www.beyondtrust.com Open in urlscan Pro
45.60.65.64 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-lis...
Submission: On July 10 via manual (July 10th 2024, 7:34:42 am UTC) from DE — Scanned from DE

Summary HTTP 63 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 63 HTTP transactions. The main IP is 45.60.65.64, located in United States and belongs to INCAPSULA, US. The main domain is www.beyondtrust.com. The Cisco Umbrella rank of the primary domain is 574709.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 25th 2024. Valid for: a year.

This is the only time www.beyondtrust.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	45.60.65.64 45.60.65.64	19551 (INCAPSULA) (INCAPSULA)
38	143.204.215.128 143.204.215.128	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
12	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
63	7

9 45.60.65.64 (United States)

ASN19551 (INCAPSULA, US)

www.beyondtrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 143.204.215.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-128.fra53.r.cloudfront.net

assets.beyondtrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	beyondtrust.com www.beyondtrust.com — Cisco Umbrella Rank: 574709 assets.beyondtrust.com	411 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 545	179 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	201 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2949
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1007	303 B
63	5

	Domain	Requested by
38	assets.beyondtrust.com	www.beyondtrust.com assets.beyondtrust.com
12	cdn.cookielaw.org	assets.beyondtrust.com cdn.cookielaw.org
9	www.beyondtrust.com	www.beyondtrust.com assets.beyondtrust.com
2	www.googletagmanager.com	www.beyondtrust.com www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
63	6

This site contains links to these domains. Also see Links.

Domain
www.morphisec.com
www.av-test.org
www.linkedin.com
twitter.com
www.facebook.com
www.instagram.com
www.onetrust.com

Subject Issuer	Validity	Valid
www.beyondtrust.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-25` - `2025-03-24`	a year	crt.sh
beyondtrust.com Amazon RSA 2048 M03	`2023-10-02` - `2024-10-31`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Frame ID: 2BEC72F6BD23A329312E17CDEA9CCB9B
Requests: 64 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Using Application Control to Prevent Malware & LoTL… | BeyondTrust

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

63
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

792 kB
Transfer

2519 kB
Size

5
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.morphisec.com/hubfs/2020%20State%20of%20Endpoint%20Security%20Final.pdf
Title: as little as 40% of all malware is known

Search URL Search Domain Scan URL

URL: https://www.av-test.org/en/statistics/malware/
Title: 17.85M new malware samples detected

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/beyondtrust
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/beyondtrust
Title: X

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BeyondTrust
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/beyondtrust/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing Show response
www.beyondtrust.com/blog/entry/ 369 KB
66 KB 1131ms
1082ms Document
text/html 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

29db2e34c0dd1aba7b3c5f3c4e22b81d7a530bf752d1e0c998368c6604cb1274

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, s-maxage=60, stale-while-revalidate=300, stale-if-error=86400
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
content-type: text/html
date: Wed, 10 Jul 2024 07:34:35 GMT
etag: W/"668d80e5-5c184"
last-modified: Tue, 09 Jul 2024 18:26:45 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 f5af2731a86629973e69564f824d95be.cloudfront.net (CloudFront)
x-amz-cf-id: Nuk80fcgZG56wNSr6_TRKccOEOs5ttbbuMV9PwW8gNFEVn_VzJ4P1g==
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: sameorigin
x-iinfo: 4-3363635-3363640 NNNN CT(24 5 0) RT(1720596874763 40) q(0 0 0 2) r(0 10) U24
x-xss-protection: 1; mode=block

GET
H2 200 lato-v24-latin-700.woff2
assets.beyondtrust.com/assets/css/fonts/ 23 KB
23 KB 66ms
11ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/lato-v24-latin-700.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: 2.AWabukSDQa4XABULR_6Rbt3BZQIMgD
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23040
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "de69cf9e514df447d1b0bb16f49d2457"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: j9Hacm1qWLIz9LRPRXftD4FkQT3inK54vtBRFFwQYKH15XY1lxlB9Q==

GET
H2 200 lato-v24-latin-900.woff2
assets.beyondtrust.com/assets/css/fonts/ 22 KB
23 KB 64ms
9ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/lato-v24-latin-900.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: tqBNIHUMRotz9X7qr6VwP5q5SmzNoF0h
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22504
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "1c6c65523675abc6fcd78e804325bd77"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -gaBTXfpfIca_lnSFbVd0yEP3fNiHZf088UYcG7jVeG7AqR9V-LG3w==

GET
H2 200 lato-v24-latin-regular.woff2
assets.beyondtrust.com/assets/css/fonts/ 23 KB
24 KB 67ms
13ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/lato-v24-latin-regular.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: 7Dyv0.kQnAc6U0u0WXpbUCSHx9mcVeMC
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23580
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "e1b3b5908c9cf23dfb2b9c52b9a023ab"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: BkayWUYssVW3k2r97nRoyzL2Lf3Czv6OktpgAWbUnorOn9YYVHIzHA==

GET
H2 200 roboto-v30-latin-500.woff2
assets.beyondtrust.com/assets/css/fonts/ 16 KB
16 KB 69ms
14ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/roboto-v30-latin-500.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: vcihp2FCwl44EF6ah3fQ1TLO.cyOc18x
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 15920
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "3a44e06eb954b96aa043227f3534189d"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: RZSWl-4nwi9-oWGEsTr8EIw3ZVylRfGkn_5PbPo5DVBaiwC9y2y9Hg==

GET
H2 200 roboto-v30-latin-700.woff2
assets.beyondtrust.com/assets/css/fonts/ 15 KB
16 KB 65ms
11ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/roboto-v30-latin-700.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: TbQRBfarJpjYylLiKN1hLIO3lqlbRdIp
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 15860
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "e9f5aaf547f165386cd313b995dddd8e"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: rR9HhBsIu2nlJdWGtKe06HNweubpBbx3pKPibb6ndS8gY24xp-laMg==

GET
H2 200 roboto-v30-latin-regular.woff2
assets.beyondtrust.com/assets/css/fonts/ 15 KB
16 KB 69ms
15ms Font
application/octet-stream 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/fonts/roboto-v30-latin-regular.woff2

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: hiHgK_b8lFgfSrPhy3Zri0mQearBaxL9
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 15744
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: "15d9f621c3bd1599f0169dcf0bd5e63e"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: i92Ot8tzj0AKPPzz_i-F8iHU4sp8e9lB58gNGCZD7EsTtIm6Al139Q==

