www.netscout.com Open in urlscan Pro
2606:4700::6811:2b40 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.netscout.com/blog/asert/lucifers-spawn
Submission: On August 20 via api (August 20th 2020, 6:48:40 pm UTC) from US

Summary HTTP 117 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 34 domains to perform 117 HTTP transactions. The main IP is 2606:4700::6811:2b40, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.netscout.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 23rd 2020. Valid for: 2 years.

This is the only time www.netscout.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	2606:4700::68... 2606:4700::6811:2b40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.201.125.192 35.201.125.192	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:e8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.113.181 151.101.113.181	54113 (FASTLY) (FASTLY)
5	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.153.179 35.244.153.179	15169 (GOOGLE) (GOOGLE)
14	2600:9000:21f... 2600:9000:21f3:c400:0:f267:a5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.190.5.192 35.190.5.192	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
3	147.75.102.203 147.75.102.203	54825 (PACKET) (PACKET)
1 2	216.58.212.134 216.58.212.134	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	52.70.66.29 52.70.66.29	14618 (AMAZON-AES) (AMAZON-AES)
2	104.109.95.62 104.109.95.62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.226.155.118 13.226.155.118	16509 (AMAZON-02) (AMAZON-02)
5	104.111.239.158 104.111.239.158	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.226.146.155 13.226.146.155	16509 (AMAZON-02) (AMAZON-02)
1	18.196.83.230 18.196.83.230	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	13.226.155.74 13.226.155.74	16509 (AMAZON-02) (AMAZON-02)
3	192.28.144.84 192.28.144.84	15224 (OMNITURE) (OMNITURE)
1 2	52.204.197.76 52.204.197.76	14618 (AMAZON-AES) (AMAZON-AES)
1	35.244.245.222 35.244.245.222	15169 (GOOGLE) (GOOGLE)
1	13.226.155.66 13.226.155.66	16509 (AMAZON-02) (AMAZON-02)
1	34.95.105.148 34.95.105.148	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
2	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 2	23.20.93.44 23.20.93.44	14618 (AMAZON-AES) (AMAZON-AES)
1	13.226.155.88 13.226.155.88	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	54.194.207.225 54.194.207.225	16509 (AMAZON-02) (AMAZON-02)
1	34.240.23.145 34.240.23.145	16509 (AMAZON-02) (AMAZON-02)
1	34.205.107.148 34.205.107.148	14618 (AMAZON-AES) (AMAZON-AES)
117	43

22 2606:4700::6811:2b40 (United States)

ASN13335 (CLOUDFLARENET, US)

www.netscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 192.125.201.35.bc.googleusercontent.com

cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:e8b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.datatables.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.94.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-ab15.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.153.179 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 179.153.244.35.bc.googleusercontent.com

ixfd-api.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:21f3:c400:0:f267:a5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

marvel-b1-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.5.192 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 192.5.190.35.bc.googleusercontent.com

cdn.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.102.203 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress15

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.134 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f6.1e100.net

9460942.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.70.66.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-66-29.compute-1.amazonaws.com

pixel-prod.sprinklr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.95.62 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-95-62.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.118 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-118.dus51.r.cloudfront.net

consent.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.111.239.158 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-158.deploy.static.akamaitechnologies.com

abrtp1-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.146.155 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-146-155.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.83.230 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-83-230.eu-central-1.compute.amazonaws.com

j.mrpdata.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:22::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.155.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-74.dus51.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.28.144.84 (United States)

ASN15224 (OMNITURE, US)

abrtp1.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.204.197.76 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-197-76.compute-1.amazonaws.com

vff6132.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.245.222 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 222.245.244.35.bc.googleusercontent.com

so.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.66 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-66.dus51.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.105.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.105.95.34.bc.googleusercontent.com

a.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

513-uxa-533.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
082-kna-087.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.20.93.44 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-93-44.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.155.88 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-88.dus51.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.207.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-207-225.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.240.23.145 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-23-145.eu-west-1.compute.amazonaws.com

ws2.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.205.107.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-107-148.compute-1.amazonaws.com

ff.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	netscout.com www.netscout.com	2 MB
16	bc0a.com cdn.bc0a.com ixfd-api.bc0a.com marvel-b1-cdn.bc0a.com	776 KB
13	marketo.com app-ab15.marketo.com abrtp1-cdn.marketo.com rtp-static.marketo.com abrtp1.marketo.com	195 KB
5	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com ws2.hotjar.com	76 KB
4	d41.co 1 redirects vff6132.d41.co cdn-0.d41.co ff.d41.co	4 KB
4	google-analytics.com 1 redirects www.google-analytics.com	52 KB
4	gstatic.com fonts.gstatic.com	36 KB
4	addthis.com s7.addthis.com m.addthis.com	190 KB
3	trustarc.com consent.trustarc.com consent-pref.trustarc.com	22 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	doubleclick.net 2 redirects 9460942.fls.doubleclick.net stats.g.doubleclick.net	848 B
2	facebook.com www.facebook.com	308 B
2	leadlander.com 1 redirects tracking.leadlander.com	423 B
2	mktoresp.com 513-uxa-533.mktoresp.com 082-kna-087.mktoresp.com	622 B
2	marketo.net munchkin.marketo.net	7 KB
2	sprinklr.com pixel-prod.sprinklr.com	16 KB
2	facebook.net connect.facebook.net	166 KB
2	b0e8.com cdn.b0e8.com a.b0e8.com	22 KB
2	vidyard.com play.vidyard.com	25 KB
2	datatables.net cdn.datatables.net	31 KB
1	google.de www.google.de	106 B
1	google.com 1 redirects www.google.com	175 B
1	rlcdn.com so.rlcdn.com
1	t.co t.co	448 B
1	addthisedge.com v1.addthisedge.com	893 B
1	mrpdata.net j.mrpdata.net	266 B
1	adsrvr.org js.adsrvr.org	2 KB
1	truste.com consent.truste.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	moatads.com z.moatads.com	1 KB
1	googletagmanager.com www.googletagmanager.com	58 KB
1	googleapis.com fonts.googleapis.com	901 B
0	zoominfo.com Failed ws.zoominfo.com Failed
117	34

	Domain	Requested by
22	www.netscout.com	www.netscout.com www.googletagmanager.com
14	marvel-b1-cdn.bc0a.com	www.netscout.com
5	app-ab15.marketo.com	www.netscout.com app-ab15.marketo.com
4	rtp-static.marketo.com	abrtp1-cdn.marketo.com
4	www.google-analytics.com	1 redirects www.googletagmanager.com www.google-analytics.com www.netscout.com
4	fonts.gstatic.com	fonts.googleapis.com
3	abrtp1.marketo.com	abrtp1-cdn.marketo.com
3	s7.addthis.com	www.netscout.com s7.addthis.com
2	www.facebook.com	www.netscout.com connect.facebook.net
2	tracking.leadlander.com	1 redirects www.netscout.com
2	vff6132.d41.co	1 redirects cdn-0.d41.co
2	consent.trustarc.com	consent.truste.com www.netscout.com
2	px.ads.linkedin.com	1 redirects www.netscout.com
2	munchkin.marketo.net	www.netscout.com munchkin.marketo.net
2	pixel-prod.sprinklr.com	www.netscout.com
2	connect.facebook.net	www.netscout.com connect.facebook.net
2	9460942.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	play.vidyard.com	www.netscout.com
2	cdn.datatables.net	www.netscout.com
1	ff.d41.co	www.netscout.com
1	ws2.hotjar.com	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	consent-pref.trustarc.com	consent.trustarc.com
1	082-kna-087.mktoresp.com	munchkin.marketo.net
1	513-uxa-533.mktoresp.com	munchkin.marketo.net
1	vars.hotjar.com	static.hotjar.com
1	www.google.de	www.netscout.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	a.b0e8.com	www.netscout.com
1	cdn-0.d41.co	www.netscout.com
1	so.rlcdn.com	www.netscout.com
1	t.co	www.netscout.com
1	script.hotjar.com	static.hotjar.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	www.linkedin.com	1 redirects
1	j.mrpdata.net	www.netscout.com
1	js.adsrvr.org	www.googletagmanager.com
1	abrtp1-cdn.marketo.com	www.netscout.com
1	consent.truste.com	www.netscout.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	cdn.b0e8.com	www.netscout.com
1	z.moatads.com	s7.addthis.com
1	www.googletagmanager.com	www.netscout.com
1	ixfd-api.bc0a.com	cdn.bc0a.com
1	fonts.googleapis.com	www.netscout.com
1	cdn.bc0a.com	www.netscout.com
0	ws.zoominfo.com Failed	www.netscout.com
117	51

This site contains links to these domains. Also see Links.

Domain
my.netscout.com
ir.netscout.com
videos.netscout.com
support.arbornetworks.com
unit42.paloaltonetworks.com
gist.github.com
twitter.com
www.linkedin.com
www.instagram.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
www.netscout.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-23` - `2022-04-26`	2 years	crt.sh
cdn.bc0a.com GTS CA 1D2	`2020-07-04` - `2020-10-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-29` - `2021-07-29`	a year	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-07-22` - `2021-10-13`	a year	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
app-ab15.marketo.com Cloudflare Inc ECC CA-3	`2020-07-05` - `2021-07-05`	a year	crt.sh
*.bc0a.com DigiCert SHA2 Secure Server CA	`2019-11-07` - `2021-01-05`	a year	crt.sh
marvel-cdn.bc0a.com Amazon	`2020-04-08` - `2021-05-08`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
cdn.b0e8.com GTS CA 1D2	`2020-06-29` - `2020-09-27`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-08-16` - `2020-11-14`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.sprinklr.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.truste.com Go Daddy Secure Certificate Authority - G2	`2018-01-26` - `2021-03-06`	3 years	crt.sh
*.marketo.com DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.mrpdata.net Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-08-17` - `2020-11-15`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.d41.co DigiCert SHA2 High Assurance Server CA	`2019-04-02` - `2021-04-13`	2 years	crt.sh
b0e8.com GTS CA 1D2	`2020-08-18` - `2020-11-16`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-08-15` - `2020-11-13`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2020-04-28` - `2022-04-28`	2 years	crt.sh
*.hotjar.com Amazon	`2019-09-27` - `2020-10-27`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.netscout.com/blog/asert/lucifers-spawn
Frame ID: 52E7F16D5BC1FA5DB7F357F9C7D2E32C
Requests: 111 HTTP requests in this frame

Frame: https://9460942.fls.doubleclick.net/activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn
Frame ID: 8128A765DAAA45DD974A4AF2D62D4418
Requests: 1 HTTP requests in this frame

Frame: https://app-ab15.marketo.com/index.php/form/XDFrame
Frame ID: C62A72CCED0614A5D92F1878FC7134D8
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4FF5CBB199B3A59837EC436B7C3974AD
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 0893776FB7BEFB6461A2D038BCF6E8E4
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: A4859406D9B1FF43175B96226C117B7F
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=netscout&site=netscout.com&action=notice&country=dk&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
Frame ID: 06C9EC7F05E99F9C63C30BBABE85E856
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers expires /19 Nov 1978/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

