URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Submission: On November 23 via api from TR — Scanned from DE

Summary

This website contacted 47 IPs in 5 countries across 39 domains to perform 211 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reliaquest.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on May 16th 2023. Valid for: a year.
This is the only time www.reliaquest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
26 141.193.213.20 209242 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2600:9000:206... 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
26 95.101.111.184 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a02:26f0:780... 20940 (AKAMAI-ASN1)
2 104.102.38.132 16625 (AKAMAI-AS)
1 2600:9000:236... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.111.208.231 396982 (GOOGLE-CL...)
2 52.4.186.222 14618 (AMAZON-AES)
1 192.28.144.124 15224 (OMNITURE)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2a02:26f0:e60... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 18.66.97.37 16509 (AMAZON-02)
69 18.245.86.87 16509 (AMAZON-02)
1 18.66.96.113 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
1 13.32.27.86 16509 (AMAZON-02)
2 52.32.164.86 16509 (AMAZON-02)
3 104.18.37.212 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 3 185.89.210.82 29990 (ASN-APPNEX)
1 2600:9000:211... 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.32.27.19 16509 (AMAZON-02)
1 151.101.193.140 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
2 18.193.0.24 16509 (AMAZON-02)
1 54.220.79.217 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
1 52.2.109.32 14618 (AMAZON-AES)
2 44.226.187.177 16509 (AMAZON-02)
1 34.205.13.79 14618 (AMAZON-AES)
2 54.203.236.163 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 34.252.177.198 16509 (AMAZON-02)
1 35.71.131.137 16509 (AMAZON-02)
12 34.193.113.164 14618 (AMAZON-AES)
1 2a04:4e42:8e:... 54113 (FASTLY)
211 47
Apex Domain
Subdomains
Transfer
69 driftt.com
js.driftt.com — Cisco Umbrella Rank: 5586
850 KB
28 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5465
c.6sc.co — Cisco Umbrella Rank: 8564
ipv6.6sc.co — Cisco Umbrella Rank: 5738
b.6sc.co — Cisco Umbrella Rank: 3759
33 KB
26 reliaquest.com
www.reliaquest.com
1 MB
12 drift.com
bootstrap.api.drift.com — Cisco Umbrella Rank: 6353
metrics.api.drift.com — Cisco Umbrella Rank: 6159
event.api.drift.com — Cisco Umbrella Rank: 6883
targeting.api.drift.com — Cisco Umbrella Rank: 6497
flow.api.drift.com — Cisco Umbrella Rank: 10928
13 KB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
288 KB
5 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4272
ws-assets.zoominfo.com — Cisco Umbrella Rank: 15113
28 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 377
www.linkedin.com — Cisco Umbrella Rank: 629
px4.ads.linkedin.com — Cisco Umbrella Rank: 6003
5 KB
4 contanuity.com
intentstream.contanuity.com — Cisco Umbrella Rank: 92211
tracking.contanuity.com — Cisco Umbrella Rank: 21479
1022 B
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
62 KB
3 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3040
www.google.com — Cisco Umbrella Rank: 2
718 B
3 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
2 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 9225
3 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 366
14 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 24529
ibc-flow.techtarget.com — Cisco Umbrella Rank: 22103
2 KB
3 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 9850
scout.salesloft.com — Cisco Umbrella Rank: 12484
4 KB
3 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3744
11 KB
3 addtoany.com
static.addtoany.com — Cisco Umbrella Rank: 3931
28 KB
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 573
1 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 9302
648 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
407 B
2 demandscience.com
abm-tracking.demandscience.com — Cisco Umbrella Rank: 83453
3 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 885
heapanalytics.com — Cisco Umbrella Rank: 790
37 KB
2 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1610
insight.adsrvr.org — Cisco Umbrella Rank: 584
3 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 727
script.hotjar.com — Cisco Umbrella Rank: 901
62 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
195 KB
2 keywee.co
kdl.keywee.co — Cisco Umbrella Rank: 442788
cdn.keywee.co — Cisco Umbrella Rank: 16707
32 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3497
6 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 778
7 KB
1 imgix.net
driftt.imgix.net — Cisco Umbrella Rank: 14566
13 KB
1 anyword.com
co-events.anyword.com — Cisco Umbrella Rank: 471906
294 B
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 6398
161 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1452
637 B
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 18105
235 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 14796
