Buyer-Guide-Zero-Trust-Network-Access_NavImg-200x196.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36952
cf-bgj
imgq:100,h2pri
last-modified
Thu, 13 Oct 2022 11:58:33 GMT
server
cloudflare
etag
"6347fd69-e0d9"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeafc0a9b86-FRA
globe-icon-purple.png
www.menlosecurity.com/wp-content/themes/menlo/resources/images/
278 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/globe-icon-purple.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e80fa7380340a7651059a8b3d0d8ee3612d68c21a82206eaa5b0322b8263725
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
351175
cf-polished
origFmt=png, origSize=671
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="globe-icon-purple.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
278
cf-bgj
imgq:100,h2pri
last-modified
Thu, 13 Oct 2022 11:58:43 GMT
server
cloudflare
etag
"6347fd73-29f"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb1c5c9b86-FRA
section-article-pattern.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
190 B
1 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/section-article-pattern.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f51bbe7b57914a96209c33c6a7a2d21f01b93f346fe27e5349249bc6a991679
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
119461
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:00:58 GMT
server
cloudflare
etag
W/"634f5a5a-be"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb1c5d9b86-FRA
section-article-pattern2.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
4 KB
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/section-article-pattern2.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
11374f38070555c45a2cf29c753bcd7442517ef7d7afdbe2d381f8235efeffcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
407
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 20 Oct 2022 12:09:06 GMT
server
cloudflare
etag
W/"63513a62-1133"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb1c5f9b86-FRA
article-single-right-pattern.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
569 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/article-single-right-pattern.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
62c994195bf30d1607e2d7b8cc5eaf8d9c30c7f78e6e32eecc676a3f74932e43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
292565
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:44 GMT
server
cloudflare
etag
W/"6347fd74-239"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb1c619b86-FRA
article-single-left-pattern.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
595 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/article-single-left-pattern.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1cd92144ff9e7af94bc45cac521e92d5534c7447b4de28afc365dbbf8828658
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
73429
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:00:58 GMT
server
cloudflare
etag
W/"634f5a5a-253"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb1c649b86-FRA
fa-brands-400.woff2
www.menlosecurity.com/wp-content/themes/menlo/dist/fonts/@fortawesome/fontawesome-free/webfonts/
75 KB
76 KB
Font
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/fonts/@fortawesome/fontawesome-free/webfonts/fa-brands-400.woff2
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
9814
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
76764
last-modified
Thu, 20 Oct 2022 12:09:05 GMT
server
cloudflare
etag
"63513a61-12bdc"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb1c659b86-FRA
Menlo_Labs_Nav_image.png
www.menlosecurity.com/wp-content/uploads/2022/10/
214 KB
215 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/Menlo_Labs_Nav_image.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b7bd98e5ca8a4a565f8a09965fd8da18e8ee37e99b1cafc08bad6673b38c7c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
206591
cf-polished
origFmt=png, origSize=331938
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="Menlo_Labs_Nav_image.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
219038
cf-bgj
imgq:100,h2pri
last-modified
Tue, 18 Oct 2022 00:36:28 GMT
server
cloudflare
etag
"634df50c-510a2"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4ccf9b86-FRA
icon-question.svg
www.menlosecurity.com/wp-content/uploads/2021/05/
1 KB
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2021/05/icon-question.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c27bb55dc2fe6453e72fdfa7726fc8b74473bbffdbc424df999dc7751bf7ce3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
73429
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 19 Oct 2022 02:01:09 GMT
server
cloudflare
etag
W/"634f5a65-430"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb4cd09b86-FRA
icon-phone.svg
www.menlosecurity.com/wp-content/uploads/2021/05/
1 KB
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2021/05/icon-phone.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba482add0c02c927f05b5078b949334e4d1db145525061a0bb29b70bda92b9c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
351174
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:52 GMT
server
cloudflare
etag
W/"6347fd7c-488"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb4cd39b86-FRA
qakbot-email-lure-payload-2.png
www.menlosecurity.com/wp-content/uploads/2022/08/
14 KB
15 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-email-lure-payload-2.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
59cb7d5683f72d2920b70698c6a9ffecfaaf2479594108b481c94d3848750bd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
408
cf-polished
origFmt=png, origSize=33748
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-email-lure-payload-2.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13828
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-83d4"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cd69b86-FRA
qakbot-email-lure-evasion.png
www.menlosecurity.com/wp-content/uploads/2022/08/
8 KB
9 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-email-lure-evasion.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba552b1989b489cc4c619989de193cf07efc5f26419edb00563c3cc9007706ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=22130
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-email-lure-evasion.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7998
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:51 GMT
server
cloudflare
etag
"63513a53-5672"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cd89b86-FRA
qakbot-email-lure-malicious-lnk-download.png
www.menlosecurity.com/wp-content/uploads/2022/08/
28 KB
30 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-email-lure-malicious-lnk-download.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8545749101fc8aeb139c07538cfd2db5c79029985962526aa817b899c75b67ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=57759
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-email-lure-malicious-lnk-download.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
28852
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-e19f"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cda9b86-FRA
qakbot-email-lure-js.png
www.menlosecurity.com/wp-content/uploads/2022/08/
80 KB
81 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-email-lure-js.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5f7f0d7ed80280f0a84f08b2494b6bf509d6a44d683d8a2bafc5a690635310
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=189455
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-email-lure-js.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
81480
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-2e40f"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cdc9b86-FRA
qakbot-excel-40-macros-diagram.png
www.menlosecurity.com/wp-content/uploads/2022/08/
6 KB
7 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-excel-40-macros-diagram.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bef857d0d4902ce2c1e5061786720d2bde7b06ec62f44b10a14895ce8c32b1b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=13043
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-excel-40-macros-diagram.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5804
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-32f3"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4ce09b86-FRA
qakbot-excel-40-email-contents-1024x440.png
www.menlosecurity.com/wp-content/uploads/2022/08/
26 KB
28 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-excel-40-email-contents-1024x440.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce5c3f8080f47c836504791f325bc1347930bf1fd9c5eff12d45e7b60301d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=73303
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-excel-40-email-contents-1024x440.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27084
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-11e57"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4ce39b86-FRA
qakbot-excel-40-enable-macros.png
www.menlosecurity.com/wp-content/uploads/2022/08/
13 KB
14 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-excel-40-enable-macros.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dcbdf941f2ac36658027af985c8621d3468eefde9ab793f38f6fa53bc22aec9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=21996
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-excel-40-enable-macros.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12976
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-55ec"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cf09b86-FRA
qakbot-excel-40-payload.png
www.menlosecurity.com/wp-content/uploads/2022/08/
45 KB
47 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/08/qakbot-excel-40-payload.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7501d6f1489d7878ea71a2bb48211bc0ae0ab34fd934c4129d0089610e0f4c07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
407
cf-polished
origFmt=png, origSize=88150
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="qakbot-excel-40-payload.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
46508
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:52 GMT
server
cloudflare
etag
"63513a54-15856"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaeb4cf49b86-FRA
section-contact-pattern.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
2 KB
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/section-contact-pattern.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
01cbac3c4e6bb2c6e2006fc5b2c60181bb18f6c0e75c3d12e5030508bd0afdfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
292566
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:44 GMT
server
cloudflare
etag
W/"6347fd74-892"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaeb6d1c9b86-FRA
getForm
info.menlosecurity.com/index.php/form/
22 KB
5 KB
Script
General
Full URL
https://info.menlosecurity.com/index.php/form/getForm?munchkinId=281-OWV-899&form=2571&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&callback=jQuery112405356401787801488_1666278493984&_=1666278493985
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a889dae117315d85434869144091af3cce79107cef93c3a1ca57c44239b324

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-form-service-request-id
f4e9#183f5f0100d
x-marketo-source
Form Service
cf-ray
75d2aaeb9a9069a3-FRA
cached
false
footer-pattern.svg
www.menlosecurity.com/wp-content/themes/menlo/dist/images/
657 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/dist/images/footer-pattern.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38bfa814ad4096dccf3892ea2c80c4d8b79e5e8ba7043c7c730b2061a2d2102
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
292565
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:44 GMT
server
cloudflare
etag
W/"6347fd74-291"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaebbdb29b86-FRA
logo-footer.svg
www.menlosecurity.com/wp-content/themes/menlo/resources/images/
4 KB
3 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/logo-footer.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c45006c40d76e72f40e88dc8e91670aeb859178d60536c3b412f79fe5399b21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
292565
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 13 Oct 2022 11:58:43 GMT
server
cloudflare
etag
W/"6347fd73-105f"
x-frame-options
DENY
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
75d2aaebbdb69b86-FRA
en.json
cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/d2455243-ab24-4927-854a-4111d3e6abf4/
94 KB
19 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/d2455243-ab24-4927-854a-4111d3e6abf4/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f84f90e0b8d058f6c6119cc65908765742a3f60f5f099a1eab14cd99118337c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
mOqBA1rHESg14r6aB3RJ7w==
age
12823
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
19462
x-ms-lease-status
unlocked
last-modified
Fri, 23 Sep 2022 22:18:01 GMT
server
cloudflare
etag
0x8DA9DB17A4C3B8C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
37af19f7-401e-00bf-5a9b-decc90000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaebca81692b-FRA
expires
Thu, 20 Oct 2022 19:08:14 GMT
globe-icon.png
www.menlosecurity.com/wp-content/themes/menlo/resources/images/
276 B
2 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/themes/menlo/resources/images/globe-icon.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc9914192e0a743ae5573b812ab10411abd58039f8d1971fcf08f5591a8f2257
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/wp-content/cache/autoptimize/1/css/autoptimize_24c3c93b166afd33ee76a72c88f01442.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
199376
cf-polished
origFmt=png, origSize=2060
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="globe-icon.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
276
cf-bgj
imgq:100,h2pri
last-modified
Tue, 18 Oct 2022 00:36:39 GMT
server
cloudflare
etag
"634df517-80c"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaec1eb99b86-FRA
Two_minutes_On-HEAT-attacks-evading-web-cat-and-URL-reputation_Blog_b.jpg
www.menlosecurity.com/wp-content/uploads/2022/10/
65 KB
66 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/Two_minutes_On-HEAT-attacks-evading-web-cat-and-URL-reputation_Blog_b.jpg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/js/autoptimize_b8b6ea80717e90323b072574f4f1f9b5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2800c89c535963b87a1c952ae5285da4f148ebaadf38ec5396f432e0e9254d39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
168507
cf-polished
origFmt=jpeg, origSize=83040
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="Two_minutes_On-HEAT-attacks-evading-web-cat-and-URL-reputation_Blog_b.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
66394
cf-bgj
imgq:100,h2pri
last-modified
Tue, 18 Oct 2022 00:36:29 GMT
server
cloudflare
etag
"634df50d-14460"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaec5f269b86-FRA
Two_minutes_On-HEAT-attacks-evading-http-traffic-inspection_Blog.jpg
www.menlosecurity.com/wp-content/uploads/2022/10/
65 KB
67 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/Two_minutes_On-HEAT-attacks-evading-http-traffic-inspection_Blog.jpg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/js/autoptimize_b8b6ea80717e90323b072574f4f1f9b5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bb0131177aa9022463bfc6f6c7b57f943e8c95c9176a6a6a75b908640582cda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
408
cf-polished
origFmt=jpeg, origSize=83125
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="Two_minutes_On-HEAT-attacks-evading-http-traffic-inspection_Blog.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
66730
cf-bgj
imgq:100,h2pri
last-modified
Thu, 20 Oct 2022 12:08:51 GMT
server
cloudflare
etag
"63513a53-144b5"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaec5f2c9b86-FRA
MITRE_ATT_CK_Initial_Access_Blog_b.jpg
www.menlosecurity.com/wp-content/uploads/2022/10/
64 KB
65 KB
Image
General
Full URL
https://www.menlosecurity.com/wp-content/uploads/2022/10/MITRE_ATT_CK_Initial_Access_Blog_b.jpg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/wp-content/cache/autoptimize/1/js/autoptimize_b8b6ea80717e90323b072574f4f1f9b5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fdcc836e7411f34467ee25ec99fae965b395f2b5cf0d9e1cde0744bc5f4cd02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
cf-cache-status
HIT
age
73430
cf-polished
origFmt=jpeg, origSize=96631
content-security-policy-report-only
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a
content-disposition
inline; filename="MITRE_ATT_CK_Initial_Access_Blog_b.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
65446
cf-bgj
imgq:100,h2pri
last-modified
Wed, 19 Oct 2022 02:00:45 GMT
server
cloudflare
etag
"634f5a4d-17977"
x-frame-options
DENY
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
75d2aaec5f2e9b86-FRA
6si.min.js
j.6sc.co/
30 KB
10 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 29 Sep 2022 20:55:46 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63360652-7700"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
9869
expires
Thu, 20 Oct 2022 15:08:14 GMT
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
last-modified
Tue, 30 Aug 2022 15:04:19 GMT
etag
"d4de8398858246712016031c834bb061+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15317
x-served-by
cache-iad-kjyo7100153-IAD, cache-muc13927-MUC
hotjar-1854968.js
static.hotjar.com/c/
4 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1854968.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-103.fra2.r.cloudfront.net
Software
/
Resource Hash
2549e2d5e272450f9d373855a72900a0c81e9603d0ab0298ba3e2911a1f22b26
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 20 Oct 2022 15:08:14 GMT
via
1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
etag
W/2fc1c05769d1905cbee248eb108b4b2d
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
z7zNv45CsfrrEES7lR5EtQAtMdyCDL0QI4LkdxjAFyV9XBlNaFtUeQ==
conversion_async.js
www.googleadservices.com/pagead/
41 KB
15 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15192
x-xss-protection
0
server
cafe
etag
699633608045481581
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 20 Oct 2022 15:08:14 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
8 KB
3 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
last-modified
Wed, 19 Oct 2022 18:56:33 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=13789
accept-ranges
bytes
content-length
3063
fbevents.js
connect.facebook.net/en_US/
102 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 20 Oct 2022 15:08:14 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27027
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
uLGzbMGVZsdJ4hscOvwS6dMtyWz/xy/qpUdazWyw/R9X8NfPPQT9uRZFKuFrHLm/dj+ugU7QM1BEe8OtXVWvOw==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-104-85.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:14 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Sep 2022 01:18:39 GMT
Server
AkamaiNetStorage
ETag
"92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
728
GQ57xOfAtqXGOqCfMFaF
ws.zoominfo.com/pixel/
3 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b52eed61e525e662ed6ccb335eadcb80c0c6cea76a86bc525052942873ed5a3a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
75d2aaecdcb59158-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
widget.js
app.hushly.com/runtime/
1 KB
2 KB
Script
General
Full URL
https://app.hushly.com/runtime/widget.js?aid=83162
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
38b6e792cfa117ad887d73f850c1f7f0b6fb19ac74dce132283016cb3bcf62e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type
text/javascript;charset=utf-8
pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
cache-control
no-cache, no-store, must-revalidate
expires
Thu, 01 Jan 1970 00:00:00 GMT
embed.js
hubfront.hushly.com/
194 KB
57 KB
Script
General
Full URL
https://hubfront.hushly.com/embed.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ee00:13:a3bc:6800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9c03e696d15ec089b9e3ee5b6f1450019259530dd19044175a2b9953d430fa79