117
Requests

89 %
HTTPS

36 %
IPv6

34
Domains

51
Subdomains

43
IPs

7
Countries

3663 kB
Transfer

10353 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://my.netscout.com/
Title: Mynetscout

Search URL Search Domain Scan URL

URL: https://ir.netscout.com/
Title: For Investors

Search URL Search Domain Scan URL

URL: https://videos.netscout.com/watch/yXPEwGpu47noBb772V1CqA
Title: Overcoming 5G Network Challenges With Smart Visibility

Search URL Search Domain Scan URL

URL: https://videos.netscout.com/watch/tdhyD1A4yPjkfqvduaCuMA
Title: Drive business decisions With Smart Data insights

Search URL Search Domain Scan URL

URL: http://support.arbornetworks.com/
Title: My.Arbor

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
Title: Unit42

Search URL Search Domain Scan URL

URL: https://gist.github.com/0xd0cf11e/e256a0e80e0076c8d2cc66c7651fd89f
Title: https://gist.github.com/0xd0cf11e/e256a0e80e0076c8d2cc66c7651fd89f

Search URL Search Domain Scan URL

URL: https://twitter.com/NETSCOUT
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/netscout
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.instagram.com/netscoutinc/?hl=en
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NETSCOUTinc
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCDHjK6_cTdEYqoddyzMFi5A
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://9460942.fls.doubleclick.net/activityi;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn HTTP 302
https://9460942.fls.doubleclick.net/activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn

Request Chain 74

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27243%26url%3Dhttps%253A%252F%252Fwww.netscout.com%252Fblog%252Fasert%252Flucifers-spawn%26time%3D1597949285353%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353&liSync=true

Request Chain 92

https://vff6132.d41.co/sync/ HTTP 302
https://so.rlcdn.com/400906.gif?cparams=cparams%3D578aef3b0be748678f00022c5a4a42cd-410aa8720b74464ba27399ba3f1fac66-1-382

Request Chain 95

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=2050344691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&ul=en-us&de=UTF-8&dt=Lucifer%E2%80%99s%20Spawn%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAAEADQ~&jid=1368233859&gjid=629941699&cid=1988117878.1597949285&tid=UA-231177-6&_gid=1971318228.1597949285&_r=1&gtm=2wg8c0WSK2TN&cd9=1988117878.1597949285&cd11=20200820%7C01697818&cd12=20%3A48%3A06&z=175213306 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_gid=1971318228.1597949285&gjid=629941699&_v=j83&z=175213306 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306&slf_rd=1&random=845736071

Request Chain 103

https://tracking.leadlander.com/api/tracking?accountId=29078&page=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&referer=&fp=f10d44237416b9907b2c88ae232a9574 HTTP 302
https://tracking.leadlander.com/tracking.png

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request lucifers-spawn Show response
www.netscout.com/blog/asert/ 174 KB
33 KB 55ms
32ms Document
text/html 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf58246fa71ff52213ed0fdc3a84093487d9255f8d986535af1c4bd6f7b21572

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.netscout.com
:scheme: https
:path: /blog/asert/lucifers-spawn
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 20 Aug 2020 18:48:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d28b26d695af1e055377637b7ae3270311597949284; expires=Sat, 19-Sep-20 18:48:04 GMT; path=/; domain=.netscout.com; HttpOnly; SameSite=Lax; Secure
cache-control: max-age=31536000, public
x-drupal-dynamic-cache: UNCACHEABLE
link: <https://www.netscout.com/blog/asert/lucifers-spawn>; rel="canonical" <https://www.netscout.com/blog/asert/lucifers-spawn>; rel="alternate"; hreflang="en" <https://www.netscout.com/blog/asert/lucifers-spawn>; rel="revision"
x-ua-compatible: IE=edge IE=edge
content-language: en
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 20 Aug 2020 15:07:13 GMT
x-generator: Drupal 8 (https://www.drupal.org)
content-security-policy: default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
x-drupal-cache: HIT
x-request-id: v-de7fcc96-e2f6-11ea-95af-8b3e3f91fc2a
x-ah-environment: prod
age: 5909
via: varnish
vary: Cookie,Accept-Encoding
x-cache: HIT
x-cache-hits: 85
cf-cache-status: HIT
cf-request-id: 04aecc28e400000ebb10208200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c5e4954acbd0ebb-FRA
content-encoding: br

GET
H2 200 autopilot_sdk.js Show response
cdn.bc0a.com/autopilot/f00000000205858/ 40 KB
14 KB 287ms
198ms Script
application/javascript 35.201.125.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bc0a.com/autopilot/f00000000205858/autopilot_sdk.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.125.192 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 192.125.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 5244e8be9b318067ed3230ec95fea683afc4485741a3dc4a962d18a2a23f7437

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-meta-marvel_enabled: true
content-encoding: gzip
age: 0
x-guploader-uploadid: AAANsUlV2jhhMqXpRnGLZj_ofNmy5Iy_Q-U68IrVQBFkGQQDBAzwD9djwxo8HlpF6IYxKqL55oBw3azCMtA78ZUFvA
status: 200
x-goog-meta-sdk_canonical_host
x-goog-meta-sdk_whitelist: ixf
x-goog-stored-content-encoding: gzip
x-goog-meta-publishingdate: 2020-08-06 20:18:58
x-goog-meta-sdk_canonical_protocol
etag: "c0e4b6649b99cd04ab4e7ae8d9310536"
vary: Accept-Encoding
x-goog-generation: 1596745138329175
content-language: en
access-control-allow-origin: *
x-goog-meta-custom: true
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-meta-spa: false
expires: Thu, 20 Aug 2020 19:48:04 GMT
x-goog-meta-sdk_version: 1.3.0
date: Thu, 20 Aug 2020 18:48:04 GMT
x-goog-meta-sdk_account_id: f00000000205858
x-goog-meta-sdk_request_parameters_case_sensitive: false
x-goog-meta-marvel_config_consistency_custom: {"data-customerid":"f00000000205858"}
x-goog-storage-class: MULTI_REGIONAL
x-goog-meta-marvel_customer_id
x-goog-metageneration: 3
alt-svc: clear
content-length: 13837
x-goog-meta-sdk_log_level: 2
last-modified: Thu, 06 Aug 2020 20:18:58 GMT
server: UploadServer
x-goog-hash: crc32c=yhBTEA==, md5=wOS2ZJuZzQSrTnro2TEFNg==
x-goog-stored-content-length: 13837
accept-ranges: bytes
content-type: application/javascript
x-goog-meta-marvel_test_mode: false

GET
H2 200 css
fonts.googleapis.com/ 10 KB
901 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13e721d9d00e096f4d2cbb04e5d687ed72ce175472fcea388ccdcdd69691698b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Aug 2020 18:32:38 GMT
server: ESF
date: Thu, 20 Aug 2020 18:48:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Aug 2020 18:48:04 GMT

GET
H2 200 jquery.dataTables.min.css
cdn.datatables.net/1.10.20/css/ 14 KB
3 KB 66ms
22ms Stylesheet
text/css 2606:4700:10::ac43:e8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.datatables.net/1.10.20/css/jquery.dataTables.min.css
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:e8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 16883074
status: 200
content-length: 2109
cf-request-id: 04aecc293900009ab053bf6200000001
last-modified: Mon, 13 Jan 2020 16:02:02 GMT
server: cloudflare
etag: "11221c5-364c-59c079897ab05-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5c5e49552ee09ab0-FRA
access-control-allow-headers: origin, x-requested-with, content-type
expires: Sat, 06 Feb 2021 09:03:30 GMT

GET
H2 200 css_-kIkzNlItyZJOwLPamvZEU_ozuH2RmS3OXo7nKJA_jU.css
www.netscout.com/sites/default/files/css/ 2 KB
815 B 41ms
40ms Stylesheet
text/css 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/css/css_-kIkzNlItyZJOwLPamvZEU_ozuH2RmS3OXo7nKJA_jU.css

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2a3a03ccd627c190ce0e07fdce6f6414f195c52f9ff5b6f55e3538cc24feaf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 844698
cf-polished: origSize=1811
x-cache: HIT
status: 200
x-cache-hits: 2
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc290f00000ebb1020b200000001
x-request-id: v-e3035fe0-db66-11ea-8e37-17662a46c3e5
last-modified: Tue, 04 Aug 2020 23:53:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
expires: Tue, 25 Aug 2020 00:09:13 GMT
cache-control: max-age=1209600
cf-ray: 5c5e4954ed710ebb-FRA
cf-bgj: minify

GET
H2 200 css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
www.netscout.com/sites/default/files/css/ 16 KB
4 KB 18ms
17ms Stylesheet
text/css 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37970c60fde003559687527462c500a446459cbe449332e257ad5029f7e50bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 237390
cf-polished: origSize=16335
x-cache: HIT
status: 200
x-cache-hits: 64
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc290f00000ebb1020c200000001
x-request-id: v-e9b7d034-dcb3-11ea-ad79-b33eecded188
last-modified: Tue, 04 Aug 2020 23:53:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
expires: Wed, 26 Aug 2020 15:53:06 GMT
cache-control: max-age=1209600
cf-ray: 5c5e4954ed740ebb-FRA
cf-bgj: minify

GET
H2 200 css_gO4WW5Z3c3Xd2Ze3CBS-pJrRWr-1MJEH2in4IB1XPjU.css
www.netscout.com/sites/default/files/css/ 4 KB
1 KB 17ms
16ms Stylesheet
text/css 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/css/css_gO4WW5Z3c3Xd2Ze3CBS-pJrRWr-1MJEH2in4IB1XPjU.css

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65186957eea3ea0576efd2c477fca75f361af9ef4e45d768649f46f78a90216c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57397
cf-polished: origSize=4017
x-cache: HIT
status: 200
x-cache-hits: 25
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc290f00000ebb1020d200000001
x-request-id: v-8e9d7794-e276-11ea-99da-e731626a3cd6
last-modified: Wed, 19 Aug 2020 23:47:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
expires: Wed, 02 Sep 2020 23:49:01 GMT
cache-control: max-age=1209600
cf-ray: 5c5e4954ed770ebb-FRA
cf-bgj: minify

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 103ms
36ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
date: Thu, 20 Aug 2020 18:48:04 GMT
x-host: s7.addthis.com
content-length: 116324