283 B
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1333
8 KB
1 mktoresp.com
438-kyk-786.mktoresp.com
318 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 762
30 KB
211 39
Domain Requested by
69 js.driftt.com www.reliaquest.com
js.driftt.com
26 www.reliaquest.com www.reliaquest.com
21 b.6sc.co www.reliaquest.com
6 cdnjs.cloudflare.com www.reliaquest.com
cdnjs.cloudflare.com
4 targeting.api.drift.com js.driftt.com
4 ws.zoominfo.com js.zi-scripts.com
ws-assets.zoominfo.com
4 cdn.jsdelivr.net www.reliaquest.com
abm-tracking.demandscience.com
3 secure.adnxs.com 2 redirects j.6sc.co
3 js.zi-scripts.com www.reliaquest.com
js.zi-scripts.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.reliaquest.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.reliaquest.com
3 c.6sc.co j.6sc.co
3 px.ads.linkedin.com 3 redirects
3 nexus.ensighten.com www.reliaquest.com
nexus.ensighten.com
3 static.addtoany.com www.reliaquest.com
static.addtoany.com
2 flow.api.drift.com js.driftt.com
2 event.api.drift.com js.driftt.com
2 metrics.api.drift.com js.driftt.com
2 bootstrap.api.drift.com js.driftt.com
2 match.prod.bidr.io 2 redirects
2 tracking.contanuity.com abm-tracking.demandscience.com
www.reliaquest.com
2 intentstream.contanuity.com abm-tracking.demandscience.com
2 epsilon.6sense.com j.6sc.co
2 www.google.de www.reliaquest.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 region1.analytics.google.com www.googletagmanager.com
2 abm-tracking.demandscience.com www.reliaquest.com
abm-tracking.demandscience.com
2 ipv6.6sc.co j.6sc.co
2 scout.salesloft.com scout-cdn.salesloft.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 www.googletagmanager.com www.reliaquest.com
www.googletagmanager.com
2 munchkin.marketo.net www.reliaquest.com
munchkin.marketo.net
2 snap.licdn.com www.reliaquest.com
snap.licdn.com
2 j.6sc.co www.reliaquest.com
www.googletagmanager.com
1 driftt.imgix.net
1 insight.adsrvr.org js.adsrvr.org
1 ws-assets.zoominfo.com js.zi-scripts.com
1 co-events.anyword.com www.reliaquest.com
1 heapanalytics.com www.reliaquest.com
1 cdn.keywee.co kdl.keywee.co
1 content.hotjar.io script.hotjar.com
1 www.google.com www.reliaquest.com
1 alb.reddit.com www.reliaquest.com
1 script.hotjar.com static.hotjar.com
1 attr.ml-api.io www.reliaquest.com
1 s.ml-attr.com 1 redirects
1 cdn.heapanalytics.com www.reliaquest.com
1 www.redditstatic.com www.reliaquest.com
1 js.adsrvr.org www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 px4.ads.linkedin.com www.reliaquest.com
1 www.linkedin.com 1 redirects
1 438-kyk-786.mktoresp.com munchkin.marketo.net
1 trk.techtarget.com www.reliaquest.com
1 kdl.keywee.co www.reliaquest.com
1 scout-cdn.salesloft.com www.reliaquest.com
1 code.jquery.com www.reliaquest.com
211 57
Subject Issuer Validity Valid
*.reliaquest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-05-16 -
2024-06-15
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
static.addtoany.com
E1
2023-10-29 -
2024-01-27
3 months crt.sh
nexus.ensighten.com
Amazon RSA 2048 M02
2023-09-29 -
2024-10-27
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
6sc.co
R3
2023-11-03 -
2024-02-01
3 months crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA
2023-03-20 -
2024-04-18
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-02-06 -
2024-02-05
a year crt.sh
*.keywee.co
Amazon RSA 2048 M02
2023-03-04 -
2024-04-01
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
ibc-flow.techtarget.com
GTS CA 1D4
2023-11-17 -
2024-02-15
3 months crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-07 -
2024-10-07
a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01
2023-10-24 -
2024-04-21
6 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01
2023-03-09 -
2024-04-06
a year crt.sh
drift.com
Amazon RSA 2048 M02
2023-08-15 -
2024-09-11
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-08-25 -
2024-02-21
6 months crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01
2023-06-29 -
2024-07-27
a year crt.sh
abm-tracking.demandscience.com
R3
2023-10-18 -
2024-01-16
3 months crt.sh
zi-scripts.com
GTS CA 1P5
2023-10-04 -
2024-01-02
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
www.google.de
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2023-09-01 -
2024-02-28
6 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
www.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.6sense.com
Amazon RSA 2048 M01
2023-05-01 -
2024-05-29
a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M02
2023-03-02 -
2024-03-30
a year crt.sh
*.anyword.com
Amazon RSA 2048 M01
2023-06-05 -
2024-07-03
a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02
2023-11-09 -
2024-12-08
a year crt.sh
intentstream.contanuity.com
R3
2023-11-17 -
2024-02-15
3 months crt.sh
tracking.contanuity.com
R3
2023-11-15 -
2024-02-13
3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3
2023-04-04 -
2024-04-03
a year crt.sh
*.imgix.com
GlobalSign Atlas R3 DV TLS CA 2023 Q1
2023-03-05 -
2024-04-05
a year crt.sh