GET
H2 200 styles.4da99879091a617a6c59.css
assets.beyondtrust.com/assets/css/ 120 KB
21 KB 50ms
9ms Stylesheet
text/css 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/styles.4da99879091a617a6c59.css

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

219d6711d995434c628617ecc506acfe05c746305df40c9a94036a67fb9ae22d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: BcD1kzOocwU8D8rugYOTPxznR.6U2tAI
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"e526b8ca47f9e409a3ecdc28b96ac7fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: zs-sK8l8Ohp47wFRLCCt2ILl_sIeOe0V6XZ-Ph-xVnFFheFf7HoqFA==

GET
H2 200 tailwind.e94bd13c74d2276ffe5e.css
assets.beyondtrust.com/assets/css/ 67 KB
10 KB 51ms
10ms Stylesheet
text/css 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/tailwind.e94bd13c74d2276ffe5e.css

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c94a9ed8284a43cd90a1fc1b53b43375b5c6627c2cbdde9a837854507c024ce6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: lcrWTru1SVSQVRUr3BVkQDlz0mUR8TWk
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"8f38fa87a35dc6256f865ae710e9ac05"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: z8I2XGSFKH7WXrxt8AHJfO8gpttrWKxLRBRcXXZtnmtdqeQIRK_xlg==

GET
H2 200 head.1a3417bd1ee4f434bf64.js Show response
assets.beyondtrust.com/assets/js/ 4 KB
2 KB 8ms
8ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/head.1a3417bd1ee4f434bf64.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

435100ee819f3b348a81dfab7da99245ed06a9740e55430c8abf73400bdabed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 15:20:39 GMT
x-amz-version-id: cWY6btrOTAXzWYPTtchlqOv.3iNhHv7w
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 58437
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"4e49b8392a1bb4b820e2b703c7bbd0a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: WARO3xCQaa_jxiC4TdzeFfXTlXCXeB0K9-JWJoWPG5odv3pGBtuPuw==

GET
H2 200 alpine-headingLink.250b6e3bf2869801c68d.js Show response
assets.beyondtrust.com/assets/js/ 2 KB
1 KB 461ms
445ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/alpine-headingLink.250b6e3bf2869801c68d.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e74ea62e94b2d9b6542e88996fe814376518220e49152ad498b7d4cb82566f38

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: edB2MnGIrYLw2gs0O1sF8Ag0JIIo7eJd
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"38d9c10d6893a5c8adcd94c968aa7b3b"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: ezMNG6p34Auo80-Wv44XWndeOGXf3-E23byf5EKekVXKaHorNEy2Kw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 265 KB
94 KB 56ms
32ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-88RX

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f5232daa0119ea721d2ccf21ef5ebf34efca3cb9ca7c944ce877f9c059f680b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.beyondtrust.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96125
x-xss-protection: 0
last-modified: Wed, 10 Jul 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 10 Jul 2024 07:34:35 GMT

GET
H2 200 alpine-fineprint.8e8186734f4b09da7e20.js Show response
assets.beyondtrust.com/assets/js/ 443 B
1 KB 430ms
430ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/alpine-fineprint.8e8186734f4b09da7e20.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1c56a71e788eba733ec48ac262e1ff5758fc626249efbaaadf2a2bdf3bc54db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: JHXZLJqWsFeJTGstQ2zrsz33AcDk3GO0
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 443
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: "7686ce97b4fad8a8e1344401934c3eeb"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: dpdzfJI0GjUBLUnQfoq6mMeqIYl09dnX4KSdXMAhaPOx7769H-i0cg==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 footer.fc0d04dba9b9cc1c58ff.css
assets.beyondtrust.com/assets/css/ 9 KB
2 KB 479ms
479ms Stylesheet
text/css 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/footer.fc0d04dba9b9cc1c58ff.css

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

47f57f9054b85feb38d51e04c1315c41fc2f6de43d2981bad7fedef54acfee41

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: BAE1DxLglJfjdPpDg1_.aY8b5gHSd.fi
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: W/"b3891eee9c6d44074198dcf21e039de7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: QBE-7lw_3ZaeV1KzFuxYo7G45CAl9ciby8qxetjG8uJ5x-Wc5-56og==

GET
H2 200 gsap-separator-footer.9f70f2e2a12607383864.js Show response
assets.beyondtrust.com/assets/js/animation/ 663 B
1 KB 447ms
447ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/animation/gsap-separator-footer.9f70f2e2a12607383864.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3c32a6b5ae3d6441b6db199d790123079eb0f8df6b2fa561d7bd7aa70cbcb685

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: oOG0NsSQ_vT4l0qvg99I09WgzCGGuQRM
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 663
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: "bd546651928ff698fbffaa68bd0f7781"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: PSfBGB16-SBP4RpAC5nXVfTA9Oa2GQ6u7l5GMWWEIUxfWBJ3Dij2kw==

GET
H2 200 sentry.05e63debdb33dcd965fc.js Show response
assets.beyondtrust.com/assets/js/ 3 KB
2 KB 447ms
447ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/sentry.05e63debdb33dcd965fc.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f8d7f11cd6d7263ca29b2b550d24961d4df16526e54a78ce101a851f9a2d3667

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: 9X6j2EtH4rVlOkDFpCzo_zxcWGhQMAcB
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:21 GMT
server: AmazonS3
etag: W/"f3033c2311be9f40059d4b2949d96e6b"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: tCkQUl78aGhl06tPbgOI7WrCSmGMZVheZSu8vAr42gDENpjxx0f1AA==

GET
H2 200 intlTelInput.fd9942231e49ea7efd27.css
assets.beyondtrust.com/assets/css/ 19 KB
3 KB 469ms
468ms Stylesheet
text/css 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/css/intlTelInput.fd9942231e49ea7efd27.css

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

51085959f12dfa555f08f1d052c7e416b0385757f8217345682594a040d4bda9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: zx_7CTiPpEkWqjiLs5aGqH0A20EIAI5v
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:18 GMT
server: AmazonS3
etag: W/"7f0b3f2e939a3823359f9bfb1a27a62e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: 23Rff1R84iLP-m2JAGDFO9JUZ1epFpngrXalrvEVYoKsd3b_478dcA==