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
via
1.1 590590f04f79f692591f9db0e720a31c.cloudfront.net (CloudFront)
last-modified
Tue, 05 Apr 2022 10:43:58 GMT
server
nginx
x-amz-cf-pop
FRA2-C2
etag
W/"624c1d6e-307bf"
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
xIOKM2KTHcez8sTt9E8gXaXk4fqy4uqHou5ymxmh9wNCfmIx_svkQg==
events.js
tags.srv.stackadapt.com/
17 KB
6 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
6db9c3367d4143fd3982190acbde3cf5aafe1d35b5a4884d03a257b801b56b98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 20 Oct 2022 15:08:14 GMT
Cache-Control
max-age=5
Content-Encoding
gzip
Connection
keep-alive
Content-Length
5398
Content-Type
text/javascript
trrsm2wf4gwm.js
js.driftt.com/include/1666278600000/
211 KB
60 KB
Script
General
Full URL
https://js.driftt.com/include/1666278600000/trrsm2wf4gwm.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
0d65c191bdb00657a19c2e9bf69c7adad4afca8720a74d13e0de3774c3258978
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
7gNQ79gsbF21jouEF5LrRJj1HwaglGxn
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
date
Thu, 20 Oct 2022 15:08:14 GMT
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Thu, 20 Oct 2022 12:55:29 GMT
server
nginx
etag
W/"fabd6424658bcb2583e01bebad83cbfa"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ttz0YUm2g6k-_r3qkgEh-FXdAc5q_u-4glCzHU4c4sBbFWYpehCeLw==
fullcircle.js
d2i34c80a0ftze.cloudfront.net/
31 KB
11 KB
Script
General
Full URL
https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:fa00:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1026dbcff11e16ec34fe5cb7369461ac343cd39b366cb612afe40d0f6d27a3d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 09:36:51 GMT
via
1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront), 1.1 dde0b4b1e223fa23670e93078a04c116.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA56-C1, FRA2-C1
age
19883
x-amzn-requestid
922360d1-a12b-4821-801a-28c16db4bdb5
x-amzn-trace-id
Root=1-635116b3-06c8da752685dc127d0c620c;Sampled=0
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
aTB8CHoZvHcF3vQ=
x-amz-cf-id
hKUgi0yw7kr40wHeipHbb5qbabrFSQals0Hz3XhmlhmirCecOkZKoA==
tracking.js
trk.techtarget.com/
2 KB
1 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Fri, 15 Oct 2021 14:31:37 GMT
server
cloudflare
age
259
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=1200
cf-ray
75d2aaed2ce1bb3d-FRA
expires
Thu, 20 Oct 2022 15:13:54 GMT
js
www.googletagmanager.com/gtag/
223 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4c27bcc455f1661b2611082b07aaf46104fe4bdb8b8cc1f4e9ac04fe257b23fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
78143
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 20 Oct 2022 15:08:14 GMT
79031691.js
extend.vimeocdn.com/ga/
17 KB
6 KB
Script
General
Full URL
https://extend.vimeocdn.com/ga/79031691.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-cache-hits
241459
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
via
1.1 varnish
age
4217771
x-cache
HIT
content-length
5579
x-served-by
cache-fra19142-FRA
last-modified
Thu, 01 Sep 2022 18:23:26 GMT
server
Apache
x-timer
S1666278494.285049,VS0,VE0
etag
"421e-5e7a1b598e380-gzip"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
x-vimeo-dc
ge
x-bapp-server
assets-67ff759c65-khkw6
cache-control
max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 29 Aug 2032 19:32:02 GMT
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/
10 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otFloatingFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
F4B+/RlyrlF0UtYV/kDZHw==
age
449
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2702
x-ms-lease-status
unlocked
last-modified
Tue, 11 Oct 2022 04:36:22 GMT
server
cloudflare
etag
0x8DAAB4225FF58D6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
c388da28-b01e-0000-1a48-ddd8e6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaeccc60692b-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/
63 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33939bb9d827d73e58f184dd1b06e5024b34d62373bd41ce2aea6058d62aa902
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
MrbBPvSp/nr/pc7Rs9pb+g==
age
449
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
14053
x-ms-lease-status
unlocked
last-modified
Tue, 11 Oct 2022 04:36:23 GMT
server
cloudflare
etag
0x8DAAB42272E5DAC
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
b97538ed-301e-00b0-543d-dd2166000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaeccc62692b-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/
22 KB
5 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
B55i3ZY9miZIaUrwjufy0w==
age
449
x-ms-lease-status
unlocked
last-modified
Tue, 11 Oct 2022 04:36:34 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
d4e133d7-301e-0137-1f32-dd321c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
75d2aaecdc65692b-FRA
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1666278494223%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true&e_i...
0
266 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true&e_ipv6=AQL0H5nKVNpI0gAAAYP18BHYeCtvHZFs5nc5ZDqGyQ633B9Q9ZZx_kcXZKOgymq6P2VXWv4_3XK7
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 46C94114C8A14FB3A1304ACA337FB3F3 Ref B: FRAEDGE1421 Ref C: 2022-10-20T15:08:14Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXreLHH7/Xf/+xD0WwVzw==

Redirect headers

date
Thu, 20 Oct 2022 15:08:14 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 705E689F9A0747CE8CFB4F339ABB8F9E Ref B: VIEEDGE1807 Ref C: 2022-10-20T15:08:14Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1666278494223&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&liSync=true&e_ipv6=AQL0H5nKVNpI0gAAAYP18BHYeCtvHZFs5nc5ZDqGyQ633B9Q9ZZx_kcXZKOgymq6P2VXWv4_3XK7
x-li-proto
http/2
content-length
0
x-li-uuid
AAXreLHFjB4TPFdh2yNVPA==
1626328370711236
connect.facebook.net/signals/config/
292 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1626328370711236?v=2.9.87&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7dea9c3805cb7b6df92c8f4040692bb25589be8a6356c6b5d61dba9ca33399fc
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 20 Oct 2022 15:08:14 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
85884
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
H4t6MgTLHvVedYS0ko4xlTksbgBn+pr/zQsz6144CFvVWrYs3TO12xc+fnzViNHP+SUmd/3ozEfLc0K80M+nVQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
Logo_MenloSecurity_Signature_Purple_RGB.png
cdn.cookielaw.org/logos/2f43eebf-9aac-4632-87e4-6268b1418b72/90dd6f8b-4c69-4515-bc68-3c27f610be65/9430bd48-82b5-4ae6-b08d-761d94b06151/
12 KB
13 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/2f43eebf-9aac-4632-87e4-6268b1418b72/90dd6f8b-4c69-4515-bc68-3c27f610be65/9430bd48-82b5-4ae6-b08d-761d94b06151/Logo_MenloSecurity_Signature_Purple_RGB.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
073b97779f9dc3c731a8c153f3f8dcfe2dc8f99a2c5ad7a279361a08e0302dc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
lwzbnoHyDnRH4s89KRrv8A==
age
364
content-length
12496
x-ms-lease-status
unlocked
last-modified
Tue, 29 Jun 2021 19:44:30 GMT
server
cloudflare
etag
0x8D93B364FFCA162
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
58a1a39b-801e-002a-553b-5aada3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
75d2aaed6e918fd6-FRA
poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/
3 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
LpuayL42jB78xRllx0vkOw==
age
5130
x-ms-lease-status
unlocked
last-modified
Thu, 20 Oct 2022 05:40:18 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e8ff6c91-101e-0024-3854-e441a8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
75d2aaed6e9e8fd6-FRA
munchkin.js
munchkin.marketo.net/162/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/162/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-104-85.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:14 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jul 2022 00:59:12 GMT
Server
AkamaiNetStorage
ETag
"75daf56f6191efe42577301908659c29:1656637152.894482"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4677
Expires
Sat, 28 Jan 2023 15:08:14 GMT
modules.5f63ca60a03298133ad8.js
script.hotjar.com/
254 KB
65 KB
Script
General
Full URL
https://script.hotjar.com/modules.5f63ca60a03298133ad8.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1854968.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-51.fra2.r.cloudfront.net
Software
/
Resource Hash
f433122da8de4f7e86aaa0422f1a1a782729938a6cf58632a1f591178b5b91f8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 12:18:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
183008
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
66045
last-modified
Tue, 18 Oct 2022 12:17:20 GMT
etag
"eb4f228026ced3bcaadde65163571860"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
W3HeaIQNvlXwm9W1p6lKG9fPWlreQ1q8t2f67FnCCNT5knmdpdDz-Q==
getuidj
secure.adnxs.com/
11 B
705 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 20 Oct 2022 15:08:14 GMT
AN-X-Request-Uuid
9a1c3d2d-7ba2-4a9a-8e25-71a05f663f1a
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.menlosecurity.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
206 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.menlosecurity.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
23 B
264 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:884::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c88b840f447f11dd645c51a5e9f381774f4c89becd41b0e094b005faac64b4b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.menlosecurity.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a00:c98:2030:a004:1::4
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
23
expires
Thu, 20 Oct 2022 15:08:14 GMT
adsct
t.co/i/
43 B
377 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=ceedae40-b36f-49ed-a031-f709e1bf5f9d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=18109f13-c318-4a2c-b85f-39c18d53d4bc&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.27
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time
107
date
Thu, 20 Oct 2022 15:08:14 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
403b532fccdfae97
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
2d73e516e699f673f1b89822d038b08cdb936f65272f1aabafc6cd70a291139d
content-length
43
adsct
analytics.twitter.com/i/
0
0