This page contains 5 frames:

Primary Page: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Frame ID: 2AD278E46A3C51CDC630332F3C06E5AF
Requests: 123 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: DBC1C6FD133748A4CA2CE1675858F52C
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Frame ID: DFA755525269E1216DF2CA4C614E2523
Requests: 41 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Frame ID: F396DAD9337A07D940E5B44C4C41554C
Requests: 36 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=e1vlmxc&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&upid=nzz4w81&upv=1.1.0
Frame ID: BBC56CBA7E3AC57E3B60EBD3A4FC4D37
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Scattered Spider Attack Analysis - ReliaQuest

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • addtoany\.com/menu/page\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Overall confidence: 100%
Detected patterns
  • /fingerprintjs@(\d)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

211
Requests

98 %
HTTPS

47 %
IPv6

39
Domains

57
Subdomains

47
IPs

5
Countries

2810 kB
Transfer

7608 kB
Size

46
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1700705523375%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252Fblog%252Fscattered-spider-attack-analysis-account-compromise%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJa68-jRYWCCwAAAYv58tnJyKjFBixylHBo2r10PYczcFE9aafpCkZu02dxEZ071ElD-AA
Request Chain 67
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2515579476547859158
Request Chain 122
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473&_bee_ppp=1 HTTP 303
  • https://tracking.contanuity.com/usersync?bwcookie=AADaLU7KvWoAABYBgo-8cg

211 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
151 KB
33 KB
Document
General
Full URL
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
572782099de62f3196709e45697c8d260da564cc336cd813214746dae6807ce9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.reliaquest.com/
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82a5e28a293f58f0-TXL
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 23 Nov 2023 02:12:02 GMT
last-modified
Tue, 21 Nov 2023 17:25:45 GMT
server
cloudflare
strict-transport-security
max-age=63072000
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 6
x-cache-group
normal
x-cacheable
SHORT
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://www.reliaquest.com/
x-powered-by
WP Engine
x-xss-protection
1; mode=block
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/
100 KB
19 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
858846
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
18778
last-modified
Wed, 02 Aug 2023 21:01:56 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64cac444-495a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIEbmSCxfIlbgm4pw2MXG3e77qBun%2Fg%2FOznTxTwQ8dPqrIRv0NaC%2BR2RtE6%2BUuI%2FiRJFytGPN6QE%2BH7K7Yb%2BkqhekKzPcTCBfie%2BWyi1GMAG3tX%2BJw1gUfFW9yr6akF9KVw6eJ7IWdS8Dr%2BWKD%2Bu9b0L"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28e48863a96-FRA
expires
Tue, 12 Nov 2024 02:12:02 GMT
gsap.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/
69 KB
25 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1034266
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
25150
last-modified
Tue, 04 Oct 2022 19:36:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"633c8b2b-623e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ElYxt9LFFYbRxjAg8PalC2dMz6IKe%2FAVb7AHENneNXg8g8RDlWl6Ow7aVL85opDA5r6BkmQYBvxMkWURpuUYSbjCUFdIwE3QyDVJB1W%2BBh88oRqV9T14WaNwrW%2BvgNBkzr0arMWZyBqLeDAuARSlO2HW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28e4cd13a66-FRA
expires
Tue, 12 Nov 2024 02:12:02 GMT
ScrollTrigger.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/
39 KB
15 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollTrigger.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
781226
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14847
last-modified