GET
H2 200 formFields.4ff7cefa33c1706ea9eb.js Show response
assets.beyondtrust.com/assets/js/ 39 KB
13 KB 437ms
437ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/formFields.4ff7cefa33c1706ea9eb.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

df087172494e330b0026a7601135805261f4032275ac4367e9f94daa8542f1fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: 00ffmo3PWFmS.xFWE7sOzHc3KjiO6nkn
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"d579ee1d77065657305d268f907d8037"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: VAWmiCRS8cSX34XaEQjwOXqta0oNC8Ee2BNo-cocDii72_waQnJtng==

GET
H2 200 formSubmit.53ae6da06195b24f5286.js Show response
assets.beyondtrust.com/assets/js/ 5 KB
2 KB 456ms
456ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/formSubmit.53ae6da06195b24f5286.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0c1d55e4d0d5ca5c6b23e4c8493106e518db21e90a1cbf48519d300f78e24cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: w0m.8HhtXGGiXHQS9h.brjqIqkeF8Qzy
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"9dddc24f70ddffbb2f4ebc3c6bc2d3b4"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: 84Q4yipHoJ7sPQBdPZdF0nn9SgAGkLmNWB7Fv-vPSKYgqnBN9NsXKg==

GET
H2 200 gtag-gtm.502b5ef9b60db5e09e4d.js Show response
assets.beyondtrust.com/assets/js/ 2 KB
1 KB 468ms
467ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/gtag-gtm.502b5ef9b60db5e09e4d.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ce39f0fb9180baa3a4b350b299e5550916e0f182dc7ba3222e0142e9770f5e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: Yd98PesIM58Zowfz52kWiD0V9fOPmlvi
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"7d0e44e0d47877cc7847e7b2948c37b6"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: fy5pFbQLrWDnYCNA1lKs4opp3wLfSF5gJ3RAnWcfy4vwrTWM2kp6MA==

GET
H2 200 wistia.ac3b5c555ba867985379.js Show response
assets.beyondtrust.com/assets/js/ 2 KB
1 KB 459ms
459ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/wistia.ac3b5c555ba867985379.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f9812f4a5939021acc1b40980b70a219734c9e8d4d753f02b8852029de7fdb1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: CqHs4b79yWytBBgsYtIejGHkmoaT7VsJ
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:21 GMT
server: AmazonS3
etag: W/"61b66f1c2463458839b65b5cae4f1178"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: eO-Rva5WQtfl_sid34pdDnXbqu1oEV-n1mezyWjgUmgrPtBKN6Jp6w==

GET
H2 200 search360-async.d05805dfd33a5eff3f58.js Show response
assets.beyondtrust.com/assets/js/ 3 KB
2 KB 497ms
497ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/search360-async.d05805dfd33a5eff3f58.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bdd9f0db5e8d5830054007dc42538b7dabb83bb900acf346dad46b748c2d3a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: pxp7hb75.ZaAJS8vdrZJhfNNWPRDcPbi
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:21 GMT
server: AmazonS3
etag: W/"82cd1425789806cb225655ea414c8ba9"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: dsR2FyYgDFM2PFQrAnZNuDUGTCXn0h_UI0De1z6aqRjWYhGMojZH_g==

GET
H2 200 htmx.1659814d97309fade3ec.js Show response
assets.beyondtrust.com/assets/js/ 45 KB
14 KB 458ms
458ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/htmx.1659814d97309fade3ec.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

720b6aa633cf185be6a010720a7f7c1ba8d43fe2dc6c210bded51cf6c2f3fd79

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: wtv_9stfrJS3QM0v6p_yZatuwmPjdffh
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"5893f861e5f8a47ac49b09024b4cb1fe"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: vOsMhl_u5-oomc7-H0xFqrPiEJ4S0FakoSBaM-6SeKEYcB9Y1sqYmA==

GET
H2 200 bootstrap.8ff699b503b135d8fd91.js Show response
assets.beyondtrust.com/assets/js/lib/ 3 KB
2 KB 492ms
492ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/lib/bootstrap.8ff699b503b135d8fd91.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d7fbbd9ef86218eab91bb6f00e4b5b9f1e23103d77705f26906ba60ebd474d50

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: Db_bs75A52GTI2FO.9aNEGH2IlAU5oQA
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"a3d353e769d1fc8ac2e2743fe87f8b17"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: TAkypoNgWUA1zl5k-jVduL5ahXS1OxfR_OrIYv2x1W56G9LiosAJIw==

GET
H2 200 _modals.c30981c2e735a05af500.js Show response
assets.beyondtrust.com/assets/js/ 142 B
755 B 464ms
464ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/_modals.c30981c2e735a05af500.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

dd89d6908e197bf255dfcaaa7d48923d656b74301d0fb7c7593a9245bea9f6dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: 70kCy5ypq2UNGuvKGh.AkA9QsjsUi5ch
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 142
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: "2242e67af2c87e5d616592b14a1f1f8a"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 5dw2bwGNTJOsvxA31YqmrMqLYzflRYQWwKmrC_K_7Pe8DMslX_Y0sw==

GET
H2 200 _scroll-to-anchor.9e4b2b0adee038fc2f05.js Show response
assets.beyondtrust.com/assets/js/ 586 B
1 KB 456ms
456ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/_scroll-to-anchor.9e4b2b0adee038fc2f05.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0d78dafae42cd9916deabdb87d64b19f971412de7e8b43535ba03530ef59a6be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: 2q38ewcit77H1mADL8ZKh4KPeX35mjNx
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 586
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: "509c4e145d513a75b6c96bca5a3eb444"
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: KtwhagJGguw9lv9MgiPE-ohXYbU49FGPybKX3dgH-DX17g1TuIcujA==

GET
H2 200 _section-navigation.eb8c4f17a6a6a5e83bf2.js Show response
assets.beyondtrust.com/assets/js/ 1 KB
976 B 447ms
447ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/_section-navigation.eb8c4f17a6a6a5e83bf2.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

781812c39edf8c9e2a8487d56d2a25f317f07eea87f741cfd4978e528a9b8547

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: B0hUbz2tBAX3nCH.HjTR9m41vZ3WgQi.
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"f2dfb46af2bb2684c7068cbd1c8143f3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: R5topen3JjD3Xd8U9ZrNHfCszwCZxq2M3xMfTZrzy4hwkOhzAAEiow==