/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&rl=&if=false&ts=1666278494344&sw=1600&sh=1200&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666278494344.1340629174&it=1666278494234&coo=false&rqm=GET
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 20 Oct 2022 15:08:14 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/
43 B
691 B
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/?random=1666278494346&cv=9&fst=1666278494346&num=1&rdp=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgah0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&tiba=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&auid=1719691464.1666278494&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
create
st.fullcircleinsights.com/v1/visitors/
1 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Requested by
Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
1712f996fa926d7f945e27035ba65f37a1e48db63dca9705af8ea157816e2a57

Request headers

origin-fci
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-api-key
uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-6351645e-3ed1d55e3ad623e13e8d2c71;Sampled=0
x-amzn-requestid
0479524b-b8b3-4d6c-9106-eb8081ccf608
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
x-amz-apigw-id
aTye3FZRPHcFqog=
content-length
1424
x-amz-cf-id
-_5_ZRpVErfkAfohHYKFrJhhXB8uMDHw9y6Juk05gBAseAcvCNkJIw==
create
st.fullcircleinsights.com/v1/visitors/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.menlosecurity.com
content-length
1
content-type
application/json
date
Thu, 20 Oct 2022 15:08:14 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-apigw-id
aTyeyGEfPHcFZzw=
x-amz-cf-id
UOw7wJyOwOubEF55dwLPzEjJm5ncGoRP-Ewijkn2HhpQz_Qua62rag==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
399afa7f-e354-4489-8341-bda59738c4a8
x-cache
Miss from cloudfront
activity.gif
apt.techtarget.com/activity/
43 B
324 B
Image
General
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=16648054&version=2.1.1&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&r=1666278494370
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:14 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
Server
Apache/2.4.6 (CentOS)
ETag
"2b-5850384023492"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=41
Content-Length
43
collect
region1.analytics.google.com/g/
0
351 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=2oeah0&_p=933754849&_gaz=1&cid=574835851.1666278494&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666278494&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&dt=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.menlosecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
351 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-C2G0PCSJKE&cid=574835851.1666278494&gtm=2oeah0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.menlosecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-C2G0PCSJKE&cid=574835851.1666278494&gtm=2oeah0&aip=1&z=656634725
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2030%3Aa004%3A1%3A%3A4%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
box-c1417f7b48595d0dbca01c86f95d6dbb.html
vars.hotjar.com/ Frame C16C
2 KB
1 KB
Document
General
Full URL
https://vars.hotjar.com/box-c1417f7b48595d0dbca01c86f95d6dbb.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1854968.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-122.fra2.r.cloudfront.net
Software
/
Resource Hash
c0a4830af55fb7faabcbe34e804d186959aac83e6832495817e0e62122d2748f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
194168
cache-control
max-age=31536000
content-encoding
br
content-length
1035
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 18 Oct 2022 09:12:06 GMT
etag
"d2c298a660a1ee92f094a3d504e3e2e6"
last-modified
Tue, 18 Oct 2022 09:11:19 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
x-amz-cf-id
vxeDu7AEr_zH2q39rpEYdTLK5E8e0VDuJrE_5MSe05Qvk4edccDJXA==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
x-robots-tag
none
visitWebPage
281-owv-899.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://281-owv-899.mktoresp.com/webevents/visitWebPage?_mchNc=1666278494413&_mchCn=&_mchId=281-OWV-899&_mchTk=_mch-menlosecurity.com-1666278494413-87986&_mchHo=www.menlosecurity.com&_mchPo=&_mchRu=%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:15 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
96cfcc68-2968-48c2-bb80-f2508e0c8563
data.js
tags.clickagy.com/
38 KB
14 KB
Script
General
Full URL
https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Requested by
Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9973 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b600f1dc62b172effa1611f27da2410354b23d9bc79f34a525821752fafcde83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
x-amz-version-id
eiH8z613.BRzukjofzW7pfMQ5QqyyUJw
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
age
38012
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 07 Oct 2022 12:51:20 GMT
server
cloudflare
etag
W/"39cbfce65efed785f567d3a64646eed5"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
75d2aaeebcad9b45-FRA
x-amz-cf-id
FD1ZoBbgZav4KFYQiwZd8E7A4U_85cA8fVR1YatHHBEQ00cK-benSw==
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A14%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/
447 B
431 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.228.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-228-184.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8f9744d3c77bf745613f674a66345e2678559c1b74c71c60638104eefc1ba560

Request headers

Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
Authorization
Token cb6b946368e1bb01c6dac9732a72e3bc7e1fdd12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
access-control-allow-credentials
true
content-length
242
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.228.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-228-184.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.menlosecurity.com
access-control-max-age
1800
date
Thu, 20 Oct 2022 15:08:14 GMT
server
nginx
visit-data
in.hotjar.com/api/v2/client/sites/1854968/
148 B
322 B
XHR
General
Full URL
https://in.hotjar.com/api/v2/client/sites/1854968/visit-data?sv=7
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5f63ca60a03298133ad8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.136.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-136-97.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a9106f8201be70decee33d6db0ed15214e640fb5760a3ee0492dcfb6ca7b8ad0

Request headers

Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
br
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 20 Oct 2022 15:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
375
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Thu, 20 Oct 2022 17:01:59 GMT
data
aorta.clickagy.com/
57 B
510 B
XHR
General
Full URL
https://aorta.clickagy.com/data
Requested by
Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.87.106.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-106-23.compute-1.amazonaws.com
Software
Aorta/20221014.838b4502f /
Resource Hash
88dabde38129dface87110fb7572a2abf80b35722af1baafae9596636ad405e5

Request headers

Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
server
Aorta/20221014.838b4502f
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
c3c436fed3f6
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
82
cm
us-u.openx.net/w/1.0/
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?clkgypv=jstag
  • https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%25...
43 B
304 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Thu, 20 Oct 2022 15:08:14 GMT
server
Aorta/20221014.838b4502f
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
location
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
access-control-allow-origin
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
0682e2348d73
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
711861.gif
id.rlcdn.com/
Redirect Chain
  • https://aorta.clickagy.com/liveramp_redir
  • https://id.rlcdn.com/711861.gif
0
98 B
Image
General
Full URL
https://id.rlcdn.com/711861.gif
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0

Redirect headers

date
Thu, 20 Oct 2022 15:08:14 GMT
server
Aorta/20221014.838b4502f
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
location
https://id.rlcdn.com/711861.gif
access-control-allow-origin
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
70a03362e036
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=933754849&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&ul=en-us&de=UTF-8&dt=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=YADAAEABAAAAACAAI~&jid=202909645&gjid=535454141&cid=574835851.1666278494&tid=UA-41161362-2&_gid=1164950548.1666278495&_r=1&gtm=2wgah0WL64MFJ&cd1=&cd2=&cd3=&cd4=&cd5=&cd6=&z=533151710
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.menlosecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
sa.css
tags.srv.stackadapt.com/
65 B
292 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
22d4e97b7cf71dd5f392fbafd5fa088b293117cd9bf12035d50ab37dcc168e7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 20 Oct 2022 15:08:14 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
65
Content-Type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
881 B
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 20 Oct 2022 15:08:14 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
651
Content-Type
image/jpeg
sa.jpeg
tags.srv.stackadapt.com/
0
881 B
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 20 Oct 2022 15:08:15 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
651
Content-Type
image/jpeg
hasHashes
hemsync.clickagy.com/external/
2 B
330 B
XHR
General
Full URL
https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by
Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.122.158 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-122-158.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
vary
origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.menlosecurity.com
access-control-expose-headers
content-length, last-modified, expires, content-type
access-control-allow-credentials
true
content-length
28
collect
stats.g.doubleclick.net/j/
4 B
25 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-41161362-2&cid=574835851.1666278494&jid=202909645&gjid=535454141&_gid=1164950548.1666278495&_u=YADAAEAAAAAAACAAI~&z=1757460214
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.menlosecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget-ad27a380d131c4896fae620f6d8a3a79.js
app.hushly.com/assets/
415 KB
125 KB
Script
General
Full URL
https://app.hushly.com/assets/widget-ad27a380d131c4896fae620f6d8a3a79.js
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/runtime/widget.js?aid=83162
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
a980fc04a01d4c539a6c8e3c5e8ef4663cee2eecdd45ceed3c908fe979e7ca26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 08:00:20 GMT
etag
"widget-ad27a380d131c4896fae620f6d8a3a79.js"
vary
Accept-Encoding
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=31536000
content-length
127299
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-41161362-2&cid=574835851.1666278494&jid=202909645&_u=YADAAEAAAAAAACAAI~&z=752727736
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-41161362-2&cid=574835851.1666278494&jid=202909645&_u=YADAAEAAAAAAACAAI~&z=752727736
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 15:08:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
forms2.css
info.menlosecurity.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://info.menlosecurity.com/js/forms2/css/forms2.css
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 04 Oct 2022 18:03:49 GMT
server
cloudflare
age
241
etag
"2481da9-3437-5ea394834ab40"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
75d2aaf07c9b69a3-FRA
content-length
2623
expires
Thu, 20 Oct 2022 19:08:14 GMT
forms2-theme-plain.css
info.menlosecurity.com/js/forms2/css/
828 B
331 B
Stylesheet
General
Full URL
https://info.menlosecurity.com/js/forms2/css/forms2-theme-plain.css
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 04 Oct 2022 18:03:49 GMT
server
cloudflare
age
241
etag
"640220-33c-5ea394834ab40"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
75d2aaf07c9d69a3-FRA
content-length
246
expires
Thu, 20 Oct 2022 19:08:14 GMT
css
fonts.googleapis.com/
2 KB
523 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Raleway
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 20 Oct 2022 15:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 15:03:00 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Oct 2022 15:08:14 GMT
/
www.facebook.com/tr/ Frame 486B
0
18 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.menlosecurity.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Thu, 20 Oct 2022 15:08:14 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.menlosecurity.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 21:05:49 GMT
x-content-type-options
nosniff
age
237745
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21280
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:57:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 17 Oct 2023 21:05:49 GMT
XDFrame
info.menlosecurity.com/index.php/form/ Frame 23B3
2 KB
761 B
Document
General
Full URL
https://info.menlosecurity.com/index.php/form/XDFrame
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b43508242f21a59b37bba45231dd25c6c861e079ef05607273c620337e217b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
75d2aaf19f1169a3-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 20 Oct 2022 15:08:15 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
create
st.fullcircleinsights.com/v1/visitors/
1 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Requested by
Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
96065b65db7e8da6961a6deb2f2b19db5d983a1f92994f31d9ad9a7821ec2f8b