Tue, 04 Oct 2022 19:36:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"633c8b2b-39ff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6rm1KGaQL2K5YNPZ8pTQ7UjTWxv15kribc%2FoYqPbo03bU8MhYKO1Vcg0Ywx%2BBB%2FnPt9WRW55e6yhOqKM2snIbImORdbqoJ2qtoOrDvHC1SVcKJLHl8NoTPMQ0jqrTCI8B00Blak%2FgtN8ea9eaQfAVs9s"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28e4cd33a66-FRA
expires
Tue, 12 Nov 2024 02:12:02 GMT
select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/
16 KB
3 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1210742
x-jsd-version
4.1.0-rc.0
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230133-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gr0mktfQMthmK67Yxla0MWCr16lC6AA16kRncCYGSepHi7Z9io2Zhcu5mJxXCbUi9UVpK7sjKXXBVwnMYiebbHAn2Ovg%2FcnrE1y52XDR5Vol6qqp%2BzaqgSTGZOP9sIW5bq61QKNEduzZ4TpwxhM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
82a5e28e59b51c40-FRA
select2.min.js
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/
71 KB
20 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
781374
x-jsd-version
4.1.0-rc.0
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230139-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rviEN4bWyGRB2sWWEB8eeA60zj1gR7O8hEIohfbKn1L2nc6u8ZYUMWrJ%2FYrOSYdbk%2BstQEBssj8b2t2QBIj9b9VEnPKIv9SDBo3Utgce0P7K9OsLNcApWB57WVtJZWvZwTc1Wkz4eSjjgKPVE3Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
82a5e28f0a181c40-FRA
head-d278978580b345f75ba6e206c267ee19269416bd.css
www.reliaquest.com/wp-content/cache/asset-cleanup/css/
368 KB
63 KB
Stylesheet
General
Full URL
https://www.reliaquest.com/wp-content/cache/asset-cleanup/css/head-d278978580b345f75ba6e206c267ee19269416bd.css
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cbcfd31bccdc3dea87f1358af13310043a3592f124d306f60071fcd7dd2ea58
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 24 Oct 2023 14:04:53 GMT
server
cloudflare
etag
W/"6537cf05-5bfb4"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28dbcd658f0-TXL
page.js
static.addtoany.com/menu/
3 KB
2 KB
Script
General
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
042a9121e1c7bcdc3bfc48ed5e23b8dd1f64f375ef5872a5984e5d5096444702
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4528
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"03396a6543cd35a0e73d2b4de150841b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zr0SaMk503QD%2B7%2BQ6VrNPSz2HulYHy8SH1WRTl01Od%2FxgNYO9HUDzJHU%2FIP%2FDo7HPW4X9ePG%2FPWKSqzT0oTptq2GDsPx%2Fox4SFDx%2BJZ6P%2FacCNEiCo5HtGO%2B61TctGB%2BcFbOA4db"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, stale-while-revalidate=30, public
cf-ray
82a5e28fb8d53a80-FRA
jquery.min.js
www.reliaquest.com/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://www.reliaquest.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 09 Nov 2023 15:40:22 GMT
server
cloudflare
etag
W/"654cfd66-15601"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28dbcd958f0-TXL
addtoany.min.js
www.reliaquest.com/wp-content/plugins/add-to-any/
129 B
307 B
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:56 GMT
server
cloudflare
etag
W/"63dd5c7c-81"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1df758d8-TXL
head-f919b30a61829f207acbc22d60c770f68bebe9a0.js
www.reliaquest.com/wp-content/cache/asset-cleanup/js/
27 KB
11 KB
Script
General
Full URL
https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/head-f919b30a61829f207acbc22d60c770f68bebe9a0.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0593ed190f27b0cc16e3b06396d4556c8faf0b0f6a4b8f1316a6a344780d3e16
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
20036
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 24 Oct 2023 14:04:53 GMT
server
cloudflare
etag
W/"6537cf05-6b96"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1dfa58d8-TXL
Bootstrap.js
nexus.ensighten.com/choozle/15024/
28 KB
9 KB
Script
General
Full URL
https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:b000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9b9971d96411c9db199cb76e0e3ba2973a1992524321435dacd754e96ac9dace