GET
H2 200 _announcement-bar.966881fd3503c1e024d7.js Show response
assets.beyondtrust.com/assets/js/ 4 KB
2 KB 463ms
463ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/_announcement-bar.966881fd3503c1e024d7.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b5dc38ad0fa67c87ebd3a67691bf10c969d9fb63a995e5ca36a823348ddb6c2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
Origin: https://www.beyondtrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: N2GMbnsIdsCxi7uItQL3aGuH18Z.8AXd
content-encoding: br
x-content-type-options: nosniff
via: 1.1 e0064d0a2437e206ed082e1fa1cdae60.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"c1b07939ae1abbb586e9a622c2e6f016"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: JOT7VKQ1okXE9FYPehnrGslsvBgJob5N4-1dJZU-cVylxfL4T2HcuA==

GET
H2 200 dismiss.svg
assets.beyondtrust.com/assets/svg/ 564 B
1 KB 11ms
10ms Image
image/svg+xml 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.beyondtrust.com/assets/svg/dismiss.svg

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

imgix /

Resource Hash

f232bd93de549b09972f686c181d38d8aa393907668b4ea1e8552a930f25af92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 2245070
x-imgix-original-url: /assets/svg/dismiss.svg
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc1000122-SJC, cache-fra-etou8220030-FRA
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding, Origin
x-imgix-normalized-params
content-type: image/svg+xml
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000, must-revalidate
x-imgix-original-host: assets.beyondtrust.com
x-imgix-host-chain: cache-fra-eddf8230132_assets.beyondtrust.com|recv,cache-fra-etou8220105_shield-da14e8ff87ad2ab77cd0432a0de1f4f388cad314.imgix.net|miss,cache-sjc1000122_shield-da14e8ff87ad2ab77cd0432a0de1f4f388cad314.imgix.net|recv,cache-sjc1000122_assets.beyondtrust.com|reset
x-imgix-deployment-timestamp: 1710537190
x-imgix-deployment-hash: 1418
date: Tue, 09 Jul 2024 15:20:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-cache: Hit from cloudfront
x-imgix-id: e7064647b06d17f7ca52eb92513a871e9df95977
content-length: 315
x-imgix-cache: HIT
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Mar 2024 18:57:00 GMT
server: imgix
x-imgix-deployment-datestamp: Fri Mar 15, 2024 09:13:10 PM UTC
x-imgix-shield-host: shield-da14e8ff87ad2ab77cd0432a0de1f4f388cad314.imgix.net
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: YniJRmCCHrmWUVflumeb9kcNLM9y_r_TmZ_Rc74fjycVrAgLjoo-7Q==

GET
H2 200 ie-warning.63099b4a04366aebd7ff.js Show response
assets.beyondtrust.com/assets/js/ 3 KB
1 KB 455ms
455ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/ie-warning.63099b4a04366aebd7ff.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c84f486df4e0e2308b5ebd7129e8a34546d528107751bbbf092dda024158dac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: qNrUH9k_cBsv_rvqKCo1qw.NNXn7pbfL
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"13436b8ad6e430400c6448fab5e3bbb4"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: oSDuWFCP6JuV2zCEm4-X-dKdZ63YbIAvSRWubEOhCHnE4ocBuKgDtQ==

GET
H2 200 accessibility.07d47d740e03f4576c2b.js Show response
assets.beyondtrust.com/assets/js/ 353 B
955 B 450ms
450ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/accessibility.07d47d740e03f4576c2b.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

65e9183cd9845819cd4b6fb473b1d461907542fb5fa0f00ed3db2a5a6b959672

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: .t5RWIiew3i8Ckx8vTkRo8rGqON_B00w
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 353
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: "43e9ab8619b0d9d05090eea1ac34b274"
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: nd3_le7BeKlN8urZweiTv_QwmnNm7Qs6oXfB5pbIn6wP9JyQucar9g==

GET
H2 200 gsap.4afa102b8ba60e4a6987.js Show response
assets.beyondtrust.com/assets/js/ 3 KB
2 KB 451ms
451ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/gsap.4afa102b8ba60e4a6987.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1e670600b79ac1d1112242d4bc752f9f459cc41ecf75b831979135fce11c4a47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: rMlb3LGRguRsnIIMGIU2L4P9dUxR4Upg
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"7c08c3b6cf71bb265efbbb8a8148c65b"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: gyjl_ZyZ3MwGw91NgTI9hhWCTzj8CRnz19SQ3M5fnIc-zXxmuNLCkQ==

GET
H2 200 alpine.e574647c4d7ce71bd285.js Show response
assets.beyondtrust.com/assets/js/ 58 KB
20 KB 442ms
442ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/alpine.e574647c4d7ce71bd285.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

80ffb53a161408c526f20d32ed250b558ca93be1473beeb71ca2199b59914c45

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: oSP1sebUnrB.bjPFSMzLOFm7QZeBl7xO
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:19 GMT
server: AmazonS3
etag: W/"4970dd72db7a1b09dc40f13bd609e025"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: nM0cDXxxquSaWUKLZOD8uPbm4Z4FJHvn_aFYjrTpC165WTSCucFEVA==

GET
H2 200 onetrust.d82a099580541b6df4eb.js Show response
assets.beyondtrust.com/assets/js/ 6 KB
3 KB 447ms
447ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/onetrust.d82a099580541b6df4eb.js

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

62be6485dd7247a0663633ec4127f4b5b6c3490ad51739114b3f97441e258934

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: 0v3I..64UZbiy5NVLnDrzRw07CoNt64j
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"8d9ca41969966d7a66214120fec777ac"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: JXHs27wTOt5vlF6c-qzUUpqFiuocFNZiMCFYH3JG0SsNdLdngLYn_A==

GET
H2 200 _Incapsula_Resource Show response
www.beyondtrust.com/ 137 KB
19 KB 13ms
13ms Script
application/javascript 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=498351109

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

22e811e42ec8b4d3bb46d2b2872ab6234e91830014acd7c06a51d3fbcc220f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 19805
content-type: application/javascript

GET
H2 200 blog-index-page-banner.jpg
assets.beyondtrust.com/assets/images/ 17 KB
18 KB 11ms
9ms Image
image/jpeg 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.beyondtrust.com/assets/images/blog-index-page-banner.jpg?auto=compress&auto=format&q=80