Request headers

origin-fci
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-api-key
uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-6351645f-3648e38f330631a15d317c17;Sampled=0
x-amzn-requestid
902a8222-705d-4c28-870e-070f0da8f4cb
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
x-amz-apigw-id
aTye_HsnPHcFghg=
content-length
1424
x-amz-cf-id
ANZA2sTOoyokyXXFkcf9Qzn4AkEvSX9TRtjqsPJTBYL-ZKXP9ktANg==
create
st.fullcircleinsights.com/v1/visitors/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visitors/create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.menlosecurity.com
content-length
1
content-type
application/json
date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-apigw-id
aTye7EmuPHcFaPQ=
x-amz-cf-id
3JWQ1n51_8RYEwnYoKUXyUwTavFiIGG7SoBuUfjI3ZPZYDDAMifdjw==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
fa241aff-bf7c-4548-bae2-5986411506a3
x-cache
Miss from cloudfront
saq_pxl
tags.srv.stackadapt.com/
94 B
403 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=Xve1da1krYlzEarKmNXl-g&is_js=true&landing_url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&t=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&tip=mmgO2AFuelEsUi1rER9vfycm06y02321Re8pFtVA8fA&host=https://www.menlosecurity.com&sa_conv_data_css_value=%20%220-3196f4a1-023d-4b9a-71a2-8497b12ffd6b%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd94a630f70f3c5476b77ef12f5fa19950c253a3af8&sa-user-id-v2=s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b%2524ip%252437.58.58.248.8pikL9J2WX7O1HlSggZOWrr1mlNv0pcOtcIYp9a8Tzo&sa-user-id=s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b.kmbH%252FdwF2k84H5upi%252Bb%252FkPFeYunENdfWiSxDwrVnrUI
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:15 GMT
Access-Control-Allow-Methods
GET
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.menlosecurity.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
94
saq_pxl
tags.srv.stackadapt.com/
94 B
403 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=Qx2zgcBp28NGsaKUIZmZkg&is_js=true&landing_url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&t=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&tip=mmgO2AFuelEsUi1rER9vfycm06y02321Re8pFtVA8fA&host=https://www.menlosecurity.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd929b90003a85348d95b52c9318a0069dc253a3af8&sa-user-id-v2=s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b%2524ip%252437.58.58.248.8pikL9J2WX7O1HlSggZOWrr1mlNv0pcOtcIYp9a8Tzo&sa-user-id=s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b.kmbH%252FdwF2k84H5upi%252Bb%252FkPFeYunENdfWiSxDwrVnrUI
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.206.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-44-206-121.compute-1.amazonaws.com
Software
/
Resource Hash
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Thu, 20 Oct 2022 15:08:15 GMT
Access-Control-Allow-Methods
GET
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.menlosecurity.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
94
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
4f5dd0d854ae74c0c75382b9b99477a3eea7031135306d3908a975c26c5af348

Request headers

origin-fci
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-api-key
uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-6351645f-652e73a60d3ce34a4a13902c;Sampled=0
x-amzn-requestid
b982e68b-d0b9-4a80-89d8-5228c230eee5
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
x-amz-apigw-id
aTye-ErUvHcFTXg=
content-length
2060
x-amz-cf-id
kbetFcrWOOusQAkXlZwVJOXscO_NaIDl2I3IX4XXWkEf7xgdIuDtjA==
queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.menlosecurity.com
content-length
1
content-type
application/json
date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-apigw-id
aTye5EM9PHcFa5A=
x-amz-cf-id
XYZnPZNnk8CNcAn2foHMa38UM5ziO4XA4SFCYM-LUAELsPYKh5SYbQ==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
ed864f4f-3cb6-42f6-af28-83fdb79da504
x-cache
Miss from cloudfront
forms2.min.js
info.menlosecurity.com/js/forms2/js/ Frame 23B3
208 KB
69 KB
Script
General
Full URL
https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Requested by
Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.menlosecurity.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 04 Oct 2022 18:03:49 GMT
server
cloudflare
age
243
etag
"640399-33e51-5ea394834ab40"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
75d2aaf2e9bc69a3-FRA
expires
Thu, 20 Oct 2022 19:08:15 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A14%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/an-anatomy-of-heat-attacks-used-by-qakbot-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
core
js.driftt.com/ Frame D50C
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1666278600000/trrsm2wf4gwm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
f828e5c6af531fddf9c39cd7c31d8fec693f7b2366dd3c1246ea347329951187
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 20 Oct 2022 15:08:16 GMT
etag
W/"cf708cbd6acd18c5d72235d76bd0c18b"
last-modified
Thu, 20 Oct 2022 12:55:14 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-id
OgD7YhPtOaZrbZZxdoFMcZMZGzU7-j-jUg7CbLDNZF1VVjje8c3qjw==
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
0GRJOOB6ljwWoaf0z.rH59y1OwfjZtsM
x-cache
Hit from cloudfront
chat
js.driftt.com/core/ Frame 2235
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1666278600000/trrsm2wf4gwm.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
f828e5c6af531fddf9c39cd7c31d8fec693f7b2366dd3c1246ea347329951187
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 20 Oct 2022 15:08:15 GMT
etag
W/"cf708cbd6acd18c5d72235d76bd0c18b"
last-modified
Thu, 20 Oct 2022 12:55:14 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-id
_jAsARjcDNuCEJnrPdnKZcxk7rz9C0RTCryc5p66jx7Em0ELm1WYpw==
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
0GRJOOB6ljwWoaf0z.rH59y1OwfjZtsM
x-cache
Hit from cloudfront
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
b09a2d904e78e2865bc207664949b198cdf95233eb545937dcbfa3ab6682fe36

Request headers

origin-fci
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-api-key
uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:16 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-63516460-72f4ceea5f9bf75b0f24aba5;Sampled=0
x-amzn-requestid
b3b33f6a-1a6a-440c-85dc-54b4c79a6a46
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
x-amz-apigw-id
aTyfFGzFPHcF15Q=
content-length
2060
x-amz-cf-id
Gs3VyQxNvMzq2aAjDlt_x3FknocoKdl3-Gu7mQ6Sa2RdGp1hCr_ukg==
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j98&a=933754849&t=pageview&_s=1&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&ul=en-us&de=UTF-8&dt=An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=574835851.1666278494&tid=UA-41161362-2&_gid=1164950548.1666278495&gtm=2wgah0WL64MFJ&cd1=&cd2=&cd3=&cd4=&cd5=&cd6=&z=1549591468
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Oct 2022 13:23:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
6289
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
widget-86616d5946edd9a2cd99f210fd4931af.css
app.hushly.com/assets/
68 KB
12 KB
Stylesheet
General
Full URL
https://app.hushly.com/assets/widget-86616d5946edd9a2cd99f210fd4931af.css
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-ad27a380d131c4896fae620f6d8a3a79.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ecb4cf1400337bb3e1f8d6e9c312534a7e4a786832b909799c1d26373371861e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
content-encoding
gzip
last-modified
Tue, 11 Oct 2022 08:00:20 GMT
etag
"widget-86616d5946edd9a2cd99f210fd4931af.css"
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
public, max-age=31536000
content-length
11705
83162
app.hushly.com/runtime/widgets/
5 KB
3 KB
XHR
General
Full URL
https://app.hushly.com/runtime/widgets/83162
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-ad27a380d131c4896fae620f6d8a3a79.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
91623c33aade4a8d9370f6b51c6baf9680e6de834d33185a4f672ba7778fbed6

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.menlosecurity.com
date
Thu, 20 Oct 2022 15:08:16 GMT
content-encoding
gzip
access-control-allow-credentials
true
x-robots-tag
noindex
vary
Accept-Encoding
content-type
text/javascript
83162
app.hushly.com/runtime/visitor/
39 B
710 B
Script
General
Full URL
https://app.hushly.com/runtime/visitor/83162?callback=hushlyVisitorCallback&sid=894e88a6-c5a9-48ed-b2c1-7ff40cc42d5d&vid=7082ff7a-b5ad-4670-822c-5f61b115da4d&version=2&hly-ip-address=&_=1666278495475
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-ad27a380d131c4896fae620f6d8a3a79.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
f595a7eeaf2e9ef60746074e0ff87a1b6bf60355ece3559d666b9b59041dc976