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 57 KB
19 KB 106ms
34ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://play.vidyard.com/embed/v4.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7b8c79dda03501f7feed06c95929cc5692823d494470f5a6b79d9d74f6411ed0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
age: 16985
x-cache: HIT
status: 200
x-cache-hits: 1
content-length: 18900
x-served-by: cache-hhn4079-HHN
x-china: 0
last-modified: Thu, 25 Jun 2020 18:58:25 GMT
etag: "517817dfdf0169c532f597282bc84f11"
vary: X-ThumbnailAB, X-China, accept-language, Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js_9HePkxVK_9gRRV0AyjZWsvdg-Ia_jpZDKWDW6CEY2lY.js Show response
www.netscout.com/sites/default/files/js/ 6 MB
2 MB 63ms
58ms Script
text/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/js/js_9HePkxVK_9gRRV0AyjZWsvdg-Ia_jpZDKWDW6CEY2lY.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79910291198b6fd4cdca7cf29351231f22e0eef0dc5df4010ea3116bbe8ddc52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 844697
cf-polished: origSize=5790441
x-cache: HIT
status: 200
x-cache-hits: 4
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a4e00000ebb10223200000001
x-request-id: v-e31ed626-db66-11ea-ac08-632ad36f9564
last-modified: Tue, 04 Aug 2020 23:53:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 25 Aug 2020 00:09:13 GMT
cache-control: max-age=1209600
cf-ray: 5c5e4956ea540ebb-FRA
cf-bgj: minify

GET
H2 200 logo.svg
www.netscout.com/themes/custom/netscout/ 4 KB
2 KB 40ms
36ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/logo.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad33d9c66e91f0e20f1041ed4e43e097a00a2bede954f160cf4d88be08965238

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 842365
x-cache: HIT
status: 200
x-cache-hits: 25
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a4e00000ebb10224200000001
x-request-id: v-e31dd4d8-db66-11ea-9074-afabb1219d8e
last-modified: Thu, 25 Jul 2019 14:23:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4956ea5a0ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET image001_5.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image003_1.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image005_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image007_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image009_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image011_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image012.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image014_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image016_0.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET image018.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET Screen%20Shot%202020-08-20%20at%209.49.38%20AM.png
www.netscout.com/sites/default/files/inline-images/ 0
0

GET
H2 200 forms2.min.js Show response
app-ab15.marketo.com/js/forms2/js/ 205 KB
69 KB 75ms
30ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab15.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1742
status: 200
vary: Accept-Encoding
cf-request-id: 04aecc298600001d0afd1f2200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "2780995-33237-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 5c5e4955a9a31d0a-CPH
expires: Thu, 20 Aug 2020 22:48:04 GMT

GET
H2 200 NS_ORB_NEG-02.svg
www.netscout.com/themes/custom/netscout/images/ 2 KB
1 KB 28ms
26ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/NS_ORB_NEG-02.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

420b7e3f863223a316cf5820ae944173bd2e3a95f37c90f48474c3ab992c4884

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 841722
x-cache: HIT
status: 200
x-cache-hits: 32
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a5000000ebb10230200000001
x-request-id: v-75032dea-db66-11ea-9306-573e3beff57a
last-modified: Thu, 25 Jul 2019 14:23:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4956ea7a0ebb-FRA
expires: Tue, 25 Aug 2020 00:06:08 GMT

GET
H2 200 google-analytics.js Show response
play.vidyard.com/v0/ 15 KB
6 KB 82ms
34ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://play.vidyard.com/v0/google-analytics.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4890e3b411e79a5b84540077fabb262eee8f9d2c97598468fabe5b8805949420

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
age: 435
x-cache: HIT
status: 200
content-length: 5845
x-served-by: cache-hhn4079-HHN
x-china: 0
last-modified: Thu, 25 Oct 2018 14:39:19 GMT
x-timer: S1597949285.003906,VS0,VE1
etag: "796ea134ca3d91213a9aa2990d82230f"
vary: X-ThumbnailAB, X-China, accept-language, Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 jquery.dataTables.min.js Show response
cdn.datatables.net/1.10.20/js/ 82 KB
28 KB 18ms
16ms Script
application/javascript 2606:4700:10::ac43:e8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.datatables.net/1.10.20/js/jquery.dataTables.min.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:e8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f871fee6fdc802e757bb0453f141c299717af2cd28eeed56012892ce28f1ef4

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 28006592
status: 200
content-length: 28862
cf-request-id: 04aecc2a4e00009ab05380c200000001
last-modified: Tue, 01 Oct 2019 15:10:51 GMT
server: cloudflare
etag: "11221e2-14961-593dac20ea2c5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5c5e4956e8459ab0-FRA
access-control-allow-headers: origin, x-requested-with, content-type
expires: Wed, 30 Sep 2020 15:11:31 GMT

GET
H2 200 js_c8LbWbHV1txem3q8oAzuadnL-HiBShaQH_WRviNqT_g.js Show response
www.netscout.com/sites/default/files/js/ 87 KB
30 KB 23ms
22ms Script
text/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/js/js_c8LbWbHV1txem3q8oAzuadnL-HiBShaQH_WRviNqT_g.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b541d631712bc34f7472aabf9cdeaf0fcb2257fd2436ffced1530f5d4f5a0383

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 664802
cf-polished: origSize=89478
x-cache: HIT
status: 200
x-cache-hits: 10
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc29c900000ebb10217200000001
x-request-id: v-1067d06a-dcb1-11ea-863e-6738b006db25
last-modified: Mon, 10 Aug 2020 23:57:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Wed, 26 Aug 2020 15:32:43 GMT
cache-control: max-age=1209600
cf-ray: 5c5e495608610ebb-FRA
cf-bgj: minify

GET
H2 200 js_Udi2LGDWZo5mi0mLUqpbpIjBnjXLSTZi8pV5wa5mwdI.js Show response
www.netscout.com/sites/default/files/js/ 118 KB
37 KB 25ms
25ms Script
text/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/js/js_Udi2LGDWZo5mi0mLUqpbpIjBnjXLSTZi8pV5wa5mwdI.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0a1dd5b344c8dcc3c07949b2738a63c5185c5858586d1233ccf3bc6729de7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 832277
cf-polished: origSize=121623
x-cache: HIT
status: 200
x-cache-hits: 1
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc29e400000ebb1021d200000001
x-request-id: v-3dda88ce-db7d-11ea-b411-bfa19c43aed2
last-modified: Tue, 11 Aug 2020 00:03:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 25 Aug 2020 02:49:14 GMT
cache-control: max-age=1209600
cf-ray: 5c5e495638d40ebb-FRA
cf-bgj: minify

GET
H2 200 js_PxOnXPJial6oHZQVDTf_GhL3S_q_jU1Vs4wGvfg2r6c.js Show response
www.netscout.com/sites/default/files/js/ 4 KB
2 KB 28ms
26ms Script
text/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/sites/default/files/js/js_PxOnXPJial6oHZQVDTf_GhL3S_q_jU1Vs4wGvfg2r6c.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23e1660becf6b79b0a05d12080a8719ad04972b27180ce83f1ebb28cf1bd8d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 652109
cf-polished: origSize=3889
x-cache: HIT
status: 200
x-cache-hits: 10
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a5000000ebb10231200000001
x-request-id: v-fc41f678-dcb1-11ea-9a16-23b371784ec0
last-modified: Tue, 04 Aug 2020 23:53:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Wed, 26 Aug 2020 15:39:18 GMT
cache-control: max-age=1209600
cf-ray: 5c5e4956ea7d0ebb-FRA
cf-bgj: minify

GET
H2 200 854440143 Show response
ixfd-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000205858/ 6 KB
6 KB 250ms
160ms XHR
application/json 35.244.153.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ixfd-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000205858/854440143?client=js_sdk&client_version=1.3.0&orig_url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&base_url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&user_agent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36
Requested by: Host: cdn.bc0a.com
URL: https://cdn.bc0a.com/autopilot/f00000000205858/autopilot_sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.153.179 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.153.244.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: bcf558a96982b64680a41d4eaa1ac7462e87814cb9149d5e55d089ea40fba8a9

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: 1.1 google
last-modified: Thu, 21 May 2020 15:57:09 GMT
server: Apache
etag: "15439eb-1896-5a62a90a31f40"
status: 200
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: clear
content-length: 6294

GET
H2 200 image001_5.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 25 KB
26 KB 153ms
115ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image001_5.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74bfd0a62bd381f8dd534a59be4878439c7a83e824b0d641246c1b48ec4bd2d0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 232358A73CB7589C
x-cache: Hit from cloudfront
status: 200
content-length: 25966
x-amz-id-2: wP1AJvsRbY/pEs9wfw6utWXt3F3ytCdyS//eCs8hq56Fqp6/yrzRIVZGFcdteMF6LPB8KZGFkkA=
last-modified: Thu, 20 Aug 2020 13:34:44 GMT
server: AmazonS3
etag: "17f8984ba09fca5a33b620a1d65eccdc"
x-amz-version-id: nXm7cDMOvebo62NEezhrp4JMdC6UbduR
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: 1c13jmIAtUdFeJExohRWmj6gP0A1R7ywJplTl3zemGqdvACOkYvcoA==

GET
H2 200 image003_1.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 90 KB
91 KB 148ms
110ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image003_1.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 23e5109a18f1f47ab6cb91afd499f62bd439fa3c1f10f1d5660ff6ab0c38654b

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: D4FE2C91C75E724F
x-cache: Hit from cloudfront
status: 200
content-length: 92236
x-amz-id-2: sm7dM+GLSyCw30TY7mmnQgD84ZCkzO2UgAdDFDwvYe95U7uhgzQ125w4bZQlBMvoIbjYpZWoKxs=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "a11230bf383289e6aa33b17def9bdcc6"
x-amz-version-id: ZyHwoW7ahf7WdR5F3hFENgQ9iou1Wguj
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: NvUYSyNZjRbNYCX54c4LxuTMO5-Z_P4PM5qrm_OIBnBVp5aIVWkm1Q==

GET
H2 200 image005_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 21 KB
21 KB 145ms
108ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image005_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40b3af04477b0045fcdbbb40ced59b581c2f6fa7dd1ed7fe6ba01cb027e0b496

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: D63B6D76E013727B
x-cache: Hit from cloudfront
status: 200
content-length: 21048
x-amz-id-2: A5CI4ywMU9etsyJiuojU/s37yLV6TOVtKVpFsyUGBXG4EcLIpp/xBjIimMdBPxt6+u18LoZE6Qg=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "671a83b234e2ad05a5bad70734e9b6a2"
x-amz-version-id: zY_EPobLSmICIrgpwBclaV0RFbK3n4PA
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: -f0_BZBFQ9ROz-mdnIHupsbEWFhUx50bbL807ytGkZXydPola1PQtQ==

GET
H2 200 image007_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 105 KB
106 KB 119ms
81ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image007_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7717d420e97c5ae2553d13e782da4b028f37b658e41bd3a25a88ac73dbde3724

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: D824DEB0EC5DA90F
x-cache: Hit from cloudfront
status: 200
content-length: 107444
x-amz-id-2: lXp4q3PmTDppCrsv7ye8c08WIw5zFBnI+7d0eZNuzGRYC7tGg7N+ZUS+z4Zol8U9DVYxtllMFl0=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "0ea0d356f32a29ba0b392de0cfff1bbf"
x-amz-version-id: ZDCpUyXHfO0TJfAaJowFa_I3S_YSEGwF
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: 3LlETAfavcvhM_u1f77QOWb9qmrC7zamY5o7R2-kon6oaDw8YAFlHw==

GET
H2 200 image009_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 15 KB
16 KB 144ms
107ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image009_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 863cd627100911ea6e5cad889ad7f10a6c6d4644141e5579a5d71396afc3f63b