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

imgix /

Resource Hash

a55e7553fdd0e8b8434e04b469a20df6018b6006e8c9c6fd214221f07fd158a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 18:51:21 GMT
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
age: 3255998
x-cache: Hit from cloudfront
x-imgix-id: 81340673eb6b4ee6b2fb2512eb2dfa3a5e9de736
cross-origin-resource-policy: cross-origin
content-length: 17428
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10074-SJC, cache-ams21046-AMS, cache-fra-eddf8230125-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 02 Jun 2024 15:07:59 GMT
server: imgix
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/jpeg
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 3qcwD2a_melOzrwc_VyVpYtC63mNw71qQsuGfen2LVsKSDh2HnziOg==

GET
H2 200 Pros-and-Cons-of-Block-Lists.JPG
assets.beyondtrust.com/assets/images/ 19 KB
20 KB 484ms
484ms Image
image/jpeg 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.beyondtrust.com/assets/images/Pros-and-Cons-of-Block-Lists.JPG

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7f610b1d6e3e144bf4c6c6bafe29f6fba3ed341514693d2731eba78a30c9405a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: VCMjOsrr0nVtecSjABM6SfDVG5Mdiw_d
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 19767
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 23 Dec 2021 16:15:16 GMT
server: AmazonS3
etag: "e5bb3721e968bbd2dca2018aca9f9d72"
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/jpeg
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: xHkdBbaYE1Ff6lh8J-HK8nLSLuRWdfai42w_hbACqItLt0rIVnw1_w==

GET
H2 200 _Incapsula_Resource
www.beyondtrust.com/ 1 B
36 B 9ms
8ms Image
text/plain 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.beyondtrust.com/_Incapsula_Resource?SWKMTFSR=1&e=0.2864881791530527

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 bootstrap Show response
www.beyondtrust.com/api/ 128 B
341 B 1264ms
1261ms Fetch
application/json 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/api/bootstrap

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/onetrust.d82a099580541b6df4eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b4f58ad3a1f5a5930f99c02b80950cb90c30c3f34d00194510c6149de11465e9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-cdn: Imperva
via: 1.1 f5af2731a86629973e69564f824d95be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3363640 PNNN RT(1720596874763 1688) q(0 0 0 -1) r(13 13) U24
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/json
cache-control: no-cache, no-store, must-revalidate
x-amz-cf-id: h6fDYqvgh9djhT8r95DcMdaDnDbOfmQWVPzdcUIZDHdZoqdzjkQKnQ==

GET
H2 200 gsap-core.chunk.81b6e6fb66a79bd2c531.js Show response
assets.beyondtrust.com/assets/js/ 68 KB
27 KB 458ms
458ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/gsap-core.chunk.81b6e6fb66a79bd2c531.js

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/gsap.4afa102b8ba60e4a6987.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

820067a89ea4d8b098ccb054dae03af7f195f98147e36939211b72981f4526a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
x-amz-version-id: RGNRCWN4oRkFlKwTBpcEMTfST.IYqBGk
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"5fc21f3b1025a078bf7ff1dffdb9f274"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: ef7EuXYhWs-MOKEPnUXJSaVILj4n5N13HZ6Yf6rJlZgJl3HYBsmTHA==

GET
H2 200 json Show response
www.beyondtrust.com/actions/blitz/csrf/ 308 B
711 B 1103ms
1102ms Fetch
application/json 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/actions/blitz/csrf/json

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

322b7b45bd431c50c39299873209b79ce19e2a786719881ea3117cdb0ef5818a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-cdn: Imperva
via: 1.1 ca751e0315de05e656597e32136af94e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3364009 NNNY CT(2 4 0) RT(1720596874763 1805) q(0 0 0 -1) r(0 11) U24
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
x-robots-tag: none
x-amz-cf-id: nZgg2I3n-tkIAJ3iY_2JZ2ioc0-hMy33jM7p7nfE5q9unxKtXAMWWQ==

GET
H2 200 get Show response
www.beyondtrust.com/actions/blitz/templates/ 2 KB
900 B 1271ms
1271ms Fetch
text/html 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/actions/blitz/templates/get?template=e5f7789edc0523f6a052b16cb5e1d76e1b1fc16d912bd012b930720af08c2d78_partials%2Fannouncement-bar.twig&params%5Bsegment%5D=blog&siteId=1

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a7b3edaf63d596b6ed1d6cec022b06bc5af251f6d6633ff6af53ba2c4214b6e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-cdn: Imperva
via: 1.1 f5af2731a86629973e69564f824d95be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3364011 NNNY CT(1 4 0) RT(1720596874763 1807) q(0 0 0 -1) r(0 13) U24
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
x-robots-tag: none
x-amz-cf-id: oKJzJfBRpmROI_KGoH9I3vjNKd3seiktdaUD-GpTJhyZbs9Aezfpbg==

GET
H2 200 get Show response
www.beyondtrust.com/actions/blitz/templates/ 0
299 B 1247ms
1247ms Fetch
text/html 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/actions/blitz/templates/get?template=736375cc193d63581884d0361b37df819e3c51b814ad9c2bd6d216d3a390de7f_partials%2Fadmin-tools&params%5BfromElId%5D=70801&params%5BpathInfo%5D=blog%2Fentry%2Faddressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing&siteId=1

Requested by

Host: www.beyondtrust.com
URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-cdn: Imperva
via: 1.1 6b15a9d1514a5645abfd43cbf330ce48.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3364013 NNNY CT(1 4 0) RT(1720596874763 1809) q(0 0 0 -1) r(0 13) U24
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
x-robots-tag: none
x-amz-cf-id: yMaexVwu6OP4-q3qjhlNqHt0c1yUjETu8nqYu_rmNUxJLY9I4pm2fw==