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 28 Oct 2023 15:01:29 GMT
x-amz-version-id
IJXqJsiAmnn3dYEBr3SaqCBrdkDwMMaF
content-encoding
br
via
1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
2200234
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 28 Oct 2023 15:00:20 GMT
server
CloudFront
etag
W/"acf96a761753df6a9a8c06f5b3165a06"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
x-amz-cf-id
TYy9Fmmi2UJm_6aKowfI0gfyFBQKwRILPBqBgU6cYnaSMOa1psGj8A==
jquery-3.6.0.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://www.reliaquest.com/
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
102906
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-sof1510022-SOF
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1700705523.970276,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
23, 115694
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/
98 KB
17 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1028092
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
17041
last-modified
Tue, 22 Mar 2022 17:32:26 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"623a082a-4291"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIwGVDOp60sOi%2FMQGS6icKum%2Fb4qS%2B1ar39FF6DeFn4DZG7JsKKJApb4LC8ue70WTBjQexpy6xvadRExKpNLRwl4B%2F52WBJmcgqgsg4UyT2zZkhf1abBmHFblTtVbJfXrWnSwkF3zBac2O65rRleWhcd"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28e48893a96-FRA
expires
Tue, 12 Nov 2024 02:12:02 GMT
logo.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
6 KB
3 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2298d58f76f75135d021b0f1aa558defa9e66a1cc384b3eedde0f0904fa72def
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:50 GMT
server
cloudflare
etag
W/"63dd5c76-1768"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1dfc58d8-TXL
logo-dark.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
6 KB
3 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/logo-dark.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc46e11ef889c4607d9befe335305d246d312cb0cda290d3beb75a722d417979
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 28 Apr 2023 16:56:25 GMT
server
cloudflare
etag
W/"644bfab9-177e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1dfd58d8-TXL
nav-collapse-decor.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
2 KB
757 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/nav-collapse-decor.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
90cd085fb1b820cab7d04a52702a189d2a3cf9ffbcf1ef3b354283d65d7fa24a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:50 GMT
server
cloudflare
etag
W/"63dd5c76-760"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28dbcdb58f0-TXL
lazy_placeholder.gif
www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/
42 B
203 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:02 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41271
cf-polished
status=not_needed
alt-svc
h3=":443"; ma=86400
content-length
42
x-xss-protection
1; mode=block
cf-bgj
imgq:100,h2pri
last-modified
Fri, 01 Sep 2023 19:24:58 GMT
server
cloudflare
etag
"64f23a8a-2a"
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a5e28dbcda58f0-TXL
Ransomware-Ecosystem-Slide-Black-1.svg
www.reliaquest.com/wp-content/uploads/2023/11/
1 MB
580 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/uploads/2023/11/Ransomware-Ecosystem-Slide-Black-1.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
19f4419755907a00ca2f0952d00451ffe8445bd92ec3828cbc54b8feeae4efd0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 21 Nov 2023 20:35:06 GMT
server
cloudflare
etag
W/"655d147a-1748dc"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1dfe58d8-TXL
decor-48.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
1 KB
612 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/decor-48.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9ac6a85192d4c1dc3c4de260e5b642cd81f352b554f1c5ce69bc15ee8ec64b1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 15 Feb 2023 18:20:41 GMT
server
cloudflare
etag
W/"63ed2279-5b5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0058d8-TXL
decor-cta.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
2 KB
900 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/decor-cta.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
572f5c7956c6df267d7a9725e35602fb2b414dd5c48e53512468e627f0ef3a3c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41272
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 15 Feb 2023 18:20:41 GMT
server
cloudflare
etag
W/"63ed2279-9f8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0258d8-TXL
facebook.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
1 KB
771 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/facebook.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41272
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 25 Jul 2023 20:42:44 GMT
server
cloudflare
etag
W/"64c033c4-407"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0358d8-TXL
twitter.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
1 KB
857 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/twitter.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41272
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 20 Sep 2023 19:58:43 GMT
server
cloudflare
etag
W/"650b4ef3-50e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0558d8-TXL
linkedin.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
1 KB
842 B
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/linkedin.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41272
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 25 Jul 2023 20:42:44 GMT
server
cloudflare
etag
W/"64c033c4-4e4"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0658d8-TXL
link.svg
www.reliaquest.com/wp-content/themes/t220908406929/dist/images/
2 KB
1 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/images/link.svg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
41272
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 25 Jul 2023 20:42:44 GMT