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:15 GMT
cache-control
max-age=31536000, public
content-encoding
gzip
x-robots-tag
noindex
vary
Accept-Encoding
content-type
text/javascript
queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.menlosecurity.com
content-length
1
content-type
application/json
date
Thu, 20 Oct 2022 15:08:15 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-apigw-id
aTyfBEZJPHcFyfg=
x-amz-cf-id
S0COzy6o2Ue_KtafPzuG3Chi5d___XMxe5DpfgTvgmtEeSKUKD2DbA==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
913029fc-f6ca-4d15-bae3-07ffb8ea71cb
x-cache
Miss from cloudfront
runtime~main.fc4e99cc.js
js.driftt.com/core/assets/js/ Frame 2235
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
2e8dfe5207db75f7a393a3c05eed7886353cc7a4135799d7d13895d90c69b5e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
eiTOPx.RwEN.q_6AvNCyZ0UxZSQ29VjS
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:06 GMT
server
nginx
etag
W/"431499ec52e41c3033c2299d6f4098be"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ksZ_J0yOzf4RW3GgaKvHsTSxEb5rAwoulpWEsZIDTA7TkNZ2aJzumQ==
8.611ead2e.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
35 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 25 Aug 2022 08:41:22 GMT
x-amz-version-id
F2w1xQA.MmTyK.v3rD0B8YtlwjpVXcK0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4861613
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 23 Aug 2022 15:27:02 GMT
server
nginx
etag
W/"6aa29962f34a8e117268142c7cc1cc3d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
8jwvk0blU1ADvYHXzP-9jXYkgiYF4JjRMit5Nwre_llh-UfRGO6jGw==
main~493df0b3.795a7074.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
7 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.795a7074.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7896b295039b9c5bd6471df275e235edb36f3a556f84f2d605da1e90529747cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:32:26 GMT
x-amz-version-id
qyFqLn.owqPYSQ5RUCfKBXvoIQfJi6na
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
246949
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 17 Oct 2022 18:01:32 GMT
server
nginx
etag
W/"4bd18ce98a183cb1e228b8772715d763"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kcF-uyDJUHv5eis6QhGtphDjwJ3Ss0YNdNnoX93AQlNo6NDzXDDChw==
49.b6336d11.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
23 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
tFkawZ7Fd.jveKk2Q_grwX_qW9zyzYsf
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"8004ba5ba9fc99e5c559490658a3863f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
H2eS6ksCYqSmka_QG8_rExxq8-c189yGTiItImEr3jCLusxpIyqVEA==
33.ae4de0a0.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
36 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
HixqumxK82A.kHDuHBPfmn6VAN6aPH4h
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"db0cd5b66c52523e10b87a0c8a2db182"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
BKUO6RW-cufL7gkjroP1ruNMfX8-r7J67gtCSVeOREC5hmBJEJeFcg==
23.60057654.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
32 KB
11 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/23.60057654.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
A.jwRfFHKkUyhAxHnaTtscpVGcKmzGah
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:29 GMT
server
nginx
etag
W/"0e963aeeee70e63f5078955e6db860f3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qUBFErEaiOAUMvgMG6dv7R6Q-08ya0JQwSf3rJ3pqUJvPlHAf2ZbZQ==
18.2ab31195.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
17 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/18.2ab31195.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
rKefocxJhSz0y_AilqbsDEtw7DeIdBvq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:29 GMT
server
nginx
etag
W/"09e4a870348ecb960c5807c49bbf0c16"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
F5vEo4-W9GICCAo--cbvXpf3_cmiBykbmSsMwCvCwypZOo3iXmva0A==
40.5fa801cd.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/40.5fa801cd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
f55GXA4L3g5g9hzfUJcqjDgxYQXmhaaq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"e7d37d5ffc01767c10d8677c65ead60b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
K0VfMdT_868unbktgaPMZfRP7vVF_m6HByISKc5m_qbkBpsnrMbWuQ==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
74 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 12:53:52 GMT
x-amz-version-id
_iATeboHvfY_0UKtYTku0LXCQxT6mgCN
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4760063
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Aug 2022 21:13:15 GMT
server
nginx
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
rDSvFVLCYtOG92u9pl5c767IEPHhsrYpI7-fP8CPyRrijJSJYPYs-Q==
25.8f107198.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
59 KB
19 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/25.8f107198.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 02:01:46 GMT
x-amz-version-id
PiE96LrRCvFZCUIjOT8oVAX6NhM5DsoZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4280789
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 31 Aug 2022 18:10:09 GMT
server
nginx
etag
W/"e2511c69e5bdc03467952abaccdb5383"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
sUWeEvGta_naAn67I0F7vSS_8YtoeeQMLY34RqY3Q0-5i5mG47dtsw==
13.3e86f1f6.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
91 KB
91 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 02:20:14 GMT
x-amz-version-id
tL0mO7lwTQOm1OEDR9eN1LSlBkEAt593
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
4106881
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
92674
last-modified
Thu, 01 Sep 2022 13:18:43 GMT
server
nginx
etag
"fdee1a560ca08e3d3702e14d8f1f0b82"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
QEYff4OVJC3jpO-yl3nwTVTGiEshEkkv1x-CvL9muYcxqfPiF-Vrjw==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id
41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2813773
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 16 Sep 2022 16:12:57 GMT
server
nginx
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EVvHQaFW63uPlXbiF_Fq-zs8twhdj8__M_fy-MaycErESIBydD_S3g==
16.fde6fa28.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 01:42:02 GMT
x-amz-version-id
4419YFPoRA1JyzCepHPPe9MgW2odb2j5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4454772
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Aug 2022 21:13:15 GMT
server
nginx
etag
W/"90795af8c950a50300cf801b300db7ab"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
YEDxjXFfx6AhYLp30mBjuGoWW2n4r7ZyiPtYkTeW41KLkNyF3ZRWxQ==
47.9d4808ed.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/47.9d4808ed.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
sQA7naSV8DmRN71SXAWLe8JIqPc1EcZO
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"dfc66008c702c40fea0587f735010013"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PYnxsCSAI-Y90UdckTUJpxH_k3pUCfqauPUaKCIj17vuk6oDSGICQw==
38.5941b51c.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/38.5941b51c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
ulIUWFsoBvtlhMhpYiyBmET7DahweM5Z
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"aa24724b97a516c589a05bc577d15db9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6Rt9_tvt_i-QWI0DCzVVXIVozcrM-jzGWtf-DVX7oTsrnkjOaof3xA==
28.190877b8.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
13 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/28.190877b8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id
G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3718970
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 06 Sep 2022 19:38:19 GMT
server
nginx
etag
W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qrM5-cKWUWj4aD-mnuwpX39rnCqiblAp5-yDiueKJJsZXnflkKslNw==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 00:33:19 GMT
x-amz-version-id
Pi7EBXi_qXS8D1_qBV.NprvoIg.gfF1R
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
1780496
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 29 Sep 2022 20:45:25 GMT
server
nginx
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
58GepAshIHvNwf929_iqpqJ6qO2WC0nJPiixlVVZHoNjriAtVB5gjQ==
9.7980313a.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
14 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/9.7980313a.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id
CxerwMRS6CdLERPs5NVshkyA9cHh0Tkt
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2510777
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 21 Sep 2022 13:23:52 GMT
server
nginx
etag
W/"97ab5d7bf24ef1c4f1e14801b9a510ed"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ORkt7DtMLYnh6snslFz4YOX-JqqBSeaVtYW_QHeahDdFDKGfO4yXLw==
9.ccd95798.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
75 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/9.ccd95798.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a8deabdae1ff664f9f859384fec04108ea8ccebf779fb920b114f70bed94350e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
VUOIHH7r8soKcVaKE5cYHqUDzV.DlUod
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:05 GMT
server
nginx
etag
W/"76af6ae8c0820614d3083460c413c8ff"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ntKUH08H61upUmQS_cAI4-HYFHUa4nDjVY_vKc7vuzJH_Pmy1Z7DWw==
15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
24 B
666 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 03 Oct 2022 11:02:35 GMT
x-amz-version-id
4HaliywZLTbWidTr9jxerhwMhVKcNAWE
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
1483540
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
24
last-modified
Wed, 08 Jun 2022 17:19:34 GMT
server
nginx
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ZmKB5xZdkLA-wDOVnhOKN0UxrBOo16Q-hRMdr3SzPGkP06BVVa7lvQ==
15.35420f59.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
82 KB
21 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/15.35420f59.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e490f8796f832cdb8b4e54544a2f41b7c85b0a2339ec48e2ba6b7344af1f9b6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
VBA82xqDV8RGLTQmFnYR7lVgBY4YgpjI
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"0a3c13b370e3514ef63bd0351970d5f8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
plmUEDWatDG-4LYSqf-oA3mgIUWLezAjHCDiinatUA7EATCnnoUe_g==
24.4090271f.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
49 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/24.4090271f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
c5026fa13ae600e675019e7294c3b13ce996d625300b6d3c905958fa7bf22b2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
Xestt2onig6cxcgyaHfZK0u9RnwvVXId
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"cda764f3c3c6c745e94ba53522357350"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
HNRfQqcunUDy7HW0amBtnidebx3yLO5N2kU03xVwEE9znlEBxlERZg==
17.7f7d57fd.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
39 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.7f7d57fd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
20f027f7b5dc09b0e9c50d1b10222432555e9492d9d6ca406defbb275acd6a90
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
Rn8NTExHl_.eIjTbdOhrO1kqUjmhPCyC
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"7a955dd593ea5000e556e3207c78b77b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
uCbahxoDuQOExjghaRfIPqNNAkqCYDYFo4slMV-WgQzsQDY47srbww==
35.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
3 KB
1 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/35.11d2b6a7.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
li5JOsqqUauzAGZ0fjgKE9H7aGjkB0Kz
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:27 GMT
server
nginx
etag
W/"87532c4db85f1429fa6d759bc3332f36"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PMnqk593KbrUnYcuUiCwFRK51i5rmqiVbat12atpl5BfEy_3SzjWBg==
35.438351b2.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
3 KB
2 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/35.438351b2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d3c4b1d1abee7af1529758460c464a8721f281dfc899159dc36f521534d53fc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:32:27 GMT
x-amz-version-id
Ln2wXRWXCmY6q_3EWqHkHy7TVlZgdhGf
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
246948
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 17 Oct 2022 18:01:30 GMT
server
nginx
etag
W/"6d42b26d199471df6876d34dd3714424"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
BnaWH8dEBb6bgZFuCGUMzcW0bBC2ZwjP1f7mPCvm8a28QFPyxJTLcA==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 06 Sep 2022 00:41:02 GMT
x-amz-version-id
E.Le1HHD6dXp1z9JLSdA8U2RMDD.dyV2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3853633
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 01 Sep 2022 13:18:43 GMT
server
nginx
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
L9r3l6JVfqvttxfUWQ8tTj14laDNQ8maBv01mKndRecuBCfvxEkDUA==
3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
7 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 02:58:51 GMT
x-amz-version-id
Bme3Ff3iPGc5WQiLnlmHV5B7d_GvIfWo
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
1771764
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 29 Sep 2022 20:45:23 GMT
server
nginx
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Ma-JgHZv720CgwM-C18RDLYU1G5E8HLyXTvbOG-fD2egIXGuEKWsOw==
3.f50b964b.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
54 KB
15 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 14:05:26 GMT
x-amz-version-id
_kry5Vt7qkbP1XHkOczJttIwv4KZoljE
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3718969
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 06 Sep 2022 19:38:20 GMT
server
nginx
etag
W/"1ac37bf2b93050f29058b66a9ad43e10"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
0Zxqea0wcD3UmX0QjYteEhEXbZ39H_2UdRBzXKcjbc1vaBGdXrgF0Q==
1.2744e555.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
43 KB
7 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/1.2744e555.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7073fd7f7f86e4d7fa4ee64df42999c3a58d3ffd7f842b0e8e98001407a1966b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 22 Sep 2022 21:23:14 GMT
x-amz-version-id
h6NxhuFNLOMjRNKgXauNxPDXvquTMVXm
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2396701
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 22 Sep 2022 21:13:24 GMT
server
nginx
etag
W/"faf2e5ac2f9cf40f3d49e4c4f468e306"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
zs1qqK8pfmsHVlJF0qrYbt1-BYcxqjpAJiym8EfwL_bBcmVGmyz4QQ==
1.8b8dad0c.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
73 KB
25 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/1.8b8dad0c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
8a922a4a99690c60ae583d1c04a889a19d0ef685ddb6ded20851a9b248244934
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:14 GMT
x-amz-version-id
XPbkoos_h.Up5UVTum6sNBdecm54vbBG
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7981
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:02 GMT
server
nginx
etag
W/"aa582df2e86c890884d541dd3c406754"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
AEa88Pyi4-Uy_j3DKEILK1pY4RXSC9tWDtbvqJtIjsXlfL8KZRQD1A==
32.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame 2235
14 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/32.a3318c5e.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id
Tq0yzJUum5RyM1Vf648gx8d4gVPONjH2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2510776
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 21 Sep 2022 13:23:51 GMT
server
nginx
etag
W/"b06e02b360914b25e58305b1b9b954dc"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xPzvK45Q-nFFglecbwi6iClBtCdA5TqWTnyqeeW1U9IuMT6SDz_3CQ==
32.6775d07a.chunk.js
js.driftt.com/core/assets/js/ Frame 2235
12 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/32.6775d07a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
8db0cd63630a14f7ce023c3c71c7ac8db39dacd27c6c42580a814bed7bd292b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1666278493694
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
wEmAK1Z9WNNFMHj72t1JHidVKWmHnVs4
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518871
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"d5810e9c255f07f050efc0e54f4e88df"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ajWpwvOJVAuER930kgk715783oYHcEFCWHGk-uyyBprdgT_DmbN3Cw==
queue
st.fullcircleinsights.com/v1/visits/
2 KB
2 KB
XHR
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Requested by
Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash
cbc7d10e140ca3fd547d950a3702abaadff65b9b077be2d9225c21e17dde64ad

Request headers

origin-fci
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/
accept-language
de-DE,de;q=0.9
js-version
1.0.56
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-api-key
uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 20 Oct 2022 15:08:16 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amzn-trace-id
Root=1-63516460-4e1174947b92d93027866420;Sampled=0
x-amzn-requestid
4ea7dade-b5f1-414f-a878-8602dc27a81b
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://www.menlosecurity.com
x-amz-apigw-id
aTyfKEWuPHcF9aw=
content-length
2060
x-amz-cf-id
FL-wkEm-MzWDUiA4tn8uvfFCyhEMXsSKjuBziA4jTA8CvtO4-JEDYA==
queue
st.fullcircleinsights.com/v1/visits/ Frame
0
0
Preflight
General
Full URL
https://st.fullcircleinsights.com/v1/visits/queue
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-101.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
js-version,origin-fci,x-api-key
Access-Control-Request-Method
POST
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.menlosecurity.com
content-length
1
content-type
application/json
date
Thu, 20 Oct 2022 15:08:16 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
x-amz-apigw-id
aTyfGHApPHcFiiA=
x-amz-cf-id
31lUDo0DiZpgRyoDxubtwp0S7mUPHcFDClFZ1_yVSkW5XRI9gxwW8g==
x-amz-cf-pop
FRA2-C1
x-amzn-requestid
76be12a4-8e33-4cfb-8738-8869e339f574
x-cache
Miss from cloudfront
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:16 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
83162
app.hushly.com/runtime/countries/
75 KB
20 KB
Script
General
Full URL
https://app.hushly.com/runtime/countries/83162?callback=hushlyCountriesCallback&_=1666278495476
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-ad27a380d131c4896fae620f6d8a3a79.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.228.209 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-228-209.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
68b4b6fc343811ef9268a786ba1a6d45532277051d2db7804896df2b58a9b429