GET
H2 200 render Show response
www.beyondtrust.com/actions/sprig-core/components/ 3 KB
2 KB 1331ms
1331ms XHR
text/html 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/actions/sprig-core/components/render?EmailAddress=&MiddleName=&FavoriteColor=&FormVariation=EO&RedirectURL=https%3A%2F%2Fwww.beyondtrust.com%2Fnewsletter-thank-you&elqFormName=NewsletterSignUp&LeadSource=Online%20Contact%20Form&Language=English&LandingPageURL=https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Faddressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing&LeadSourceDetails=Blog%20Newsletter%20Sign%20Up&elqCustomerGUID=&elqFormNameOverride=&SFCampaignID=&integrity=830647efb211b4d53f9bb0031f85dc954880833e609d2266ddbb9aaf56887ceb&sprig%3AsiteId=4724aa87e6cd4eba14b4831a388ec4e77995f371bd9b942d8f5bb278d1884baa1&sprig%3Atemplate=efd0cc3af99a768942f267edc3dab69ab33c40c35342ce844939fca4b8b515b2_partials%2Fforms%2Fsubscribe-blog&sprig%3Acomponent=026156cecdf9761d6f58e98ffe0e425e9b87293db4c20deda2cdac877929c11e&sprig%3Avariables%5BfieldLanguage%5D=c76014d74443249aecdccc82a404bfa0411eb6b114f28bba76054fdeedd82b5cEnglish&sprig%3Avariables%5BfieldLandingPageURL%5D=848ba819818a4189d33ed147bcf9be291227c35c1ef06df7e64a797f52c601adhttps%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Faddressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing&sprig%3Avariables%5BfieldSFCampaignID%5D=026156cecdf9761d6f58e98ffe0e425e9b87293db4c20deda2cdac877929c11e&sprig%3Avariables%5BfromElId%5D=0a3cdbdc339b81d0e1d08c14f64d9cbefa785b4d9ff08b67d31075b2ea16675070801

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/htmx.1659814d97309fade3ec.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

9229b630e47a9cb44f7cd56dac6012151b38053c3f34ae6c6112981ad75a6ea6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
HX-Trigger: component-sfhqug
HX-Request: true
HX-Target: component-sfhqug
HX-Current-URL: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:37 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-cdn: Imperva
via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3364020 NNNY CT(1 3 0) RT(1720596874763 1819) q(0 0 0 -1) r(0 14) U24
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
x-robots-tag: none
x-amz-cf-id: JB2QarfOftMQHx8JMoB36_fzl9uR6dxIxg7zdZYN-sH2qeGYFNXaFg==

GET
H2 200 gsap-scrolltrigger.chunk.b539c8459cd41e586d87.js Show response
assets.beyondtrust.com/assets/js/ 41 KB
17 KB 457ms
457ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/gsap-scrolltrigger.chunk.b539c8459cd41e586d87.js

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/gsap.4afa102b8ba60e4a6987.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

844a3d08ff37107177091f8d7de2fd11c0d8150c827e063176fddf43eb8de598

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:38 GMT
x-amz-version-id: LsrP86oyI3XtP61eRobVh9N4J1h7t9wq
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"822e806d9fc29b45eb5f6a36082c1126"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: cHVfSFXDSsF57acaSKJLGS4xrvMt8mxAfrbigYVJodb8neDOlabFdg==

GET
H2 200 token.chunk.f40562bf7fff6541680e.js Show response
assets.beyondtrust.com/assets/js/ 3 KB
2 KB 453ms
453ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/token.chunk.f40562bf7fff6541680e.js

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/onetrust.d82a099580541b6df4eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d961f3364796ba057ac0ca7e9e0ea0c4d7a688583ce76495714197031f2a1d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:39 GMT
x-amz-version-id: plpIQBIPzIHOab8GTuxugWjeJtt0s5ks
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:21 GMT
server: AmazonS3
etag: W/"c5b66d24269691efc092a8698c119578"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: YaG4S3GJiFHtoT_GvGVUpXXWzjGrbVWE5LqTal6FCBKorKTrN5EYzQ==

GET
H2 200 gsap-scrollto.chunk.920c574037926bd4a895.js Show response
assets.beyondtrust.com/assets/js/ 4 KB
2 KB 466ms
466ms Script
application/javascript 143.204.215.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.beyondtrust.com/assets/js/gsap-scrollto.chunk.920c574037926bd4a895.js

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/gsap.4afa102b8ba60e4a6987.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-128.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f3ce5d4037de798232901437cfa9a0ea8a2dadb16bc7951aec32efc48cc43f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:39 GMT
x-amz-version-id: bBBJq994C21Eja4RlhDEDXBGFPmk5nQY
content-encoding: br
x-content-type-options: nosniff
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Jul 2024 15:20:20 GMT
server: AmazonS3
etag: W/"9aa935e3c9dc308e5a84eaec6f21ff89"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: sJip2ucYEGiacDnKNRJ9a_6jxOzB7uMLbmcMzJ5vDP4QdhYH9mxH7g==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 70ms
27ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: assets.beyondtrust.com
URL: https://assets.beyondtrust.com/assets/js/onetrust.d82a099580541b6df4eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XOljGHrVMK6J8mT+Nl48OQ==
age: 57586
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jul 2024 18:08:04 GMT
server: cloudflare
etag: 0x8DC9F78E9C772EC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d7e1803d-b01e-00d2-1967-d12dd2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf58fce4655b-AMS
expires: Wed, 10 Jul 2024 15:34:52 GMT

GET
H2 200 4d74ef31-4793-4a8f-b93e-c3cf5996df9e.json Show response
cdn.cookielaw.org/consent/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/ 5 KB
2 KB 70ms
43ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/4d74ef31-4793-4a8f-b93e-c3cf5996df9e.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759401d428c00659738bc79edfed23215b980683b223903cf0d4f74356716393

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 39307
content-md5: vis5F2GQBuLTYC7p5ZakeQ==
content-length: 1787
x-ms-lease-status: unlocked
last-modified: Fri, 28 Jun 2024 15:32:18 GMT
server: cloudflare
etag: 0x8DC97877EC0A4F1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3362cd37-f01e-00b3-1b70-c9690d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf595fa9b975-AMS
expires: Thu, 11 Jul 2024 07:34:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 333 KB
107 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5W4QD38R5C&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-88RX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9b12b539ad90d32a7b82012db792addf0af1838e38a4a2ec14417e75bf41730b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108990
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 10 Jul 2024 07:34:38 GMT