server
cloudflare
etag
W/"64c033c4-913"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0758d8-TXL
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/
79 KB
24 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1099851
x-jsd-version
5.2.2
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230077-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rDXFhlBfeKe23NBQQ4d9aJIHHriKpXmv3azr3YHDL9L7pyhmPKs3pSj1VClSIgttkro%2FZxnVms8CUSO%2FzQc4T%2BxKSmIy752ILUqHNtfIIhCX4VnZZaaHTp%2Bsox8ah32Jq9qnBv4jEbf4t8GektY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
82a5e28efaae5d92-FRA
body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
www.reliaquest.com/wp-content/cache/asset-cleanup/js/
243 KB
71 KB
Script
General
Full URL
https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad1c6e95efa77267962adc1e96167f6c2aefe9edba8e4b880569dcc6b834edc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
20036
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 24 Oct 2023 14:04:53 GMT
server
cloudflare
etag
W/"6537cf05-3cd5e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e28f1e0858d8-TXL
6si.min.js
j.6sc.co/
63 KB
17 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8c2b5a2945535269c1cefe505e56b663f26b3d322d35ab4fa835a24c543226dc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Nov 2023 22:43:30 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"65554992-fd89"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
17416
expires
Thu, 23 Nov 2023 02:12:03 GMT
sl.js
scout-cdn.salesloft.com/
6 KB
3 KB
Script
General
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-request-id
X4K1B5X1M2VQWZAF
age
4507
alt-svc
h3=":443"; ma=86400
x-amz-id-2
fJyHPAer1WXQD3SoK4/k2Qk9bfoWWUqdMge1L9i0vI3NcDQZ+KroeBculbBkyCpyzMunAXNH/4U=
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
cloudflare
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
82a5e2900c3b65b4-FRA
expires
Thu, 23 Nov 2023 06:12:03 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
12 KB
4 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f88f89a0cead9c36ddbe19508f32f64bd91e94e92b6006dd575e8d0deb317d7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Nov 2023 09:07:27 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=42183
accept-ranges
bytes
content-length
3840
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-38-132.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 23 Nov 2023 02:12:03 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
serverComponent.php
nexus.ensighten.com/choozle/15024/
286 B
618 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/15024/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/15024/code/&publishedOn=Sat%20Oct%2028%2015:00:11%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:b000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3df370ec15e0de0d6eda240873c09da096d6e37ca2984ff2ddb7a5603fa71d4a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
via
1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
alt-svc
h3=":443"; ma=86400
content-length
286
x-amz-cf-id
Ttz8BP5B86nYL3HkVP-jxqh0WRgIX-n4Jq8-4YDfgvstX_OKGXivjA==
expires
Thu, 23 Nov 2023 02:12:02 GMT
_blog_scattered-spider-attack-analysis-account-compromise_.js
kdl.keywee.co/www.reliaquest.com/
2 KB
2 KB
Script
General
Full URL
https://kdl.keywee.co/www.reliaquest.com/_blog_scattered-spider-attack-analysis-account-compromise_.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:6600:1b:8908:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fa129022a2c6b9211fba781a2b04119fa8b920a06dcfc71368415748f77dc2d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
Uu74otiKqujPmJdxtEpMFHgGtQjAAKPp
date
Thu, 23 Nov 2023 02:12:04 GMT
via
1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
last-modified
Mon, 25 Oct 2021 08:39:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
etag
"4132c91c9d0daf1e84bdfc152c1df9af"
vary
Accept-Encoding
x-cache
Error from cloudfront
cache-control
max-age=900
accept-ranges
bytes
content-length
2094
x-amz-cf-id
deXQ1mWxP7JyrMr3nHOxh932i6eQAJv4yFsG9yCpVAO9wpD1RGapfw==
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
68932
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
82a5e28fb8aa9b86-FRA
expires
Thu, 23 Nov 2023 02:32:03 GMT
gtm.js
www.googletagmanager.com/
294 KB
98 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fda2279514dad576fac0fe7a591e2aaea6002bf01109bf2986c0302591841e6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100313
x-xss-protection
0
last-modified
Thu, 23 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 23 Nov 2023 02:12:03 GMT
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
icomoon.ttf
www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/
4 KB
5 KB
Font
General
Full URL
https://www.reliaquest.com/wp-content/themes/t220908406929/dist/fonts/icomoon.ttf?5zkpkv
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/css/head-d278978580b345f75ba6e206c267ee19269416bd.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.reliaquest.com/wp-content/cache/asset-cleanup/css/head-d278978580b345f75ba6e206c267ee19269416bd.css
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
content-length
4592
x-xss-protection
1; mode=block
last-modified
Wed, 15 Feb 2023 18:20:41 GMT
server
cloudflare
etag
"63ed2279-11f0"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a5e28f2e1658d8-TXL
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/
103 KB
104 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70daede4992180887e7baf31fa369e0c9b23062af4e38c3d2590e012f157b827
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
110039
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
105536
last-modified
Tue, 22 Mar 2022 17:32:26 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"623a082a-19c40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n99i%2FkRST2ru8K43n%2B%2BpRDoJVW0gGpZiMVpuGj4h1ik7IPSBoL5DrHc779n62nMBtl45wE%2F01CcYtY5EclCabG7ivxfZTfRrjYqo5Xd%2BixV0aPBeY%2FutxNp27%2BGV8nXD%2FCNoo5qm7hwHm9dC19uYQ7N8"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28f39263a96-FRA