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:16 GMT
cache-control
max-age=31536000, public
content-encoding
gzip
x-robots-tag
noindex
vary
Accept-Encoding
content-type
text/javascript
runtime~main.fc4e99cc.js
js.driftt.com/core/assets/js/ Frame D50C
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
2e8dfe5207db75f7a393a3c05eed7886353cc7a4135799d7d13895d90c69b5e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
eiTOPx.RwEN.q_6AvNCyZ0UxZSQ29VjS
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:06 GMT
server
nginx
etag
W/"431499ec52e41c3033c2299d6f4098be"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
bqA2i6g2lBXYNuoS_FQ2DRaq1kv5v7Dlo16-M9m_BINqO2bTTCEEwA==
8.611ead2e.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
35 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 25 Aug 2022 08:41:22 GMT
x-amz-version-id
F2w1xQA.MmTyK.v3rD0B8YtlwjpVXcK0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4861614
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 23 Aug 2022 15:27:02 GMT
server
nginx
etag
W/"6aa29962f34a8e117268142c7cc1cc3d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ew9y9aZrJZSe4GeQMNX0MhAKWwJ5WftIdVGD8PKPjGpqkRnGT3V-xQ==
main~493df0b3.795a7074.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
7 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.795a7074.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7896b295039b9c5bd6471df275e235edb36f3a556f84f2d605da1e90529747cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:32:26 GMT
x-amz-version-id
qyFqLn.owqPYSQ5RUCfKBXvoIQfJi6na
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
246950
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 17 Oct 2022 18:01:32 GMT
server
nginx
etag
W/"4bd18ce98a183cb1e228b8772715d763"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dwfJ64oMDaW4Ddn3_IStcAipiWPIi4nArWEl__hxzVekNUMwTD2T4Q==
49.b6336d11.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
23 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
tFkawZ7Fd.jveKk2Q_grwX_qW9zyzYsf
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"8004ba5ba9fc99e5c559490658a3863f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
jTzejwLlzhBL_456DAiG1IF-ww0aiic9ntVCC2vGZHK1rpnCX12Atg==
33.ae4de0a0.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
36 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
HixqumxK82A.kHDuHBPfmn6VAN6aPH4h
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"db0cd5b66c52523e10b87a0c8a2db182"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
QoVlYzmzIbK0WgWNDarSR4VHlJjdE_M7KoH9TMpQ3ujd6EhgWIe7kQ==
23.60057654.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
32 KB
11 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/23.60057654.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
A.jwRfFHKkUyhAxHnaTtscpVGcKmzGah
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:29 GMT
server
nginx
etag
W/"0e963aeeee70e63f5078955e6db860f3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
E-5JgLD5ZGjawvoUmqTHEgcrhd-Otr7km6MnBAYsfhI5Xv9rB6_D0w==
18.2ab31195.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
17 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/18.2ab31195.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
rKefocxJhSz0y_AilqbsDEtw7DeIdBvq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:29 GMT
server
nginx
etag
W/"09e4a870348ecb960c5807c49bbf0c16"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
i2cLnuVbU0Mt2qMjlGE1IQuaToLexYFCF-5H2uhAyrTmTXYqZ9ZD_w==
40.5fa801cd.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/40.5fa801cd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
f55GXA4L3g5g9hzfUJcqjDgxYQXmhaaq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"e7d37d5ffc01767c10d8677c65ead60b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5Y3uhhqfzHgehPSp8Zu7QpF6g55W32RJ8O27leqXqOV8Wxk-II7Nlg==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
74 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 12:53:52 GMT
x-amz-version-id
_iATeboHvfY_0UKtYTku0LXCQxT6mgCN
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4760064
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Aug 2022 21:13:15 GMT
server
nginx
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6ys8PAIAQH3Khw5JGTvGqe_RGoN9jzXRncJcueocRDqXNue-euN6vw==
25.8f107198.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
59 KB
19 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/25.8f107198.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 01 Sep 2022 02:01:46 GMT
x-amz-version-id
PiE96LrRCvFZCUIjOT8oVAX6NhM5DsoZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4280790
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 31 Aug 2022 18:10:09 GMT
server
nginx
etag
W/"e2511c69e5bdc03467952abaccdb5383"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
rP5g8B6c3uJjVckMUGeTmzcSYVCD1T6TJWIClmYLO1tzx3lRS2CAvQ==
13.3e86f1f6.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
91 KB
91 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 02:20:14 GMT
x-amz-version-id
tL0mO7lwTQOm1OEDR9eN1LSlBkEAt593
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
4106882
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
92674
last-modified
Thu, 01 Sep 2022 13:18:43 GMT
server
nginx
etag
"fdee1a560ca08e3d3702e14d8f1f0b82"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EEbWfpMKNKaWbkf5s8FiqM0o4eZhYU6i002H-DSOgKeTFoSxu-EwSw==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id
41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2813774
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 16 Sep 2022 16:12:57 GMT
server
nginx
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VfHb-YbrmVYvOpQmeZsPEB8MpnnhTPD0wq-T7zaAr8boZH61ojZaUQ==
16.fde6fa28.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 01:42:02 GMT
x-amz-version-id
4419YFPoRA1JyzCepHPPe9MgW2odb2j5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4454773
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Aug 2022 21:13:15 GMT
server
nginx
etag
W/"90795af8c950a50300cf801b300db7ab"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
s_4eeVxcw6c6HrGdSJ3vnhRCCeUEtto6CauxmW_139b2QXaxHgtibw==
47.9d4808ed.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/47.9d4808ed.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
sQA7naSV8DmRN71SXAWLe8JIqPc1EcZO
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"dfc66008c702c40fea0587f735010013"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9JXDfdd1Egc6fU6z_8AKPV2swFtMTdWGzt05Z9U2be3tZjKK3ePMFw==
38.5941b51c.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/38.5941b51c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:00:24 GMT
x-amz-version-id
ulIUWFsoBvtlhMhpYiyBmET7DahweM5Z
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
518872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 14 Oct 2022 14:29:30 GMT
server
nginx
etag
W/"aa24724b97a516c589a05bc577d15db9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
8PeXie41CA8Ryp7_r7_Qd9I-OR_qlPG6_gkdMw9AWBr-wwNv8klj2A==
28.190877b8.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
13 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/28.190877b8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id
G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3718971
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 06 Sep 2022 19:38:19 GMT
server
nginx
etag
W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
7MQyZ0i2b6PFJNHKtjBFYBLQPjZmvIwusMpGp7b67YcTSje4C0wf6g==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 00:33:19 GMT
x-amz-version-id
Pi7EBXi_qXS8D1_qBV.NprvoIg.gfF1R
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
1780497
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 29 Sep 2022 20:45:25 GMT
server
nginx
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
k_Pu0lF26CRbunPnTjPOU69UmdTsiXKCpo1O9C6DCo6XpqAbOYMkJg==
9.7980313a.chunk.css
js.driftt.com/core/assets/css/ Frame D50C
14 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/9.7980313a.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id
CxerwMRS6CdLERPs5NVshkyA9cHh0Tkt
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
2510778
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 21 Sep 2022 13:23:52 GMT
server
nginx
etag
W/"97ab5d7bf24ef1c4f1e14801b9a510ed"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UZoVvGQbdwDIZKhPlWRNbnZbF33CegCVewK8Hb4zJNG4MXZ8ZTEcSQ==
9.ccd95798.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
75 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/9.ccd95798.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a8deabdae1ff664f9f859384fec04108ea8ccebf779fb920b114f70bed94350e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
VUOIHH7r8soKcVaKE5cYHqUDzV.DlUod
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:05 GMT
server
nginx
etag
W/"76af6ae8c0820614d3083460c413c8ff"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Hmfv_NhWIs7hBytSma_XP1vA5W1Oje3zUo9tfDTdNEL-qAa8P87QuA==
15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame D50C
24 B
666 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 03 Oct 2022 11:02:35 GMT
x-amz-version-id
4HaliywZLTbWidTr9jxerhwMhVKcNAWE
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
1483541
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
24
last-modified
Wed, 08 Jun 2022 17:19:34 GMT
server
nginx
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VxA1zEgRqbmkje7KEzOaH8npjKLHo6gKUXPjK6tAFJYeOn_UfUFNhA==
15.35420f59.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
82 KB
21 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/15.35420f59.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e490f8796f832cdb8b4e54544a2f41b7c85b0a2339ec48e2ba6b7344af1f9b6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
VBA82xqDV8RGLTQmFnYR7lVgBY4YgpjI
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"0a3c13b370e3514ef63bd0351970d5f8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
u-o9ZhPPkROpQ_xuqTcvnUuAdp6WKrW60qANFmQ4O-uM9XHI4gcHJA==
24.4090271f.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
49 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/24.4090271f.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
c5026fa13ae600e675019e7294c3b13ce996d625300b6d3c905958fa7bf22b2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
Xestt2onig6cxcgyaHfZK0u9RnwvVXId
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"cda764f3c3c6c745e94ba53522357350"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3oaFoNvVoTt8KpMPazscZVC_e9XjdSywlM3kyREdn7Cwtjsa19OD_g==
17.7f7d57fd.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
39 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.7f7d57fd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
20f027f7b5dc09b0e9c50d1b10222432555e9492d9d6ca406defbb275acd6a90
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:13 GMT
x-amz-version-id
Rn8NTExHl_.eIjTbdOhrO1kqUjmhPCyC
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"7a955dd593ea5000e556e3207c78b77b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
moD4Y-x7pZc8GAVvk33ZMuayqYKezLlVecib17F9GIMnV69Hmc6XVw==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 06 Sep 2022 00:41:02 GMT
x-amz-version-id
E.Le1HHD6dXp1z9JLSdA8U2RMDD.dyV2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3853634
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 01 Sep 2022 13:18:43 GMT
server
nginx
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
FxdSv-zk9fvgsvsu3_qlpKK3fpkr-Jby04Xs6P631QLI5FEAtUZ_4Q==
26.2d4cdbd1.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
34 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 18:23:27 GMT
x-amz-version-id
siv4sYmLp3BEOV5kWKjSS9V7tHMZAkGl
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4308289
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 31 Aug 2022 18:10:09 GMT
server
nginx
etag
W/"c55d27c90bd5affbf7c7047151ac3b6a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
o2A4ewAnAT5_VXGOqJ2D2odbbq1gzginXexLoITqLYHRCdN0cHUPsA==
27.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame D50C
8 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/27.9bf46b67.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 01:42:04 GMT
x-amz-version-id
o6Mn8iWshgmcy2o5f_hocRiRC01jfiMI
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
4454772
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Aug 2022 21:13:13 GMT
server
nginx
etag
W/"4f21faf2ba450e5fcdf7eda90813e185"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
zZ_KdKfs_LPIEUiLbtK1dFeDm1R94hAvS7ZYUrqGU7B0LyIfwk7vaA==
27.035ea899.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
13 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/27.035ea899.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a146255dd67a738d7ebb2fcf9bf7d0a6358f33ab47567063bbb0caa20d7d40d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:14 GMT
x-amz-version-id
KgrGlEcP20HypIrparYCdGHrRHaCgGUz
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"1c86e0041f846c23ec32d67e529d372e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
_rEgrx0YjJPxiPIYRVGEa01dJxKplpZyTpr3TADmUxZcFBEEYfjDJw==
19.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame D50C
365 B
1009 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/19.c695453b.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 26 Aug 2022 04:38:21 GMT
x-amz-version-id
0qTUVNxeDehZuMQX6dMenM0wOhIgB9z3
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA2-C1
age
4789795
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
365
last-modified
Thu, 25 Aug 2022 21:13:13 GMT
server
nginx
etag
"06b2963b029c0824382815165bfea73e"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
LEp6qMGiABdr7AAwvWAjDEkgFylRlsWy65x0IGXVKrSZgcAk8fbBLQ==
19.99a92636.chunk.js
js.driftt.com/core/assets/js/ Frame D50C
89 KB
25 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/19.99a92636.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.fc4e99cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-50.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
3aaae5f06c9ca79fca3452dff3a1b8b6c971a2fbfa612e8f57ba6f00e90d9aca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=8d435b82-d9b7-4bee-ba9d-dcf798f19920&sessionStarted=1666278495.543&campaignRefreshToken=1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8&hideController=false&pageLoadStartTime=1666278493694&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 12:55:14 GMT
x-amz-version-id
Vl72nO1KYOdCaF6n00L8D4HYQR9lMpIW
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
7982
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 19 Oct 2022 19:01:03 GMT
server
nginx
etag
W/"c6adb804408aceae431eef4a1d4b54d0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
XMDpDPt6xfp9LOoQpjkWHT7LO8ywyNAqqqwlwZY6seCsqyKv11a2Yg==
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame D50C
147 B
245 B
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
487d3252e04d702f033dd508688732af1b78b9a5a604a5699288b652ae9f9b5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 20 Oct 2022 15:08:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
864447758f290874
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
147
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame
0
0
Preflight
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 20 Oct 2022 15:08:17 GMT
requestid
drift21124a6466d997d66d3051da1c1
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A16%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:17 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A17%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:18 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame D50C
25 B
88 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 20 Oct 2022 15:08:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
fb653d208d9eac94
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
15
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame
0
0
Preflight
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 20 Oct 2022 15:08:19 GMT
requestid
drift416f71b41cab418a90ea71e4167
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
img.gif
b.6sc.co/v1/beacon/
43 B
494 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A18%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:19 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
493 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A19%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:20 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
492 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=d261e09f-b813-45d8-8b5a-34e59cbcc22a&session=37ded416-8c56-4688-865e-47f8e4d180a5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Oct%202022%2015%3A08%3A20%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227008%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Menlo%20Labs%20research%20team%20analyzes%20Qakbot%2C%20one%20of%20the%20leading%20banking%20Trojans%20around%20the%20globe.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22An%20anatomy%20of%20HEAT%20attacks%20used%20by%20Qakbot%20campaigns%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&pageViewId=2e38ff90-c21f-4ef0-80e8-85cb1f9a6eb7&an_uid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.139.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-139-87.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.menlosecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 15:08:21 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.twitter.com
URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=ceedae40-b36f-49ed-a031-f709e1bf5f9d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=18109f13-c318-4a2c-b85f-39c18d53d4bc&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.27