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 5Y1W2G3S5G6J7T8P
x-cache: Hit from cloudfront
status: 200
content-length: 15390
x-amz-id-2: JBOBNeh+EM4gIq6sXMm+O4ZOPsyuyGDGmlhbnwqBxvuIWpp4Gg6FQl2wjthu4XgvSwJGl0w8dIU=
last-modified: Thu, 20 Aug 2020 13:34:46 GMT
server: AmazonS3
etag: "cfb01aaab272c1b7a97a8216288a49c1"
x-amz-version-id: 1NQB8WC.x4LHm1NQ7DralakCARXycDFa
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: Q6fLkn01f3g0d0Hy1MRrC83nw1FEn9HywRVfgTKBGw8ZYWQiMYwtKQ==

GET
H2 200 image011_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 87 KB
88 KB 141ms
104ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image011_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5bd8503c220089cd023a4a38de0bab5e3fc81dc1ae7374259fb5c7e9d69aa072

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 52892D41A248FEAB
x-cache: Hit from cloudfront
status: 200
content-length: 89090
x-amz-id-2: Ls8O4W1TGndu3DSzrKtAwbgVIzoIxmmdICnz/io7EBARQAXPXQbqUUpcgiUL/bdlmOJXnNnOfcQ=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "f76bc208459a0c4986575f4907195191"
x-amz-version-id: LlHaJCk17dpkoI7G77yf4AkMkBIPjrRq
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: y7QdakGfN9VWiJvQ2v1RgDxjseqXICAC-n-RL72uAtGegBh4psrI_w==

GET
H2 200 image012.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 9 KB
9 KB 115ms
112ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image012.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a05d19687c9a110cd2cd39e162c4cc86288ca23a6aa154232e51cf0789f51768

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 5TAGFZ5G5X3M3H6G
x-cache: Hit from cloudfront
status: 200
content-length: 8972
x-amz-id-2: rnyxGZkpYySugKY0d18NurqW+yQ6wgWC+LVhcLQkn1S9/9EyVCuIjNGb7aByEZ/xAeX26YCjfNw=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "e0a31c7271d1e584748103efbb428a06"
x-amz-version-id: xAyppss4XcX190tuftRJjwcmAnOOAcgS
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: P8_Ie6vR28R05ZJ7xL0XsF01sVP-3FypmDMG91b35rsd6ISYCRehSw==

GET
H2 200 image014_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 5 KB
6 KB 102ms
100ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image014_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8fe90cb8e6f8450b664ba138c26dad01a3ce500a5d6d855af04faf74dfd0c88c

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 99CAC7D3735270F8
x-cache: Hit from cloudfront
status: 200
content-length: 5405
x-amz-id-2: bDZDf1C2Wioij9cTwIrcGCQuiLEAIpJ/Lik8pK3tM2Zfm+hJR8DON8nNs64DqfxYTcaxQIq4x8I=
last-modified: Thu, 20 Aug 2020 13:34:45 GMT
server: AmazonS3
etag: "5c932aed40a4cab07802c107bf340295"
x-amz-version-id: Tv8ZSPKg_ID9hZjUVo9RH9jZTdUXRC_f
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: vquwlJsLYPjxhY4jEn78ltUij-HQNGX80I1gMYGuBaIEciARcARzhw==

GET
H2 200 image016_0.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 23 KB
24 KB 111ms
109ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image016_0.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a3c314ab510a7539bec429eb83792c4d6109ab8e6c0c236b56075a1492edae78

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:45:08 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 6MAP1GDW5H2VCQFG
x-cache: Hit from cloudfront
status: 200
content-length: 23866
x-amz-id-2: E2dmK4G+m34BZ4Q+VtIFgljkyBT0mNl+gpTow+qnP60AWSXYnrFaGznLPPhnL2mWlCA+tpCX6K4=
last-modified: Thu, 20 Aug 2020 13:34:46 GMT
server: AmazonS3
etag: "5b48ac1d81f3ee86dd97e0db2c8bff04"
x-amz-version-id: OS_yzX0YibGGnCACCtTTNsRQwqXYooXT
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: La1m3XomvqcOYEqAzMcYrlZqehi8ZkQj13-5Jv9UmK0RW3Wmh74-9w==

GET
H2 200 image018.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 255 KB
256 KB 88ms
86ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/image018.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 08b31550ccb975632fd39f1a6cfbb9a6d757f27d748b77eda34185a3db514794

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:33 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 605A20ED322D9E68
x-cache: Hit from cloudfront
status: 200
content-length: 260983
x-amz-id-2: SemcBUqbdMaftba5TS8F+49irFOf/Xv54hFhCobzoQT/e5h/eROzy/Id6NGvjvj878pmVgY9sdc=
last-modified: Thu, 20 Aug 2020 13:34:48 GMT
server: AmazonS3
etag: "3ca90e392c709a2533bfd591f7d18ace"
x-amz-version-id: yrNeMuDd2qN4AAAupMqXEbIq.nCNAJ9v
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: cZ56UN7g5jL_Im_dsX-P0feEJBo-A7m0F0TuoCnySEw-9hDV7zqZIA==

GET
H2 200 Screen%20Shot%202020-08-20%20at%209.49.38%20AM.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/ 107 KB
108 KB 70ms
68ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/inline-images/Screen%20Shot%202020-08-20%20at%209.49.38%20AM.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0aea28dac516016a949dd34d1bdca4cf2a0045ff493e7935df19fee710c1b528

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 14:28:34 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: C4003B3190D7E396
x-cache: Hit from cloudfront
status: 200
content-length: 109720
x-amz-id-2: iYPrlatMoQqvREP80ZOFB9oKtugtczqSbYV1Z1yjsLLbi/E+fXpRW+OwnRhmrzHfxlwQl874p38=
last-modified: Thu, 20 Aug 2020 13:50:58 GMT
server: AmazonS3
etag: "3616201f9852b78b0631e9d4124f1848"
x-amz-version-id: 5I6QVvo_bTdtuQGw6UmSnVeHvBIO0nC8
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: GpVdOEXik8rnHXB69W3VQJ59avnpbdMR_tQmb3I1FNqHKG_06FuDHQ==

GET
H2 200 arrow-down.svg
www.netscout.com/themes/custom/netscout/images/ 734 B
542 B 29ms
28ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/arrow-down.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08aa70e1676a03a732af15d4c3c67f5d861964d1356ef252b08e8dd997d2a7f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 838300
x-cache: HIT
status: 200
x-cache-hits: 28
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a6300000ebb10232200000001
x-request-id: v-e3297266-db66-11ea-a46e-3755b5e0dbbd
last-modified: Thu, 25 Jul 2019 14:52:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e49570ac70ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H2 200 svg-branded-icons-968719c2.svg
www.netscout.com/themes/custom/netscout/images/sprites/svg/ 17 KB
6 KB 29ms
28ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/sprites/svg/svg-branded-icons-968719c2.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202c68a117631d6e3a72a2c93e80347ad261982bb253a7add30e71da8913d091

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:04 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 842364
x-cache: HIT
status: 200
x-cache-hits: 24
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2a6300000ebb10233200000001
x-request-id: v-e32775ce-db66-11ea-937a-3b07afec709e
last-modified: Tue, 19 May 2020 23:50:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e49570ad00ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.netscout.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 07:04:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 733439
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Thu, 12 Aug 2021 07:04:05 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.netscout.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 18:52:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 863746
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 10 Aug 2021 18:52:18 GMT

GET
H/2+Q/46 200 mem5YaGs126MiZpBA-UN8rsOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 15ms
7ms Font
font/woff2 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN8rsOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.netscout.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 03:07:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:53 GMT
server: sffe
age: 747630
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9192
x-xss-protection: 0
expires: Thu, 12 Aug 2021 03:07:34 GMT

GET
H2 200 getForm Show response
app-ab15.marketo.com/index.php/form/ 7 KB
2 KB 66ms
65ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-ab15.marketo.com/index.php/form/getForm?munchkinId=513-UXA-533&form=3308&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&callback=jQuery1124048648815628897024_1597949285061&_=1597949285062
Requested by: Host: app-ab15.marketo.com
URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3df8f6301fbb9501f35893cf5769eb4424efc52f0191b0f1d7120188f203df5

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cf-request-id: 04aecc2ae700001d0afd20c200000001
cf-ray: 5c5e4957ddfa1d0a-CPH
cached: true

GET
H2 200 Twitter_web_social_Icons_4-01.svg
www.netscout.com/themes/custom/netscout/images/ 544 B
438 B 16ms
15ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/Twitter_web_social_Icons_4-01.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

537fee9a5fabe6486570cedf8bcb5fcc59ccd4ef53af072331ed003c9cdd214e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 838438
x-cache: HIT
status: 200
x-cache-hits: 29
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2afa00000ebb10244200000001
x-request-id: v-e32a44b6-db66-11ea-9b2c-27a8db047cb7
last-modified: Thu, 25 Jul 2019 14:23:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4957fd440ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H2 200 LinkedIn_web_social_Icons_4-03.svg
www.netscout.com/themes/custom/netscout/images/ 802 B
722 B 12ms
11ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/LinkedIn_web_social_Icons_4-03.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45f370ac4d4ab5b9a5ba89386c45f16f5bc4496a1ba1c18383017516915c2cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 838438
x-cache: HIT
status: 200
x-cache-hits: 30
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2afa00000ebb10245200000001
x-request-id: v-e329da94-db66-11ea-947c-8fba2a64e3fb
last-modified: Thu, 25 Jul 2019 14:23:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4957fd470ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H2 200 Instagram_web_social_Icons.svg
www.netscout.com/themes/custom/netscout/images/ 1 KB
689 B 27ms
26ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/Instagram_web_social_Icons.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1fdb97380bfe4a6e53bb7278417665cfc2a584e0bef7cc48ccd5709382242e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 840018
x-cache: HIT
status: 200
x-cache-hits: 24
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2afb00000ebb10246200000001
x-request-id: v-e32af91a-db66-11ea-b8c5-1f292723f186
last-modified: Thu, 25 Jul 2019 14:23:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4957fd480ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H2 200 facebook_icon-100px.svg
www.netscout.com/themes/custom/netscout/images/ 678 B
594 B 15ms
15ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/facebook_icon-100px.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74aaef1204f59243f3a06f5cf46e86553fedbff4a69902b16ade5b2801cff8e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 838438
x-cache: HIT
status: 200
x-cache-hits: 34
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2afb00000ebb10247200000001
x-request-id: v-44a86822-db66-11ea-8364-579666f38729
last-modified: Mon, 27 Jul 2020 23:42:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4957fd490ebb-FRA
expires: Tue, 25 Aug 2020 00:04:47 GMT

GET
H2 200 YouTube_web_social_Icons_4-04.svg
www.netscout.com/themes/custom/netscout/images/ 668 B
481 B 16ms
16ms Image
image/svg+xml 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netscout.com/themes/custom/netscout/images/YouTube_web_social_Icons_4-04.svg