expires
Tue, 12 Nov 2024 02:12:03 GMT
d3d14424fac71699bdbff068d9b1184b.js
nexus.ensighten.com/choozle/15024/code/
2 KB
825 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/15024/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15024/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:206f:b000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 28 Oct 2023 15:01:31 GMT
x-amz-version-id
xy0TboscelqpDiztVyy6vWffI6grZ0by
content-encoding
br
via
1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
age
2200233
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 28 Oct 2023 15:00:24 GMT
server
CloudFront
etag
W/"e8e93310d35a9462151b8fdab5b436ce"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
JMxI_RT70ZkhBTHfrBdqKSkEQQpgDKSSFsi-u-JK8ylZmgmRluBurw==
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/
107 KB
108 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
009467e3cab331f459d75e1dbd0df7637e29cb623ff5766dc84b4cb77e8fe7d8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1806565
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
109808
last-modified
Wed, 02 Aug 2023 21:01:56 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64cac444-1acf0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7iKebsyfIasb0vcYAUC2XFk7rKxaVCJgsgOxI9YbyL9QJ07YjbiiwmYepd85FZAlnOVryuQCeSBPw7xURQjkku54y2FeeVizlFA0%2FbyCSjMzGYSjadYm0b22%2FJ68ZIKUn4otkyWJVHN%2Bvy%2FoW2igL3r"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82a5e28fd896039a-FRA
expires
Tue, 12 Nov 2024 02:12:03 GMT
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-38-132.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 23 Nov 2023 02:12:03 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Sat, 02 Mar 2024 02:12:03 GMT
sm.24.html
static.addtoany.com/menu/ Frame DBC1
677 B
722 B
Document
General
Full URL
https://static.addtoany.com/menu/sm.24.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
age
4847
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000, immutable
cf-cache-status
HIT
cf-ray
82a5e29019093a80-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 23 Nov 2023 02:12:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQpmVePE%2F1OO8G9kr%2B8d1AZRvXsHAClqnRLbDHpdmXr0bMxbVwzO2hYv5ZZTtFEYYv58C6tPnu0IPcgWNfz5CFNKKpSHl3DNI0WwdKbBAKBNoA%2FUewjy4DEibz2kINmobrJ%2F0v9y"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
core.11bfb520.js
static.addtoany.com/menu/modules/
70 KB
26 KB
Script
General
Full URL
https://static.addtoany.com/menu/modules/core.11bfb520.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77fd2e01fe7322b437084ad512b3c3df777ce7d092b975eb8b29ecb4fb612187
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
Origin
https://www.reliaquest.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"a34c5f06f67d42236ec124345ba1b81c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=165gTi0Du9Dv53SUvBgxuha%2BFJpI8Lk2ZC0eIGdlUWUZHKeya4IiQlJiHnXClDqXkJT8vjlTGr%2BVwDR9T3S4ocGqoLZMszk1%2BCoOL%2B9hocn2KsyYL0Lwm0ZWxSZzKNVTGScKiLDYLrFlnFZ9rsbSM2Zp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000, immutable
cf-ray
82a5e290ab321e14-FRA
insight.old.min.js
snap.licdn.com/li.lms-analytics/
8 KB
3 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 15 Oct 2023 08:32:45 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=84433
accept-ranges
bytes
content-length
3272
gif.gif
ibc-flow.techtarget.com/a/
43 B
455 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1700705523204&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
3089143
Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
via
1.1 google
x-guploader-uploadid
ABPtcPp45ibuTd93vtFu9QTthifzWtsqoRqJfcNJCENWcZWZYyhy_xCHOCGw0hgurpF7l2wV4thwc-S7sw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Thu, 23 Nov 2023 03:12:03 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=3089143&r=1700705523204&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 23 Nov 2023 02:12:03 GMT
expires
Thu, 23 Nov 2023 02:12:03 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ABPtcPqjLptppfUzqRbKuVAxMuCcXKVTDfU2yXh9RJN8a4ulTk00LpiOWJ_BHXHhgzkOT6fUuQA
r
scout.salesloft.com/
41 B
359 B
XHR
General
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDExMzd9.jbjhYTjr5EtKJiZNcg3fApVy8OrVLI90V1gxGsVoF9E
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.186.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-186-222.compute-1.amazonaws.com
Software
/
Resource Hash
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
ebcab276d7f9682eb397ea8d62ad9f4c
visitWebPage
438-kyk-786.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://438-kyk-786.mktoresp.com/webevents/visitWebPage?_mchNc=1700705523268&_mchCn=&_mchId=438-KYK-786&_mchTk=_mch-reliaquest.com-1700705523267-36576&_mchHo=www.reliaquest.com&_mchPo=&_mchRu=%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 23 Nov 2023 02:12:03 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
599ed620-1d08-4c9e-9b1f-8daa1a4f7248
asl-core.js
www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/
39 KB
11 KB
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/asl-core.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a759130737e704a439f7ff5343435b471664cc63c53bf209ad736ab172c77dff
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 26 Apr 2023 20:53:32 GMT
server
cloudflare
etag
W/"64498f4c-9b3a"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e290bf8058d8-TXL
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3664348%26time%3D1700705523375%26url%3Dhttps%253A%252F%252Fwww.reliaquest.com%252...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&l...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJa68-jRYWCCwAAAYv58tnJyKjFBixylHBo2r10PYczcFE9aafpCkZu02dxEZ071ElD-AA
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: C2DEBE935E404F30A80B67F56270A9AB Ref B: FRAEDGE1519 Ref C: 2023-11-23T02:12:04Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYKyFym4DWv8WTX/kgSBg==