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| OneTrustStub function| OptanonWrapper object| dataLayer function| _ string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData undefined| $ function| jQuery object| MktoForms2 object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp function| sprintf function| vsprintf object| gform_i18n object| gf_global object| gf_legacy_multi object| gform function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| renderRecaptcha function| gformIsRecaptchaPending function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar object| addComment function| HandleUnsavedChanges object| gfMultiFileUploader object| Placeholders function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _6si function| twq function| hj object| _hjSettings string| _linkedin_data_partner_id function| fbq function| _fbq function| hushly object| __hly_widget_object object| HushlyEmbed object| __hly_embed_object function| saq function| _saq function| drift undefined| driftt object| techtargetic object| Optanon object| OneTrust function| lintrk boolean| _already_called_lintrk function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| twttr function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| $jscomp object| fcdsc function| fcdscLoad function| ES6Promise object| Vimeo function| __vimeoRefresh function| onYouTubeIframeAPIReady object| gaGlobal object| MunchkinTracker object| ziws object| google_noFurtherRedirects boolean| _storagePopulated string| GoogleAnalyticsObject function| ga function| _initClickagy object| 3eiXJRXgVuLsYGH9303q object| _driftFrames object| __post_robot_10_0_16__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| gaplugins object| gaData string| widgetSource function| addCaptchaScript object| jQuery112405356401787801488 string| res object| saCookies string| current_window_url_param function| webpackHotUpdateHushlyEmbed object| core object| global object| System function| asap function| Observable boolean| _babelPolyfill function| hushlyForm object| jQuery112402845630532005372 function| hushlyCountriesCallback function| hushlyWidgetsCallback function| hushlyVisitorCallback function| hushlyFormSubmitCallback object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id boolean| hushlyIsReady

43 Cookies

Domain/Path Name / Value
.info.menlosecurity.com/ Name: __cf_bm
Value: XFOQtBJnFLR0Fzc5UNRs.Ja.WvF1rOjISrwXnLUzS7A-1666278493-0-ATLFyRL1MGtCBNMyr1cMO5EzRDMeubut2NnGnHysizTIWltHDd0hVW1URDhx8WPdNbuuj/kkDv4GYzmZ4pNSNyQ=
.menlosecurity.com/ Name: _gcl_au
Value: 1.1.1719691464.1666278494
.menlosecurity.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Oct+20+2022+15%3A08%3A14+GMT%2B0000+(GMT)&version=202209.1.0&isIABGlobal=false&hosts=&consentId=7e14bc59-5999-4069-aebf-7ae0396b5586&interactionCount=0&landingPath=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fan-anatomy-of-heat-attacks-used-by-qakbot-campaigns%2F&groups=C0003%3A0%2CC0002%3A0%2CC0004%3A0%2CC0001%3A1
.techtarget.com/ Name: __cf_bm
Value: KCVnCOFpxrN0d1zCVEqITdq2dMiPiymJp95vuMiANYI-1666278494-0-AQY1DrIg/k3Ujg06UR/wjfQD9yp15i1jumeasTsQyDQMwJRRLjErz6t46iuKfNN83jlXHXAqHr0UnNDLUim1Hu4=
.menlosecurity.com/ Name: _fbp
Value: fb.1.1666278494344.1340629174
.menlosecurity.com/ Name: _fcdscst
Value: MTY2NjI3ODQ5NDM0OQ==
.menlosecurity.com/ Name: _ga_C2G0PCSJKE
Value: GS1.1.1666278494.1.0.1666278494.60.0.0
www.menlosecurity.com/ Name: _gd_visitor
Value: d261e09f-b813-45d8-8b5a-34e59cbcc22a
www.menlosecurity.com/ Name: _gd_session
Value: 37ded416-8c56-4688-865e-47f8e4d180a5
.menlosecurity.com/ Name: _mkto_trk
Value: id:281-OWV-899&token:_mch-menlosecurity.com-1666278494413-87986
.ws.zoominfo.com/ Name: visitorId
Value: d2ef1dd3d2065e756fd0de379683dc6002e87712f5c163ce42a427cd01b5728d
.zoominfo.com/ Name: __cf_bm
Value: _ATQ7j.tDqSlPSg11AGojVKWezWRXQ69nDEusXONW1Q-1666278494-0-ARN3HAnoTI5NDQP1IWNdOi6uaY3BrEs8urzBrrzSSkjQMZiInY3jkheU10fxsbx+ZWY5IJ2xQqgJnO8TyVdXFl8=
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.linkedin.com/ Name: UserMatchHistory
Value: AQIw4HmlrkxjoQAAAYP18BCx2uzYk3bn-3vbrr1S_nWRum3q_jVIazJ-NgLZzlsSvT6ucRI6kc3CcA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKvRrJbv926dwAAAYP18BCxrPpwaCExcd11wzDPPRoyJaeYsIPMjk_E6L8feZRGuu5Osnd0ItcKL3_AiSz6vA
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&6cd69b12-191e-4c8c-8c80-f52c800f5f3c"
.linkedin.com/ Name: lidc
Value: "b=VGST03:s=V:r=V:a=V:p=V:g=2713:u=1:x=1:i=1666278494:t=1666364894:v=2:sig=AQEQwLKu21boOVvTxcNIqM8ruRM0htaX"
www.menlosecurity.com/ Name: _an_uid
Value: 0
.t.co/ Name: muc_ads
Value: 86d41ef5-6f34-40a4-9cba-b7b021e9906b
.menlosecurity.com/ Name: _hjSessionUser_1854968
Value: eyJpZCI6IjA3YzFiMDhmLWFkMjAtNWE1ZS1iYjgyLTIyMGI0ZTc0ZTk3NyIsImNyZWF0ZWQiOjE2NjYyNzg0OTQ0NTIsImV4aXN0aW5nIjpmYWxzZX0=
.menlosecurity.com/ Name: _hjFirstSeen
Value: 1
www.menlosecurity.com/ Name: _hjIncludedInSessionSample
Value: 0
.menlosecurity.com/ Name: _hjSession_1854968
Value: eyJpZCI6IjhkMjMyZDdlLWNkYTEtNGU2NC05NmYzLTY4NjZmNjNhMTJiMiIsImNyZWF0ZWQiOjE2NjYyNzg0OTQ0OTgsImluU2FtcGxlIjpmYWxzZX0=
www.menlosecurity.com/ Name: _hjIncludedInPageviewSample
Value: 1
.menlosecurity.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20221020150814c9025259-ec23-43de-8189-ec4d87a1ee22AQEwqT1pm9MN89NbQMG6Hjuh3NyA3S_z"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjYyNzg0OTQ7MjswMjFHg6V3gjyMmLMvDeXdYD3/3Cd5buVVEuN/XIYXOaFTlA==
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b.kmbH%2FdwF2k84H5upi%2Bb%2FkPFeYunENdfWiSxDwrVnrUI
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AMZb0oQI9S5pxooSXsS_9ayU6Ovg.QRaARy%2Ft6mrpbXcnwp%2BF%2B4JFZbM7Dj40HII9hngvHeo
.menlosecurity.com/ Name: _ga
Value: GA1.2.574835851.1666278494
.menlosecurity.com/ Name: _gid
Value: GA1.2.1164950548.1666278495
.menlosecurity.com/ Name: _gat_UA-41161362-2
Value: 1
www.menlosecurity.com/ Name: sa-user-id
Value: s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b.kmbH%252FdwF2k84H5upi%252Bb%252FkPFeYunENdfWiSxDwrVnrUI
www.menlosecurity.com/ Name: sa-user-id-v2
Value: s%253A0-3196f4a1-023d-4b9a-71a2-8497b12ffd6b%2524ip%252437.58.58.248.8pikL9J2WX7O1HlSggZOWrr1mlNv0pcOtcIYp9a8Tzo
.6sc.co/ Name: 6suuid
Value: 86641102462200005e645163c702000050427300
info.menlosecurity.com/ Name: BIGipServersj21web-nginx-app_https
Value: !bdiqwnSvzoGv3sfOF/6EdpB26h7ooMLgRPfK5yHUynlsWE4oRWpUlXx2cFQJHk5rlyt4h6A7PxhhtH4=
.menlosecurity.com/ Name: _hly_vid
Value: 7082ff7a-b5ad-4670-822c-5f61b115da4d
www.menlosecurity.com/ Name: drift_campaign_refresh
Value: 1fd76dd2-7bd5-4fcb-9a8d-d280b281bfa8
www.menlosecurity.com/ Name: _hly_sid
Value: 894e88a6-c5a9-48ed-b2c1-7ff40cc42d5d
app.hushly.com/ Name: AWSALBCORS
Value: 1uv4GNPC+/3mEy9vUH2FwtZPvepz00JiMPgo90as2FEXBjiBWu1BWc+7wgNAFKw6SmGexIr30VvYWh1BmpBg0eRtv6mEDxo5OKWAwErHDzQZpfIIyr8GON0tcqZU
.menlosecurity.com/ Name: _fcdscv
Value: eyJDdXN0b21lcklkIjoiMTg3ZDIxMDMtYmRjNS00ZTNmLWIwNzAtYjVjNmE0MDAwODQwIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiI3ODNiN2ExYS02Mjk0LTRkYTktYWFiMC1lZmQ3ZmVhMTkzYjMifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==