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4c965fa3329caa5f86d9cadbc9930fd571790eb886d33b95d85b56c801246c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/sites/default/files/css/css_1VtMtPDgnhnA45V2f0zhEFmLTZxaimpTfiQUJp6VQVE.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 840018
x-cache: HIT
status: 200
x-cache-hits: 24
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2afb00000ebb10248200000001
x-request-id: v-e32a2b98-db66-11ea-a43d-1b78839d30c9
last-modified: Thu, 25 Jul 2019 14:52:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600
cf-ray: 5c5e4957fd4d0ebb-FRA
expires: Tue, 25 Aug 2020 00:09:13 GMT

GET
H/2+Q/46 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.netscout.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 07:02:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:44 GMT
server: sffe
age: 733524
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Thu, 12 Aug 2021 07:02:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 233 KB
58 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/js/js_Udi2LGDWZo5mi0mLUqpbpIjBnjXLSTZi8pV5wa5mwdI.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

df367ed8b3641ef4b92941b3ea4b4fff9d91a77531f2cd524cb61b3efa3c9ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59774
x-xss-protection: 0
last-modified: Thu, 20 Aug 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Aug 2020 18:48:05 GMT

GET
H2 200 windows_linux_cropped-laptop.png
marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/styles/large_lazy_load_480x480/public/2020-04/03/images/ 5 KB
6 KB 90ms
90ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/styles/large_lazy_load_480x480/public/2020-04/03/images/windows_linux_cropped-laptop.png?itok=LiHWBqUX
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 20d3d5d0de965f4a8814ddce4af9d94a6558137ed0392f0989632b51ccadb540

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: .v4B6VlBatQTmHUZatfUfw7bbLKxT_7Y
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
etag: "9c372ea1638dda83322f70f5c6b7328f"
x-amz-request-id: 2AD3CA89EBBA4621
x-cache: Hit from cloudfront
status: 200
content-length: 5462
x-amz-id-2: rvqLNzD4MLaSy5xEMc0H86038P8yDDd3Uwj0HHosQhkU2lGtuOrq2MPTvcEh4pV57498Ar2xhIs=
last-modified: Wed, 19 Aug 2020 14:05:42 GMT
server: AmazonS3
date: Thu, 20 Aug 2020 14:28:33 GMT
content-type: image/webp
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: H4E2WlK4rTNK5QjaKo0NKEKoHLxAU2EZrkFcU11Es8JtCg-ObRHwXA==

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 102ms
33ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=57653
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 conv_v3.js Show response
cdn.b0e8.com/ 67 KB
22 KB 93ms
32ms Script
application/javascript 35.190.5.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.b0e8.com/conv_v3.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.5.192 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.5.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: afdd29778a35ecf1638fc1c8bee1d4f7843d437d01b5db08cdf364da6b0edeaf

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:28:19 GMT
content-encoding: gzip
age: 1186
x-guploader-uploadid: ABg5-UzOapq891e42CgtNhLm8NSICz9TCZ3RUt3jkQhBDw0FvM1AhAwGFI0GMV--YblfGYPiQJ-5ngwKmw2AsH4dDB0EZLbIyg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 21570
last-modified: Fri, 07 Aug 2020 06:51:36 GMT
server: UploadServer
etag: "befb3eb28cd6dd99609966faf9c239e0"
vary: Accept-Encoding
x-goog-hash: crc32c=kqf0jw==, md5=vvs+sozW3ZlgmWb6+cI54A==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1596783096708452
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 21570
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 20 Aug 2020 19:28:19 GMT

GET
H2 200 forms2.css
app-ab15.marketo.com/js/forms2/css/ 13 KB
3 KB 28ms
27ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab15.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-ab15.marketo.com
URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5261
status: 200
vary: Accept-Encoding
content-length: 2623
cf-request-id: 04aecc2b9500001d0afd211200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "ce0494-3437-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5c5e4958e8211d0a-CPH
expires: Thu, 20 Aug 2020 22:48:05 GMT

GET
H2 200 forms2-theme-simple.css
app-ab15.marketo.com/js/forms2/css/ 826 B
392 B 25ms
25ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab15.marketo.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-ab15.marketo.com
URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3879
status: 200
vary: Accept-Encoding
content-length: 242
cf-request-id: 04aecc2b9500001d0afd212200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "ce048f-33a-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5c5e4958e8241d0a-CPH
expires: Thu, 20 Aug 2020 22:48:05 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=22682
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5545
date: Thu, 20 Aug 2020 17:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Thu, 20 Aug 2020 19:15:40 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 96ms
33ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
age: 67453
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-fra19122-FRA
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1597949285.396560,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 hotjar-1115618.js Show response
static.hotjar.com/c/ 36 KB
6 KB 117ms
51ms Script
application/javascript 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1115618.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress15

Software

Resource Hash

ef3eedd0f92b4973dd6bdd28021a1c0f55c3d01ad9ec77fc6919a2abd4a82a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: br
x-content-type-options: nosniff
section-io-tag: hotjarjs
age: 0
status: 200
section-io-cache: Miss
vary: Accept-Encoding
content-length: 5379
cache-control: max-age=60
etag: W/af026ff2a54b08067568c932e6d6aefb
access-control-max-age: 600
section-io-origin-status: 200
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.019
section-io-id: cdabc7dc8c7fc06b97e0e64053899293
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H/2+Q/46

200

activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Fluc...
9460942.fls.doubleclick.net/ Frame 8128
Redirect Chain

https://9460942.fls.doubleclick.net/activityi;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Fl...
https://9460942.fls.doubleclick.net/activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fw...

0
0

115ms
62ms

Document
text/html

216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9460942.fls.doubleclick.net/activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9460942.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.netscout.com/blog/asert/lucifers-spawn
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Thu, 20 Aug 2020 18:48:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 398
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 20-Aug-2020 19:03:05 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Thu, 20 Aug 2020 18:48:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9460942.fls.doubleclick.net/activityi;dc_pre=CM78nfy4qusCFc_luwgdcYoAow;src=9460942;type=sitewide;cat=glbswide;ord=3632757135702;gtm=2wg8c0;auiddc=118593609.1597949285;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: 7KZd7laF8Qh/UOTjFoSR0mG3ACz3k8nseCbivrbi47W32e7l9M8/HXuIHwzwax6kqEO5IVlA9Vn/72bWxmO6jg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Thu, 20 Aug 2020 18:48:05 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 lt.min.js Show response
www.netscout.com/js/ 17 KB
6 KB 24ms
12ms Script
application/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/js/lt.min.js

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5df7be00fc6004e7cb398488ad628bbea14bfa2865273c0742913ce148642add

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 841719
x-cache: HIT
status: 200
x-cache-hits: 29
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2be000000ebb1026c200000001
x-request-id: v-76334150-db66-11ea-b426-ef15334c66fe
last-modified: Thu, 23 Apr 2020 22:48:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 5c5e495969180ebb-FRA
expires: Tue, 25 Aug 2020 00:06:10 GMT

GET
H/1.1 200
OK btp Show response
pixel-prod.sprinklr.com/ 7 KB
8 KB 466ms
114ms Script
text/plain 52.70.66.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-prod.sprinklr.com/btp?clientId=5325
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.66.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-70-66-29.compute-1.amazonaws.com
Software: Sprinklr /
Resource Hash: 8cede350cb533674628a88894cc8d81dd9356233826c1665f57c472105eba2de

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:05 GMT
Server: Sprinklr
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Cache-control: no-cache="set-cookie"
Connection: keep-alive
Access-Control-Allow-Headers: X-CSRF-Token, x-requested-with, partnerId, Content-Type, apiKey, Cache-Control
Content-Length: 7658

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 43ms
33ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 notice Show response
consent.truste.com/ 5 KB
2 KB 158ms
72ms Script
text/javascript 13.226.155.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.truste.com/notice?domain=netscout.com&c=teconsent&text=true&gtm=1

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.118 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-118.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

4206af039e7960fca066549659b0620249bf8126af6b92d8fbb2e8b402aadfd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.netscout.com
Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
status: 200
content-length: 1818
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 4ecd74dda94d7576e134fcdf16df8129.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: N-JxeAlZT7GKEEDItuyg1SXHD2SAcr56t2kX9_W-MdNdJOlDn7zmZg==
expires: Thu, 20 Aug 2020 18:48:04 GMT

GET
H/1.1 200
OK rtp.js Show response
abrtp1-cdn.marketo.com/rtp-api/v1/ 151 KB
42 KB 138ms
52ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-158.deploy.static.akamaitechnologies.com

Software

Jetty(7.3.1.v20110307) /

Resource Hash

6e7cc7587a42115c6e260064b5e98ea8c05d7ca0771a100a9c33def45c19455c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Last-Modified: Wed, 19 Aug 2020 06:10:44 GMT
Server: Jetty(7.3.1.v20110307)
Date: Thu, 20 Aug 2020 18:48:05 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=190
Connection: keep-alive
Content-Length: 42177

GET
H2 200 formalyze_init.min.js Show response
www.netscout.com/js/ 579 B
337 B 23ms
13ms Script
application/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/js/formalyze_init.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca4cef801e43a5c76e4cb708568d3daaa1e41233828d754d6eac014f57b9714d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 841719
x-cache: HIT
status: 200
x-cache-hits: 28
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2be200000ebb1026d200000001
x-request-id: v-e42a0f72-db66-11ea-96a5-4724c39193e5
last-modified: Thu, 23 Apr 2020 22:48:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 5c5e495969270ebb-FRA
expires: Tue, 25 Aug 2020 00:09:14 GMT

GET
H2 200 ff-2.min.js Show response
www.netscout.com/js/ 167 KB
46 KB 34ms
25ms Script
application/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/js/ff-2.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48f866c7ce9aaee05f35cfd236581214836ee556c7476676cf87d07ca073f057

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 841719
x-cache: HIT
status: 200
x-cache-hits: 29
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2be200000ebb1026e200000001
x-request-id: v-764fedbe-db66-11ea-abcb-272541982b02
last-modified: Thu, 23 Apr 2020 22:48:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 5c5e495969290ebb-FRA
expires: Tue, 25 Aug 2020 00:06:10 GMT

GET LBmW4bnp8zJET0IHLEdv
ws.zoominfo.com/pixel/ 0
0

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 114ms
36ms Script
application/x-javascript 13.226.146.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.146.155 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-146-155.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 16:02:50 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Aug 2020 14:34:44 GMT
Server: AmazonS3
Age: 9916
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: BXI4yJh1TT3ilgqNPCy10vnIUJ3XLEBFLwDZVpX2i-Flkxw-ynOk8A==

GET
H/1.1 200
g u.gif
j.mrpdata.net/ 43 B
266 B 138ms
34ms Image
image/gif 18.196.83.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://j.mrpdata.net/u.gif?g=KQOih6BAvgXe8nGHH6uWIMaB2L0P15wk6NRtBrWtjo0=&pd=eyJ3ZWJ0cmFja2VyIjoiMi4wIn3e4bPXaJOLfs6WjnYOMJNA&gtmcb=1611045028
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.83.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-83-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache
X-Backend: dmc_hitServer_4_g@j4mrpdatanet
Connection: keep-alive
X-DeviceID: f52261cc-660a-e858-edfe-53942760b659
Content-Length: 43
Content-Type: image/gif