GET
H2 200 favicon.png
www.beyondtrust.com/ 5 KB
5 KB 46ms
46ms Other
image/png 45.60.65.64
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.beyondtrust.com/favicon.png?v=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.64 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

db05d158fa0162dc4b727dfc139aeb1bba7986443312c8a39149352332507da4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:38 GMT
content-security-policy: frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
x-cdn: Imperva
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
x-iinfo: 4-3363635-3364020 PNNy RT(1720596874763 3499) q(0 0 0 -1) r(0 0) U24
content-length: 4975
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 16 Feb 2023 17:22:32 GMT
etag: "63ee6658-136f"
x-frame-options: sameorigin
content-type: image/png
cache-control: max-age=315360000, no-cache, no-store, must-revalidate
accept-ranges: bytes
x-amz-cf-id: upSp3eFJ7AM2m4whoMhDLYCEuKaS1p_5QP7vTIssKHFWUo3gWSnH1g==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
303 B 65ms
35ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a0edf59dbff1cb3-AMS
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202404.1.0/ 448 KB
109 KB 26ms
26ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49cfbb9c8b20fbaab3a11bcecb48fb8448e617a746fa578baca0dc71a7e06540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: lAa4newgeifCObgQn9TUrg==
age: 62692
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 111087
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2024 01:45:16 GMT
server: cloudflare
etag: 0x8DC89B824C49CB5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 317d4a18-c01e-0070-0e08-bc32ad000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5a1e4a655b-AMS

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/018f71f4-d281-7333-a698-1ebca340b20d/ 146 KB
26 KB 43ms
43ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/018f71f4-d281-7333-a698-1ebca340b20d/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b6cd1a3103782718c06a5c577deef33956c24305e5df8ccbee3ea8c2306b35a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 39306
content-md5: jsqqAgSlsq3DerqXZ7r3xA==
content-length: 26844
x-ms-lease-status: unlocked
last-modified: Fri, 28 Jun 2024 15:32:21 GMT
server: cloudflare
etag: 0x8DC9787808C83BD
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 0f71a734-701e-002a-2170-c9e6cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5a6971b975-AMS
expires: Thu, 11 Jul 2024 07:34:38 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/ 13 KB
3 KB 26ms
25ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: CeHoS/yftP1uT8S/ram0PA==
age: 72548
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2024 01:45:09 GMT
server: cloudflare
etag: 0x8DC89B82072D3A9
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4fd8e9f5-201e-0035-0d00-bcef3c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5ac9ecb975-AMS

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/v2/ 62 KB
13 KB 31ms
30ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3acd5c9271c2cd33f5135df43ae4c574e4d524282e5322137b77cdb4a5524bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Uk7SEJlbISSu9jHcSH0bhA==
age: 72548
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12755
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2024 01:45:11 GMT
server: cloudflare
etag: 0x8DC89B8220E6D67
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c6934867-801e-005e-3438-bcb26a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5ac9efb975-AMS

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/ 5 KB
2 KB 27ms
27ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fmcR8NS76TPR6KsfrStuHw==
age: 75310
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1738
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2024 01:45:11 GMT
server: cloudflare
etag: 0x8DC89B821B92DD8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9b3c1f79-a01e-0060-7938-bc044b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5ac9f2b975-AMS

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/ 24 KB
4 KB 28ms
28ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 4ErYmXXFNbMLrnc9DrDTsg==
age: 75310
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jun 2024 01:45:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: ceb3a01e-d01e-0002-2138-bc4393000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a0edf5ac9f3b975-AMS

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 29ms
29ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 49180
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jul 2024 18:08:06 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 9f3d162a-b01e-005a-2faf-d1950b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a0edf5b1f67655b-AMS

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 32ms
31ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 46901
x-ms-lease-status: unlocked
last-modified: Mon, 08 Jul 2024 18:08:06 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: e838c3ab-c01e-0055-6388-d178fd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a0edf5b1a58b975-AMS

GET
H2 200 bt-logo.png
cdn.cookielaw.org/logos/9d02375e-bcb4-4f9a-bbde-9e5b1b7d7a05/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/b77c1e43-1612-4b2b-8cdd-c2c6d942921f/ 9 KB
9 KB 28ms
27ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/9d02375e-bcb4-4f9a-bbde-9e5b1b7d7a05/4d74ef31-4793-4a8f-b93e-c3cf5996df9e/b77c1e43-1612-4b2b-8cdd-c2c6d942921f/bt-logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff7f6cfc43c723691c593497629332431dd1c2110164340284f03c9899ab2ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 7/AO3dKQ8BVAj7/pJaSQDQ==
age: 75310
content-length: 9544
x-ms-lease-status: unlocked
last-modified: Tue, 30 Apr 2024 17:47:29 GMT
server: cloudflare
etag: 0x8DC693D9B4B9022
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 2e39f3ba-101e-0014-5c9b-9f820d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a0edf5b3f94655b-AMS

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 33ms
33ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 10 Jul 2024 07:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 44124
x-ms-lease-status: unlocked
last-modified: Tue, 09 Jul 2024 07:43:02 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: def878a2-f01e-00fc-4c33-d2ad15000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8a0edf5b3f96655b-AMS