1 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/711861.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

281-owv-899.mktoresp.com
analytics.twitter.com
aorta.clickagy.com
app.hushly.com
apt.techtarget.com
b.6sc.co
bootstrap.api.drift.com
c.6sc.co
cdn.cookielaw.org
cdnjs.cloudflare.com
connect.facebook.net
d2i34c80a0ftze.cloudfront.net
epsilon.6sense.com
extend.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
hemsync.clickagy.com
hubfront.hushly.com
id.rlcdn.com
in.hotjar.com
info.menlosecurity.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
metrics.api.drift.com
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tags.clickagy.com
tags.srv.stackadapt.com
trk.techtarget.com
us-u.openx.net
vars.hotjar.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.menlosecurity.com
analytics.twitter.com
104.17.72.206
104.244.42.197
13.107.42.14
13.224.189.101
13.224.189.122
13.224.189.50
13.224.189.51
13.225.78.103
141.193.213.21
142.250.184.226
151.101.14.109
185.89.210.122
192.28.147.68
199.232.188.157
2001:4860:4802:32::36
206.19.49.24
23.45.104.85
23.79.139.87
2600:9000:20eb:fa00:9:14eb:6280:93a1
2600:9000:21f3:ee00:13:a3bc:6800:93a1
2606:4700:4400::ac40:91d9
2606:4700:4400::ac40:929e
2606:4700:4400::ac40:9973
2606:4700::6810:650c
2606:4700::6810:9440
2606:4700::6811:190e
2620:1ec:22::14
2a00:1450:4001:800::2008
2a00:1450:4001:806::2004
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:82a::200a
2a00:1450:400c:c0a::9a
2a02:26f0:3500:16::215:14a0
2a02:26f0:3500:884::1c91
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.98.64.218
35.157.228.184
35.244.174.68
50.16.7.188
52.18.136.97
52.44.206.121
54.163.122.158
54.203.228.209
54.87.106.23
01cbac3c4e6bb2c6e2006fc5b2c60181bb18f6c0e75c3d12e5030508bd0afdfc
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
073b97779f9dc3c731a8c153f3f8dcfe2dc8f99a2c5ad7a279361a08e0302dc0
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4
0ce5c3f8080f47c836504791f325bc1347930bf1fd9c5eff12d45e7b60301d0f
0d65c191bdb00657a19c2e9bf69c7adad4afca8720a74d13e0de3774c3258978
0e80fa7380340a7651059a8b3d0d8ee3612d68c21a82206eaa5b0322b8263725
1026dbcff11e16ec34fe5cb7369461ac343cd39b366cb612afe40d0f6d27a3d1
11374f38070555c45a2cf29c753bcd7442517ef7d7afdbe2d381f8235efeffcc
146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
1712f996fa926d7f945e27035ba65f37a1e48db63dca9705af8ea157816e2a57
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1c27bb55dc2fe6453e72fdfa7726fc8b74473bbffdbc424df999dc7751bf7ce3
1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88
1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7
20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55
20f027f7b5dc09b0e9c50d1b10222432555e9492d9d6ca406defbb275acd6a90
22d4e97b7cf71dd5f392fbafd5fa088b293117cd9bf12035d50ab37dcc168e7e
253144997d7f8a90e80bb5da26c0bfa3be27066f9a09cdfc094668a989d997be
2549e2d5e272450f9d373855a72900a0c81e9603d0ab0298ba3e2911a1f22b26
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2800c89c535963b87a1c952ae5285da4f148ebaadf38ec5396f432e0e9254d39
2b065a0026be768ecfa77a6645a074c5c65a789f2889c1d1c4b22e96fd38f1da
2c49d9c346ac743df2351f62a73c3087dd91b1f51c86f6a824b2944394e04d92
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8dfe5207db75f7a393a3c05eed7886353cc7a4135799d7d13895d90c69b5e3
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
33939bb9d827d73e58f184dd1b06e5024b34d62373bd41ce2aea6058d62aa902
38b6e792cfa117ad887d73f850c1f7f0b6fb19ac74dce132283016cb3bcf62e4
3aaae5f06c9ca79fca3452dff3a1b8b6c971a2fbfa612e8f57ba6f00e90d9aca
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
408d18c5c5d429ce94649d396aaa742d86136acd98457af199dca14a7a9ffc24
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
4611e98122a2c3ddb76f6e0d3e88d1fdeee2844edb65d1a4e03aa1335c56a901
487d3252e04d702f033dd508688732af1b78b9a5a604a5699288b652ae9f9b5a
489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4b7bd98e5ca8a4a565f8a09965fd8da18e8ee37e99b1cafc08bad6673b38c7c7
4c27bcc455f1661b2611082b07aaf46104fe4bdb8b8cc1f4e9ac04fe257b23fc
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f5dd0d854ae74c0c75382b9b99477a3eea7031135306d3908a975c26c5af348
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
59cb7d5683f72d2920b70698c6a9ffecfaaf2479594108b481c94d3848750bd9
5bb0131177aa9022463bfc6f6c7b57f943e8c95c9176a6a6a75b908640582cda
5bcbd83d020ff272645c59dff179841df9374a6295f324eee00b9de4e67bc1cd
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689
5fdcc836e7411f34467ee25ec99fae965b395f2b5cf0d9e1cde0744bc5f4cd02
62c994195bf30d1607e2d7b8cc5eaf8d9c30c7f78e6e32eecc676a3f74932e43
62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce
68b4b6fc343811ef9268a786ba1a6d45532277051d2db7804896df2b58a9b429
6c45006c40d76e72f40e88dc8e91670aeb859178d60536c3b412f79fe5399b21
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
6db9c3367d4143fd3982190acbde3cf5aafe1d35b5a4884d03a257b801b56b98
6f102cff3d47f725c68e30506037a66920a19fd6bce42273fa0d012c38d57b29
6f51bbe7b57914a96209c33c6a7a2d21f01b93f346fe27e5349249bc6a991679
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
703483cfe38c5b280522ae94ebb009e65d4bf4d9bf264ed6302a6bb4dad768c8
7073fd7f7f86e4d7fa4ee64df42999c3a58d3ffd7f842b0e8e98001407a1966b
71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211
7241e72a9b6c21a28ce6531b73eed7bd11ca1bc737d88f86d74bda1682b4a123
7501d6f1489d7878ea71a2bb48211bc0ae0ab34fd934c4129d0089610e0f4c07
759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7896b295039b9c5bd6471df275e235edb36f3a556f84f2d605da1e90529747cc
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
7dea9c3805cb7b6df92c8f4040692bb25589be8a6356c6b5d61dba9ca33399fc
7e5f7f0d7ed80280f0a84f08b2494b6bf509d6a44d683d8a2bafc5a690635310
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
80589affb81f0acbdd860efbc855c0af00166d92d8bc7f30a01ee490f8a3bed5
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8545749101fc8aeb139c07538cfd2db5c79029985962526aa817b899c75b67ca
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
88dabde38129dface87110fb7572a2abf80b35722af1baafae9596636ad405e5
8a922a4a99690c60ae583d1c04a889a19d0ef685ddb6ded20851a9b248244934
8db0cd63630a14f7ce023c3c71c7ac8db39dacd27c6c42580a814bed7bd292b9
8dcbdf941f2ac36658027af985c8621d3468eefde9ab793f38f6fa53bc22aec9
8f9744d3c77bf745613f674a66345e2678559c1b74c71c60638104eefc1ba560
91623c33aade4a8d9370f6b51c6baf9680e6de834d33185a4f672ba7778fbed6
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2
958c2ecbdd6c6708cf566ceb9b10ffd133ceef822ce81ef460db8ca29e44bcb5
96065b65db7e8da6961a6deb2f2b19db5d983a1f92994f31d9ad9a7821ec2f8b
98b2a09094dab7265586a29153116e2643100c1c4bfe6ef424af859ffb639ccf
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9c03e696d15ec089b9e3ee5b6f1450019259530dd19044175a2b9953d430fa79
a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85
a146255dd67a738d7ebb2fcf9bf7d0a6358f33ab47567063bbb0caa20d7d40d7
a7d6070b955f11f31a679ff7742f6fe382348f7b71934cf2e8596ef1908c684a
a7e93d524e61a486b5b61c0ac0d9a39ebaf8aa5056ffec6c313a2cd8b43eb190
a8deabdae1ff664f9f859384fec04108ea8ccebf779fb920b114f70bed94350e
a9106f8201be70decee33d6db0ed15214e640fb5760a3ee0492dcfb6ca7b8ad0
a980fc04a01d4c539a6c8e3c5e8ef4663cee2eecdd45ceed3c908fe979e7ca26
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca17711b2bcab8335b7bd9c2880033b2aa69a0e9f33ce2e1a507dbb0f9cade3
b09a2d904e78e2865bc207664949b198cdf95233eb545937dcbfa3ab6682fe36
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b43508242f21a59b37bba45231dd25c6c861e079ef05607273c620337e217b9b
b52eed61e525e662ed6ccb335eadcb80c0c6cea76a86bc525052942873ed5a3a
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b600f1dc62b172effa1611f27da2410354b23d9bc79f34a525821752fafcde83
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b8bc4ed1493c1977120d12182cb046732ffad208a75d936ce32944c7deddddd2
ba0b426871cf3c89e977488b25871492240ea776a74d4e5894245cdeb2883634
ba482add0c02c927f05b5078b949334e4d1db145525061a0bb29b70bda92b9c7
ba552b1989b489cc4c619989de193cf07efc5f26419edb00563c3cc9007706ad
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bef857d0d4902ce2c1e5061786720d2bde7b06ec62f44b10a14895ce8c32b1b9
c0a4830af55fb7faabcbe34e804d186959aac83e6832495817e0e62122d2748f
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c5026fa13ae600e675019e7294c3b13ce996d625300b6d3c905958fa7bf22b2d
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
c88b840f447f11dd645c51a5e9f381774f4c89becd41b0e094b005faac64b4b8
c9f4550700e5b31a1b49eba49ed6962e0775bcb1beeae987d0968f273a35effd
cbc7d10e140ca3fd547d950a3702abaadff65b9b077be2d9225c21e17dde64ad
cc9914192e0a743ae5573b812ab10411abd58039f8d1971fcf08f5591a8f2257
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d31c8324cb19809562244b53cc52b67032e5cb663b758de4cdc5a28169743d99
d3c4b1d1abee7af1529758460c464a8721f281dfc899159dc36f521534d53fc6
d5a889dae117315d85434869144091af3cce79107cef93c3a1ca57c44239b324
d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
e1cd92144ff9e7af94bc45cac521e92d5534c7447b4de28afc365dbbf8828658
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e490f8796f832cdb8b4e54544a2f41b7c85b0a2339ec48e2ba6b7344af1f9b6e
e87a8ee30b7f3e1fd90688380586a85641bc7a432e83be99cce7526e5f702136
ea6028aa03c2eda8725a67ffaff79e8498b464975d8a1744f983d9809c6810e5
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ecb4cf1400337bb3e1f8d6e9c312534a7e4a786832b909799c1d26373371861e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f38bfa814ad4096dccf3892ea2c80c4d8b79e5e8ba7043c7c730b2061a2d2102
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
f433122da8de4f7e86aaa0422f1a1a782729938a6cf58632a1f591178b5b91f8
f595a7eeaf2e9ef60746074e0ff87a1b6bf60355ece3559d666b9b59041dc976
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f828e5c6af531fddf9c39cd7c31d8fec693f7b2366dd3c1246ea347329951187
f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8
f84f90e0b8d058f6c6119cc65908765742a3f60f5f099a1eab14cd99118337c7
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a