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27243%26url%3Dhttps%253A%252F%252Fwww.netscout.com%252Fblog%252Fasert%252Flucifer...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353&liSync=true

0
81 B

111ms
111ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353&liSync=true
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: I8dMyWgOLRagmATBYysAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: LTyst2gOLRbADGlZjysAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: B7889802BCE4465D833197FA0F1B6699 Ref B: AM3EDGE0519 Ref C: 2020-08-20T18:48:05Z
x-frame-options: sameorigin
date: Thu, 20 Aug 2020 18:48:04 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&time=1597949285353&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/2+Q/46 200 js Show response
www.google-analytics.com/gtm/ 89 KB
34 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-WZFNBKF&t=gtm2&cid=1988117878.1597949285

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ac7ac7bacbca78bc5228c6e90128d43510dd34c7af72ca475d0cc2c1254cc20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34317
x-xss-protection: 0
expires: Thu, 20 Aug 2020 18:48:05 GMT

GET
H2 200 XDFrame
app-ab15.marketo.com/index.php/form/ Frame C62A 0
0 389ms
389ms Document
text/html 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab15.marketo.com/index.php/form/XDFrame

Requested by

Host: app-ab15.marketo.com
URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-ab15.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.netscout.com/blog/asert/lucifers-spawn
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=8206f6a2fbdaf24c8393f3812a447b7c03fbc0a7-1597949284-1800-AcanMVB6taNJ717AQ7WmfuIz0kW1BV5TdyLYIfFtQwimEcVisHBgpRTvI81TxDLhZmcEbF0IUqqlG1YR9CXsiOM=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.netscout.com/blog/asert/lucifers-spawn

Response headers

status: 200
date: Thu, 20 Aug 2020 18:48:05 GMT
content-type: text/html; charset=utf-8
content-length: 653
set-cookie: __cfduid=d4136de27723756119136b79087ea7c041597949285; expires=Sat, 19-Sep-20 18:48:05 GMT; path=/; domain=.app-ab15.marketo.com; HttpOnly; SameSite=Lax BIGipServerab15web-nginx-app_https=!bmqyIBq2jyaDLCa5yiPNdgcigIaMSTLREocm8Kj2ONtSB+BF4Pw5NbFzSMSxoUVY7n5C8zz7C8aplpo=;Path=/;Version=1;Secure;Httponly
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
accept-ranges: bytes
cf-cache-status: DYNAMIC
cf-request-id: 04aecc2c4300001d0afd21e200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5c5e495a0a271d0a-CPH

GET
H2 200 jquery.fancybox.min.css
www.netscout.com/themes/custom/netscout/css/vendors/ 12 KB
3 KB 14ms
13ms Stylesheet
text/css 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/themes/custom/netscout/css/vendors/jquery.fancybox.min.css

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/sites/default/files/js/js_c8LbWbHV1txem3q8oAzuadnL-HiBShaQH_WRviNqT_g.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 844696
x-cache: HIT
status: 200
x-cache-hits: 2
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2ca200000ebb1027c200000001
x-request-id: v-e5460f6e-db66-11ea-a88d-6f9ebd89820a
last-modified: Thu, 25 Jul 2019 14:52:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600
cf-ray: 5c5e495a9bf80ebb-FRA
expires: Tue, 25 Aug 2020 00:09:16 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5a2974ab1cafb62f/ 2 KB
893 B 104ms
103ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5a2974ab1cafb62f/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d63a5eeb77702abf764cb0f53cdfe5a4462fdb307f54906ade644ebe7d208535

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
content-encoding: gzip
etag: 507737442--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=2, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 720

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 203ms
201ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5f3ec5658cab5972&bkl=0&bl=1&pdt=65&sid=5f3ec5658cab5972&pub=ra-5a2974ab1cafb62f&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.netscout.com&fp=blog%2Fasert%2Flucifers-spawn&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1597949285548&jsl=1&uvs=5f3ec5653fb01867000&skipb=1&callback=addthis.cbs.jsonp__47767501938373560
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9e3bdda93db6a3f7c7f7192e96bb428288e66ab456fa6711f34d2ab07596cc15

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Thu, 20 Aug 2020 18:48:05 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 4FF5 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 0893 0
0 47ms
47ms Document
text/html 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.netscout.com/blog/asert/lucifers-spawn
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.netscout.com/blog/asert/lucifers-spawn

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Thu, 20 Aug 2020 18:48:05 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/159/ 11 KB
5 KB 34ms
34ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Sat, 28 Nov 2020 18:48:05 GMT

GET
H2 200 formalyze_call_secure.min.js Show response
www.netscout.com/js/ 210 KB
28 KB 29ms
28ms Script
application/javascript 2606:4700::6811:2b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netscout.com/js/formalyze_call_secure.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:2b40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45ac18a90ddb596418d1c2923721deca2db30de93e334b2deca6fc81908934d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:05 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 841717
x-cache: HIT
status: 200
x-cache-hits: 28
x-ah-environment: prod
content-encoding: br
cf-request-id: 04aecc2e5900000ebb10294200000001
x-request-id: v-76577228-db66-11ea-851d-673cde43c7fc
last-modified: Thu, 23 Apr 2020 22:48:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 5c5e495d5c400ebb-FRA
expires: Tue, 25 Aug 2020 00:06:10 GMT

GET
H2 200 modules.0bbdc1f554b52cb852ad.js Show response
script.hotjar.com/ 357 KB
70 KB 103ms
37ms Script
application/javascript 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.0bbdc1f554b52cb852ad.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1115618.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress15
Software: /
Resource Hash: c8a78225734a6353e1d817d85f4650995f9a9a450ede979cf6463ceffe554280

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
content-encoding: br
age: 13584
status: 200
section-io-cache: Hit
content-length: 71205
last-modified: Thu, 20 Aug 2020 14:57:58 GMT
etag: "0fa181bbb317a8f3e8469cd6a80d0c30"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.088
section-io-id: 6f98576185f3b92e04b008b7be71c9f6
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2 200 adsct
t.co/i/ 43 B
448 B 242ms
160ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nuknd&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Thu, 20 Aug 2020 18:48:06 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 993ce4776570b7df851e20d218ae3e3c
x-transaction: 001f7b19009a2900
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 v1.7-134 Show response
consent.trustarc.com/asset/notice.js/v/ 66 KB
22 KB 148ms
74ms Script
application/x-javascript 13.226.155.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-134

Requested by

Host: consent.truste.com
URL: https://consent.truste.com/notice?domain=netscout.com&c=teconsent&text=true&gtm=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.74 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-74.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

c29c9903f522a7ffec7e3b335ab3fdfdd1de0c1af0486ee3a84b766bfb708a76

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Origin: https://www.netscout.com
Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
status: 200
pragma: public
access-control-allow-origin: *
last-modified: Thu, 20 Aug 2020 01:53:00 GMT
server: nginx
x-frame-options: ALLOWALL
content-type: application/x-javascript
via: 1.1 f12c01365a7e1bcbb4b6d5b856516527.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-id: 2M8FnAeZu6NBlOvhQXo-RBlJjbFWj5oUSse1d75FqTrcvA4-63VyWA==
expires: Sat, 19 Sep 2020 18:48:06 GMT

GET
H/1.1 200
OK jquery.min.js Show response
rtp-static.marketo.com/rtp/libs/jquery/1.8.3/ 91 KB
33 KB 136ms
68ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js
Requested by: Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Sep 2015 11:20:15 GMT
Server: AkamaiNetStorage
ETag: "3576a6e73c9dccdbbc4a2cf8ff544ad7:1441624815"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 33467

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 22 KB
4 KB 102ms
34ms Stylesheet
text/css 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 08:57:42 GMT
Server: AkamaiNetStorage
ETag: "7f5b0bee9b1f7af8413b351cbceca223:1510045062"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3752

GET
H/1.1 200
OK trw Show response
abrtp1.marketo.com/gw1/ 0
435 B 482ms
119ms Script
application/x-javascript 192.28.144.84
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://abrtp1.marketo.com/gw1/trw?aid=netscout&trwv.uid=netscout-1597949286025-df675c5b&trwv.vc=1&trwsa.sid=netscout-1597949286026-72b203ba&trwsb.cpv=1&ctzo=+02:00&uri=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&pm=&viewedTypes=&rts=1597949286033

Requested by

Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.144.84 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Cache-Control: no-cache
Server: Jetty(7.3.1.v20110307)
Connection: close
Content-Length: 0
Strict-Transport-Security: max-age=63113904
Content-Type: application/x-javascript; charset=UTF-8

GET
H/1.1 200
OK ga-integration-2.0.2.js Show response
rtp-static.marketo.com/rtp/libs/ 15 KB
5 KB 123ms
55ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js
Requested by: Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 03 Jul 2018 13:42:27 GMT
Server: AkamaiNetStorage
ETag: "52b7a5deba12e7e1147fcebaa9fd9691:1530625347"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 4977

GET
H2 200 layers.33f5b85045a5f2308467.js Show response
s7.addthis.com/static/ 263 KB
76 KB 54ms
53ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Thu, 20 Aug 2020 18:48:06 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77540

GET
H2

451

400906.gif
so.rlcdn.com/
Redirect Chain

https://vff6132.d41.co/sync/
https://so.rlcdn.com/400906.gif?cparams=cparams%3D578aef3b0be748678f00022c5a4a42cd-410aa8720b74464ba27399ba3f1fac66-1-382

0
0

255ms
169ms

Script
text/plain

35.244.245.222
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://so.rlcdn.com/400906.gif?cparams=cparams%3D578aef3b0be748678f00022c5a4a42cd-410aa8720b74464ba27399ba3f1fac66-1-382
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.245.222 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 222.245.244.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Thu, 20 Aug 2020 18:48:06 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 20 Aug 2020 18:48:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: https://www.netscout.com
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Location: https://so.rlcdn.com/400906.gif?cparams=cparams%3D578aef3b0be748678f00022c5a4a42cd-410aa8720b74464ba27399ba3f1fac66-1-382
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 1 KB
2 KB 172ms
39ms Script
application/javascript 13.226.155.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/js/ff-2.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-66.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:43:40 GMT
Via: 1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Jan 2019 15:43:36 GMT
Server: AmazonS3
Age: 267
ETag: "e876f53a6063aa4d75f88c7b67222687"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: DUS51-C1
Accept-Ranges: bytes
Content-Length: 1420
X-Amz-Cf-Id: rlWJe1TAyaAz_vUzZEgV8UJX0kSviJYcvcyxJyyXMGncsdrgByzT3w==