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 39ms
16ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5W4QD38R5C&gtm=45je4730v876168764z8536954za200zb536954&_p=1720596875899&gcs=G100&gcd=13p3pPp2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&cid=1428108118.1720596882&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1720596878&sct=1&seg=0&dl=https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Faddressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing&dt=Using%20Application%20Control%20to%20Prevent%20Malware%20%26%20LoTL%E2%80%A6%20%7C%20BeyondTrust&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7092&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5W4QD38R5C&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.beyondtrust.com/blog/entry/addressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jul 2024 07:34:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.beyondtrust.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.beyondtrust.com/	1970-01-21 06:41:40	Name: visid_incap_2282671 Value: POcy1XqqQ5OzmqwbI+/Y8Yo5jmYAAAAAQUIPAAAAAAC9ApvlFfvMVVj0OYa7L7pk
.beyondtrust.com/	1969-12-31 23:59:59	Name: nlbi_2282671 Value: AZW2A42wWjNWLfoN3YvRTgAAAAA4lTyLOWNt9csZH2CvKRNO
.beyondtrust.com/	1969-12-31 23:59:59	Name: incap_ses_474_2282671 Value: 50W4H4wGuXKBTQDAgfyTBos5jmYAAAAAaHYf8hrFdVktm4MGBSpXmw==
www.beyondtrust.com/	1969-12-31 23:59:59	Name: BT_CSRF Value: 32b5cbe98b44be1354dccf4f30d500a8ed1d695b7dfb6d64cd01c01be61f887ba%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22BT_CSRF%22%3Bi%3A1%3Bs%3A40%3A%22_x_RDk39-6swFdtD61Oqw0u-PBlhT6w7bmZr08Ly%22%3B%7D
.beyondtrust.com/	1970-01-21 06:42:12	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Jul+10+2024+09%3A34%3A38+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202404.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=14108448-63fb-4384-8c03-0d62c124652d&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Faddressing-malware-threat-actors-lotl-threats-with-application-control-allow-deny-listing&groups=C0004%3A0%2CC0002%3A0%2CC0001%3A1%2CC0003%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://.facebook.com https://.facebook.net https://.googletagmanager.com https://.btdevops.io https://.wistia.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.beyondtrust.com
cdn.cookielaw.org
geolocation.onetrust.com
region1.google-analytics.com
www.beyondtrust.com
www.googletagmanager.com
143.204.215.128
2001:4860:4802:34::36
2606:4700:4400::ac40:9b77
2606:4700::6813:b134
2a00:1450:4001:813::2008
45.60.65.64
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
0c1d55e4d0d5ca5c6b23e4c8493106e518db21e90a1cbf48519d300f78e24cda
0d78dafae42cd9916deabdb87d64b19f971412de7e8b43535ba03530ef59a6be
1c56a71e788eba733ec48ac262e1ff5758fc626249efbaaadf2a2bdf3bc54db1
1e670600b79ac1d1112242d4bc752f9f459cc41ecf75b831979135fce11c4a47
219d6711d995434c628617ecc506acfe05c746305df40c9a94036a67fb9ae22d
22e811e42ec8b4d3bb46d2b2872ab6234e91830014acd7c06a51d3fbcc220f8d
29db2e34c0dd1aba7b3c5f3c4e22b81d7a530bf752d1e0c998368c6604cb1274
322b7b45bd431c50c39299873209b79ce19e2a786719881ea3117cdb0ef5818a
3acd5c9271c2cd33f5135df43ae4c574e4d524282e5322137b77cdb4a5524bb4
3c32a6b5ae3d6441b6db199d790123079eb0f8df6b2fa561d7bd7aa70cbcb685
435100ee819f3b348a81dfab7da99245ed06a9740e55430c8abf73400bdabed9
47f57f9054b85feb38d51e04c1315c41fc2f6de43d2981bad7fedef54acfee41
49cfbb9c8b20fbaab3a11bcecb48fb8448e617a746fa578baca0dc71a7e06540
51085959f12dfa555f08f1d052c7e416b0385757f8217345682594a040d4bda9
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
62be6485dd7247a0663633ec4127f4b5b6c3490ad51739114b3f97441e258934
65e9183cd9845819cd4b6fb473b1d461907542fb5fa0f00ed3db2a5a6b959672
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
720b6aa633cf185be6a010720a7f7c1ba8d43fe2dc6c210bded51cf6c2f3fd79
759401d428c00659738bc79edfed23215b980683b223903cf0d4f74356716393
781812c39edf8c9e2a8487d56d2a25f317f07eea87f741cfd4978e528a9b8547
7b6cd1a3103782718c06a5c577deef33956c24305e5df8ccbee3ea8c2306b35a
7f610b1d6e3e144bf4c6c6bafe29f6fba3ed341514693d2731eba78a30c9405a
80ffb53a161408c526f20d32ed250b558ca93be1473beeb71ca2199b59914c45
820067a89ea4d8b098ccb054dae03af7f195f98147e36939211b72981f4526a2
844a3d08ff37107177091f8d7de2fd11c0d8150c827e063176fddf43eb8de598
8f5232daa0119ea721d2ccf21ef5ebf34efca3cb9ca7c944ce877f9c059f680b
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9229b630e47a9cb44f7cd56dac6012151b38053c3f34ae6c6112981ad75a6ea6
9b12b539ad90d32a7b82012db792addf0af1838e38a4a2ec14417e75bf41730b
a55e7553fdd0e8b8434e04b469a20df6018b6006e8c9c6fd214221f07fd158a0
a7b3edaf63d596b6ed1d6cec022b06bc5af251f6d6633ff6af53ba2c4214b6e6
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b4f58ad3a1f5a5930f99c02b80950cb90c30c3f34d00194510c6149de11465e9
b5dc38ad0fa67c87ebd3a67691bf10c969d9fb63a995e5ca36a823348ddb6c2b
bdd9f0db5e8d5830054007dc42538b7dabb83bb900acf346dad46b748c2d3a05
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c84f486df4e0e2308b5ebd7129e8a34546d528107751bbbf092dda024158dac9
c94a9ed8284a43cd90a1fc1b53b43375b5c6627c2cbdde9a837854507c024ce6
ce39f0fb9180baa3a4b350b299e5550916e0f182dc7ba3222e0142e9770f5e66
d7fbbd9ef86218eab91bb6f00e4b5b9f1e23103d77705f26906ba60ebd474d50
d961f3364796ba057ac0ca7e9e0ea0c4d7a688583ce76495714197031f2a1d0c
db05d158fa0162dc4b727dfc139aeb1bba7986443312c8a39149352332507da4
dd89d6908e197bf255dfcaaa7d48923d656b74301d0fb7c7593a9245bea9f6dd
df087172494e330b0026a7601135805261f4032275ac4367e9f94daa8542f1fb
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74ea62e94b2d9b6542e88996fe814376518220e49152ad498b7d4cb82566f38
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f232bd93de549b09972f686c181d38d8aa393907668b4ea1e8552a930f25af92
f3ce5d4037de798232901437cfa9a0ea8a2dadb16bc7951aec32efc48cc43f37
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8d7f11cd6d7263ca29b2b550d24961d4df16526e54a78ce101a851f9a2d3667
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f9812f4a5939021acc1b40980b70a219734c9e8d4d753f02b8852029de7fdb1e
ff7f6cfc43c723691c593497629332431dd1c2110164340284f03c9899ab2ff1

www.beyondtrust.com Open in urlscan Pro 45.60.65.64 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

2 Countries

792 kBTransfer

2519 kBSize

5 Cookies

7 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.beyondtrust.com Open in urlscan Pro
45.60.65.64 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

792 kB
Transfer

2519 kB
Size

5
Cookies

63 HTTP transactions
1 data transactions