GET
H2 200 brightedge3.php
a.b0e8.com/ 35 B
152 B 203ms
145ms Image
image/gif 34.95.105.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.b0e8.com/brightedge3.php?id=f00000000205858&p_id=22A428J6JLJNR4R64JN2N2NA8AAAAAAAAH&bf=a8e4d9aeaf2ead6ef8b2bf61e5fefcdb&url=https%3A//www.netscout.com/blog/asert/lucifers-spawn&ref=&bn=1&bv=3.43&title=Lucifer%u2019s%20Spawn%20%7C%20NETSCOUT&metadesc=Executive%20Summary%0A%0ALucifer%2C%20a%20cryptojacking%20and%20distributed%20denial%20of%20service%20%28DDoS%29%20bot%2C%20originally%20found%20to%20exploit%20and%20run%20on%20Windows%20based%20systems%20and&metakeywords=&s_id=22A428J6JLJNR2L8PPP2N2NA8AAAAAAAAH
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.105.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.105.95.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
x-debug: default
server: Apache
content-type: image/gif
status: 200
accept-ranges: bytes
alt-svc: clear
content-length: 35
via: 1.1 google

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=2050344691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&ul=en-us&de=UTF-8&dt=Lucifer%E2%80%99s%20Spawn%2...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_gid=1971318228.1597949285&gjid=629941699&_v=j83&z=175213306
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306&slf_rd=1&random=845736071

42 B
106 B

19ms
19ms

Image
image/gif

2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306&slf_rd=1&random=845736071

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Aug 2020 18:48:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Aug 2020 18:48:06 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-231177-6&cid=1988117878.1597949285&jid=1368233859&_v=j83&z=175213306&slf_rd=1&random=845736071
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/2+Q/46 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
6ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=2050344691&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&ul=en-us&de=UTF-8&dt=Lucifer%E2%80%99s%20Spawn%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog&ea=Page%20View%20%7C%20%2Fblog%2Fasert%2Flucifers-spawn&el=Arbor%20Networks%20-%20DDoS%20Experts%20%7C%20Attacks%20and%20DDoS%20Attacks%20%7C%20Botnets%20%7C%20DDoS%20Tools%20and%20Services&ev=0&_u=aHDAAEADQ~&jid=&gjid=&cid=1988117878.1597949285&tid=UA-231177-6&_gid=1971318228.1597949285&gtm=2wg8c0WSK2TN&cd9=1988117878.1597949285&cd11=20200820%7C01697818&cd12=20%3A48%3A06&z=2141408962

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Aug 2020 09:51:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 809790
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame A485 0
0 98ms
32ms Document
text/html 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1115618.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress15
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.netscout.com/blog/asert/lucifers-spawn
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.netscout.com/blog/asert/lucifers-spawn

Response headers

status: 200
date: Thu, 20 Aug 2020 18:48:06 GMT
content-type: text/html
content-length: 851
last-modified: Mon, 17 Aug 2020 18:24:17 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.045
section-origin-responded: true
age: 234430
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: c1b7e959ec6b6218fc088621d4876c43

GET
H2 200 223055731396892 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 63ms
62ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/223055731396892?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f679a07c6fe2d964735e118fd1f845e027312325767bb0f089e71eb0bffa3c16

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: YnujPYFVunslaweGGIP+6IXWk5CXbJBihXoaxNVdkXEX305jcGKFXFXppkcBhVPfK6r+80jVGBY8/h+iZ9cQcw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Thu, 20 Aug 2020 18:48:06 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK btp
pixel-prod.sprinklr.com/ 7 KB
7 KB 118ms
117ms Image
text/plain 52.70.66.29
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-prod.sprinklr.com/btp?brandId=8379C02E9FAD4FD36A2562A3F57190978B7B890B4A0B1BD047C90A682461456D&action=PageView&location=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.66.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-70-66-29.compute-1.amazonaws.com
Software: Sprinklr /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:05 GMT
Server: Sprinklr
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-CSRF-Token, x-requested-with, partnerId, Content-Type, apiKey, Cache-Control
Content-Length: 7658

GET
H/1.1 200
OK msg Show response
abrtp1.marketo.com/gw1/ 0
494 B 480ms
119ms Script
text/javascript 192.28.144.84
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://abrtp1.marketo.com/gw1/msg?a=2&sid=netscout-1597949286026-72b203ba&aid=netscout&viewedTypes=&0.5880605070760501&rts=1597949286128

Requested by

Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.144.84 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
H/1.1 200
OK visitWebPage Show response
513-uxa-533.mktoresp.com/webevents/ 2 B
311 B 487ms
122ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://513-uxa-533.mktoresp.com/webevents/visitWebPage?_mchNc=1597949286158&_mchCn=&_mchId=513-UXA-533&_mchTk=_mch-netscout.com-1597949286134-33916&_mchHo=www.netscout.com&_mchPo=&_mchRu=%2Fblog%2Fasert%2Flucifers-spawn&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 8f49c8c8-a415-4187-927c-dbdd5f9f64fe

GET
H/1.1 200
OK visitWebPage Show response
082-kna-087.mktoresp.com/webevents/ 2 B
311 B 494ms
129ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://082-kna-087.mktoresp.com/webevents/visitWebPage?_mchNc=1597949286158&_mchCn=&_mchId=082-KNA-087&_mchTk=_mch-netscout.com-1597949286134-33916&_mchHo=www.netscout.com&_mchPo=&_mchRu=%2Fblog%2Fasert%2Flucifers-spawn&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 7390bd34-8f1a-4953-99d6-d0d0281e4394

GET
H2

200

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=29078&page=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&referer=&fp=f10d44237416b9907b2c88ae232a9574
https://tracking.leadlander.com/tracking.png

68 B
296 B

115ms
114ms

Image
image/png

23.20.93.44
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.20.93.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-93-44.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Aug 2020 18:48:06 GMT
last-modified: Wed, 26 Sep 2018 16:48:51 GMT
server: Kestrel
etag: "1d455b8cd761bc4"
strict-transport-security: max-age=2592000
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

status: 302
date: Thu, 20 Aug 2020 18:48:06 GMT
server: Kestrel
access-control-allow-origin: *
location: /tracking.png
content-length: 0
strict-transport-security: max-age=2592000

GET
H2 200 /
consent-pref.trustarc.com/ Frame 06C9 0
0 112ms
37ms Document
text/html 13.226.155.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=netscout&site=netscout.com&action=notice&country=dk&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-134

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.88 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-88.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: consent-pref.trustarc.com
:scheme: https
:path: /?type=netscout&site=netscout.com&action=notice&country=dk&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.netscout.com/blog/asert/lucifers-spawn
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.netscout.com/blog/asert/lucifers-spawn

Response headers

status: 200
content-type: text/html; charset=UTF-8
server: nginx
last-modified: Thu, 13 Aug 2020 03:31:20 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 20 Aug 2020 12:03:39 GMT
etag: W/"5700-1597289480000"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: SApX7hpEXoxGn6MTzK2BHY8jQLuK06LsFoQm3V5A69b1YsVtkHCtMg==
age: 24267

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
432 B 142ms
67ms Image
image/gif 13.226.155.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=netscout.com&behavior=expressed&country=dk&language=en&rand=0.36303456143496504

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.155.74 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-155-74.dus51.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
via: 1.1 3395b043e03ecb4acfd925a6e5a26e92.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: H_-rSsgal9i-mH0zcxUkVn5_9L1yQ9pjbPsiSc0nEjDYaeQM8qvbRw==
expires: Thu, 20 Aug 2020 18:48:05 GMT

GET
H2 200 transparent.png
marvel-b1-cdn.bc0a.com/f00000000205858/consent.trustarc.com/asset/ 74 B
554 B 32ms
31ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/consent.trustarc.com/asset/transparent.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f867907a98951ee0e779cfa7cd4bb0827808311273ed401ff9e04165c9a64d2

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 16:34:31 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 1D8269124ABD728E
x-cache: Hit from cloudfront
status: 200
content-length: 74
x-amz-id-2: qgDGt0vA1rDvf7nombyLWVOGUxuvhAf5srPZ7y/DodzxH1+QtgcfGkDXR82JsOUXEKwPh1/iXPA=
last-modified: Thu, 06 Aug 2020 20:23:24 GMT
server: AmazonS3
etag: "e2b25960afaa782778a322c3cbb01afc"
x-amz-version-id: gnq7Hy71hanBqB04vzdOSinLmzLRVuyT
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: SKxKiybr1RTq0Z-bjefUPxEUqzeCjIiIFcsMVbMG0JCPQDTseDaxag==

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/ 126 KB
35 KB 52ms
52ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js
Requested by: Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Jan 2018 12:54:21 GMT
Server: AkamaiNetStorage
ETag: "5a9f8dd85d85afd20544bd437a505338:1515502461"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 35484

GET
H2 200 trans.png
marvel-b1-cdn.bc0a.com/f00000000205858/consent.trustarc.com/asset/ 74 B
557 B 42ms
42ms Image
image/webp 2600:9000:21f3:c400:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000205858/consent.trustarc.com/asset/trans.png
Requested by: Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:c400:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3a5133382fa336914ee6b680c32b17b20844bcfd173579efac78f7da068c357a

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 13:33:04 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-request-id: 5AB4484D3C169F48
x-cache: Hit from cloudfront
status: 200
content-length: 74
x-amz-id-2: KG+kx58ApCr9553eRWXEoV8YlyNCO7wYjWQ8JQ/zNFIl4ye26Yf+HFYdHl4+r1UEYpsWQQNS+p0=
last-modified: Thu, 06 Aug 2020 20:23:21 GMT
server: AmazonS3
etag: "71ab7ec13eab9f71eca196c1a722a915"
x-amz-version-id: dpmhxIx0mljHydHd3fuKTa8l1VOJR3W9
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: jVod5BO3xqUa-bhL5zdLfKVqrX5s1poIbT_Y82HR5IeMAQPCSYvQ6A==

GET
H2 200 /
www.facebook.com/tr/ 44 B
259 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=223055731396892&ev=PageView&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flucifers-spawn&rl=&if=false&ts=1597949286385&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1597949286384.123791866&it=1597949286124&coo=false&rqm=GET

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/blog/asert/lucifers-spawn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 20 Aug 2020 18:48:06 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1115618/ 178 B
320 B 154ms
55ms XHR
application/json 54.194.207.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1115618/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0bbdc1f554b52cb852ad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.207.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-207-225.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 20 Aug 2020 18:48:06 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

GET
H/1.1 200
OK msg Show response
abrtp1.marketo.com/gw1/ 0
494 B 360ms
122ms Script
text/javascript 192.28.144.84
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://abrtp1.marketo.com/gw1/msg?a=2&sid=netscout-1597949286026-72b203ba&aid=netscout&ma=id%3A513-UXA-533%26token%3A_mch-netscout.com-1597949286134-33916&viewedTypes=&0.9453363888593811&rts=1597949286526

Requested by

Host: abrtp1-cdn.marketo.com
URL: https://abrtp1-cdn.marketo.com/rtp-api/v1/rtp.js?aid=netscout

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.144.84 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 18:48:06 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

POST
H/1.1 200
OK content Show response
ws2.hotjar.com/api/v2/sites/1115618/recordings/ 69 B
393 B 537ms
365ms XHR
application/json 34.240.23.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws2.hotjar.com/api/v2/sites/1115618/recordings/content
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0bbdc1f554b52cb852ad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.23.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-23-145.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e625e6be7d39acf112e6a03e488b8880ea6a785b785f1e2f5fdd361cbed348c8

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Thu, 20 Aug 2020 18:48:07 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

POST
H2 200 /
www.facebook.com/tr/ 0
49 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryeNVUiXdBDXTWTGRN

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 20 Aug 2020 18:48:06 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.netscout.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK / Show response
vff6132.d41.co/api/ 95 B
945 B 118ms
118ms XHR
application/json 52.204.197.76
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://vff6132.d41.co/api/?req=vff6132&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.204.197.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-197-76.compute-1.amazonaws.com

Software

Resource Hash

ca7402c1660866d4468ab7fa606540fc16ae5eb2275f3b53021e8b86db095159

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 Aug 2020 18:48:09 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/json
Access-Control-Allow-Origin: https://www.netscout.com
Cache-control: no-store
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 95
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 init Show response
ff.d41.co/v1/ 44 B
666 B 483ms
133ms XHR
text/plain 34.205.107.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ff.d41.co/v1/init?v=55b9aabde2cf40a5b1ca9c40bb7b4cd0

Requested by

Host: www.netscout.com
URL: https://www.netscout.com/js/ff-2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.205.107.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-205-107-148.compute-1.amazonaws.com

Software

Resource Hash

173e6aa1d6f785199b345109c94a1810361e0c0ff3e5963ad11bd59b1b9263a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.netscout.com/blog/asert/lucifers-spawn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 Aug 2020 18:48:09 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: text/plain;charset=ISO-8859-1
Access-Control-Allow-Origin: *
Cache-control: no-store
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Length: 44
X-XSS-Protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image001_5.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image003_1.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image005_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image007_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image009_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image011_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image012.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image014_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image016_0.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/image018.png

Domain: www.netscout.com
URL: https://www.netscout.com/sites/default/files/inline-images/Screen%20Shot%202020-08-20%20at%209.49.38%20AM.png

Domain: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/LBmW4bnp8zJET0IHLEdv

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://munchkin.marketo.net/159/munchkin.js(Line 22) Message: Munchkin.init("%s") options: 513-UXA-533 [object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

082-kna-087.mktoresp.com
513-uxa-533.mktoresp.com
9460942.fls.doubleclick.net
a.b0e8.com
abrtp1-cdn.marketo.com
abrtp1.marketo.com
app-ab15.marketo.com
cdn-0.d41.co
cdn.b0e8.com
cdn.bc0a.com
cdn.datatables.net
connect.facebook.net
consent-pref.trustarc.com
consent.trustarc.com
consent.truste.com
ff.d41.co
fonts.googleapis.com
fonts.gstatic.com
in.hotjar.com
ixfd-api.bc0a.com
j.mrpdata.net
js.adsrvr.org
m.addthis.com
marvel-b1-cdn.bc0a.com
munchkin.marketo.net
pixel-prod.sprinklr.com
play.vidyard.com
px.ads.linkedin.com
rtp-static.marketo.com
s7.addthis.com
script.hotjar.com
snap.licdn.com
so.rlcdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tracking.leadlander.com
v1.addthisedge.com
vars.hotjar.com
vff6132.d41.co
ws.zoominfo.com
ws2.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.netscout.com
z.moatads.com
s7.addthis.com
ws.zoominfo.com
www.netscout.com
104.109.95.62
104.111.239.158
104.16.94.80
104.244.42.69
13.226.146.155
13.226.155.118
13.226.155.66
13.226.155.74
13.226.155.88
147.75.102.203
151.101.113.181
151.101.12.157
18.196.83.230
192.28.144.124
192.28.144.84
216.58.212.134
23.20.93.44
23.210.248.44
23.210.250.213
2600:9000:21f3:c400:0:f267:a5c0:93a1
2606:4700:10::ac43:e8b
2606:4700::6811:2b40
2620:1ec:22::14
2a00:1450:4001:801::200e
2a00:1450:4001:802::200e
2a00:1450:4001:817::200a
2a00:1450:4001:81a::2003
2a00:1450:4001:81e::2003
2a00:1450:4001:820::2008
2a00:1450:4001:824::2004
2a00:1450:400c:c0a::9d
2a02:26f0:10c:39e::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
34.205.107.148
34.240.23.145
34.95.105.148
35.190.5.192
35.201.125.192
35.244.153.179
35.244.245.222
52.204.197.76
52.70.66.29
54.194.207.225
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
08aa70e1676a03a732af15d4c3c67f5d861964d1356ef252b08e8dd997d2a7f0
08b31550ccb975632fd39f1a6cfbb9a6d757f27d748b77eda34185a3db514794
0aea28dac516016a949dd34d1bdca4cf2a0045ff493e7935df19fee710c1b528
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
13e721d9d00e096f4d2cbb04e5d687ed72ce175472fcea388ccdcdd69691698b
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
173e6aa1d6f785199b345109c94a1810361e0c0ff3e5963ad11bd59b1b9263a8
202c68a117631d6e3a72a2c93e80347ad261982bb253a7add30e71da8913d091
20d3d5d0de965f4a8814ddce4af9d94a6558137ed0392f0989632b51ccadb540
23e1660becf6b79b0a05d12080a8719ad04972b27180ce83f1ebb28cf1bd8d9b
23e5109a18f1f47ab6cb91afd499f62bd439fa3c1f10f1d5660ff6ab0c38654b
240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2f871fee6fdc802e757bb0453f141c299717af2cd28eeed56012892ce28f1ef4
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31
37970c60fde003559687527462c500a446459cbe449332e257ad5029f7e50bf7
3a5133382fa336914ee6b680c32b17b20844bcfd173579efac78f7da068c357a
40b3af04477b0045fcdbbb40ced59b581c2f6fa7dd1ed7fe6ba01cb027e0b496
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4206af039e7960fca066549659b0620249bf8126af6b92d8fbb2e8b402aadfd9
420b7e3f863223a316cf5820ae944173bd2e3a95f37c90f48474c3ab992c4884
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
45ac18a90ddb596418d1c2923721deca2db30de93e334b2deca6fc81908934d8
45f370ac4d4ab5b9a5ba89386c45f16f5bc4496a1ba1c18383017516915c2cbf
4890e3b411e79a5b84540077fabb262eee8f9d2c97598468fabe5b8805949420
48f866c7ce9aaee05f35cfd236581214836ee556c7476676cf87d07ca073f057
5244e8be9b318067ed3230ec95fea683afc4485741a3dc4a962d18a2a23f7437
537fee9a5fabe6486570cedf8bcb5fcc59ccd4ef53af072331ed003c9cdd214e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
5bd8503c220089cd023a4a38de0bab5e3fc81dc1ae7374259fb5c7e9d69aa072
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5df7be00fc6004e7cb398488ad628bbea14bfa2865273c0742913ce148642add
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
65186957eea3ea0576efd2c477fca75f361af9ef4e45d768649f46f78a90216c
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6e7cc7587a42115c6e260064b5e98ea8c05d7ca0771a100a9c33def45c19455c
74aaef1204f59243f3a06f5cf46e86553fedbff4a69902b16ade5b2801cff8e4
74bfd0a62bd381f8dd534a59be4878439c7a83e824b0d641246c1b48ec4bd2d0
7717d420e97c5ae2553d13e782da4b028f37b658e41bd3a25a88ac73dbde3724
79910291198b6fd4cdca7cf29351231f22e0eef0dc5df4010ea3116bbe8ddc52
7b0a1dd5b344c8dcc3c07949b2738a63c5185c5858586d1233ccf3bc6729de7d
7b8c79dda03501f7feed06c95929cc5692823d494470f5a6b79d9d74f6411ed0
7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
863cd627100911ea6e5cad889ad7f10a6c6d4644141e5579a5d71396afc3f63b
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
8cede350cb533674628a88894cc8d81dd9356233826c1665f57c472105eba2de
8f867907a98951ee0e779cfa7cd4bb0827808311273ed401ff9e04165c9a64d2
8fe90cb8e6f8450b664ba138c26dad01a3ce500a5d6d855af04faf74dfd0c88c
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ac7ac7bacbca78bc5228c6e90128d43510dd34c7af72ca475d0cc2c1254cc20
9e3bdda93db6a3f7c7f7192e96bb428288e66ab456fa6711f34d2ab07596cc15
a05d19687c9a110cd2cd39e162c4cc86288ca23a6aa154232e51cf0789f51768
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3c314ab510a7539bec429eb83792c4d6109ab8e6c0c236b56075a1492edae78
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad33d9c66e91f0e20f1041ed4e43e097a00a2bede954f160cf4d88be08965238
afdd29778a35ecf1638fc1c8bee1d4f7843d437d01b5db08cdf364da6b0edeaf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a3a03ccd627c190ce0e07fdce6f6414f195c52f9ff5b6f55e3538cc24feaf1
b541d631712bc34f7472aabf9cdeaf0fcb2257fd2436ffced1530f5d4f5a0383
bcf558a96982b64680a41d4eaa1ac7462e87814cb9149d5e55d089ea40fba8a9
bf58246fa71ff52213ed0fdc3a84093487d9255f8d986535af1c4bd6f7b21572
c1fdb97380bfe4a6e53bb7278417665cfc2a584e0bef7cc48ccd5709382242e9
c29c9903f522a7ffec7e3b335ab3fdfdd1de0c1af0486ee3a84b766bfb708a76
c8a78225734a6353e1d817d85f4650995f9a9a450ede979cf6463ceffe554280
ca4cef801e43a5c76e4cb708568d3daaa1e41233828d754d6eac014f57b9714d
ca7402c1660866d4468ab7fa606540fc16ae5eb2275f3b53021e8b86db095159
d4c965fa3329caa5f86d9cadbc9930fd571790eb886d33b95d85b56c801246c9
d63a5eeb77702abf764cb0f53cdfe5a4462fdb307f54906ade644ebe7d208535
df367ed8b3641ef4b92941b3ea4b4fff9d91a77531f2cd524cb61b3efa3c9ffd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3df8f6301fbb9501f35893cf5769eb4424efc52f0191b0f1d7120188f203df5
e625e6be7d39acf112e6a03e488b8880ea6a785b785f1e2f5fdd361cbed348c8
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3eedd0f92b4973dd6bdd28021a1c0f55c3d01ad9ec77fc6919a2abd4a82a8b
f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17
f679a07c6fe2d964735e118fd1f845e027312325767bb0f089e71eb0bffa3c16
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.netscout.com Open in urlscan Pro 2606:4700::6811:2b40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

117 Requests

89 %HTTPS

36 %IPv6

34 Domains

51 Subdomains

43 IPs

7 Countries

3663 kBTransfer

10353 kBSize

0 Cookies

12 Outgoing links

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.netscout.com Open in urlscan Pro
2606:4700::6811:2b40 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

89 %
HTTPS

36 %
IPv6

34
Domains

51
Subdomains

43
IPs

7
Countries

3663 kB
Transfer

10353 kB
Size

0
Cookies

117 HTTP transactions
0 data transactions