Redirect headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 80F10398AD3D43E48EB0AEAD9F0D9573 Ref B: FRAEDGE1506 Ref C: 2023-11-23T02:12:04Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3664348&time=1700705523375&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJa68-jRYWCCwAAAYv58tnJyKjFBixylHBo2r10PYczcFE9aafpCkZu02dxEZ071ElD-AA
x-li-proto
http/2
content-length
0
x-li-uuid
AAYKyFyioCYwHSdjl/Sw4g==
/
c.6sc.co/
7 B
195 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.reliaquest.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
19 B
311 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600::170f:b2eb Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.reliaquest.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:1338:92::5
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1700705523481_386904807_405981987_29_1133_49_110_219";dur=1
content-length
19
expires
Thu, 23 Nov 2023 02:12:03 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
avatar_user_250_1700594647-80x80.jpg
www.reliaquest.com/wp-content/uploads/2023/11/
2 KB
2 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/uploads/2023/11/avatar_user_250_1700594647-80x80.jpg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6803ac85fd513fcaece95b62a1ffcb9ca0d42174c7193b7ad1602a7a8520fb7f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
1773
x-xss-protection
1; mode=block
last-modified
Tue, 21 Nov 2023 20:35:06 GMT
server
cloudflare
etag
"655d147a-6ed"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a5e2914ff558d8-TXL
scattered-spider-blog-header-512x354@2x-512x354.png
www.reliaquest.com/wp-content/uploads/2023/11/
228 KB
228 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/uploads/2023/11/scattered-spider-blog-header-512x354@2x-512x354.png
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8206c532a6b1a9009fee29165b062b9ec1bb1215294d65a15ce44b9c87885f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
233652
x-xss-protection
1; mode=block
last-modified
Tue, 21 Nov 2023 21:41:50 GMT
server
cloudflare
etag
"655d241e-390b4"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a5e2914ff658d8-TXL
avatar_user_250_1700594647-60x60.jpg
www.reliaquest.com/wp-content/uploads/2023/11/
1 KB
1 KB
Image
General
Full URL
https://www.reliaquest.com/wp-content/uploads/2023/11/avatar_user_250_1700594647-60x60.jpg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4902b09c2efe89a68f7ccc24c9dfc1d4712e14393dd32c71c5085ab37daad9bf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
1317
x-xss-protection
1; mode=block
last-modified
Tue, 21 Nov 2023 20:35:06 GMT
server
cloudflare
etag
"655d147a-525"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a5e2914ff758d8-TXL
9d89db09-be43-47ea-ad23-917183e7e184.js
j.6sc.co/j/
4 KB
4 KB
Script
General
Full URL
https://j.6sc.co/j/9d89db09-be43-47ea-ad23-917183e7e184.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
sxJBNdZM0KwPO0ekiHjaqh_8uY4ftINC
date
Thu, 23 Nov 2023 02:12:03 GMT
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
4059
pragma
no-cache
last-modified
Thu, 22 Jun 2023 20:33:18 GMT
server
AmazonS3
etag
"b42798d5bff7ef62660f4db5bb3c6429"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
NyBg26nVP89xt9b85oWJp3xl0GAFhEB1OOo2pBdV437xonaN4gmdQw==
expires
Thu, 23 Nov 2023 02:12:03 GMT
js
www.googletagmanager.com/gtag/
306 KB
96 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
861150805fb175cca080335007c0581dc6db61634da88f160e8db8641a72f8b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98443
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 23 Nov 2023 02:12:03 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 23 Nov 2023 01:19:54 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
3129
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 23 Nov 2023 03:19:54 GMT
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 23 Nov 2023 02:12:03 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7DF986A786B140DB8F1912928DA0CD91 Ref B: FRA31EDGE0712 Ref C: 2023-11-23T02:12:03Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13187
hotjar-2441060.js
static.hotjar.com/c/
15 KB
5 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2441060.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-37.fra56.r.cloudfront.net
Software
/
Resource Hash
da58c26f3220a8577f0a2d402e63f58fda7c0e5f7d4bbf3abddc4c55e7bf8506
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/df32b6132ef21e60e0eb2fd8625602cf
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
8O169v8hh6rBSIWnz7EAGTxWbcTUsAoe9-RrMo8scCNTfSNsQQPWEw==
uvut6nv3vzk9.js
js.driftt.com/include/1700705700000/
218 KB
61 KB
Script
General
Full URL
https://js.driftt.com/include/1700705700000/uvut6nv3vzk9.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
84bf3385585c2a81cf961332af338f36d0fe2d2529a70cec26336a2a47945b2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-amz-version-id
yIhOen2RdQOLq1JuyYKlrWgmQDSDlLqr
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
29
last-modified
Tue, 21 Nov 2023 16:39:13 GMT
server
istio-envoy
etag
W/"e488aeb4315bae8793bb76f59967016d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
XympjSp8Te_PRv3coVJjYrJdeqVYM1aTbbGgkqeGOTKRrt-uFtcYEA==
up_loader.1.1.0.js
js.adsrvr.org/
5 KB
3 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPQTDR
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.96.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-96-113.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 02:56:46 GMT
Content-Encoding
gzip
Via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
Last-Modified
Mon, 20 Nov 2023 02:56:36 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P2
Age
83718
x-amz-server-side-encryption
AES256
ETag
W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
IEfqeHXZ8KZ7kzwjFzSNu9WpSJcNmxtMOB9gM9AS4LBbX6xV_W8ZaA==
pixel.js
www.redditstatic.com/ads/
23 KB
8 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Jun 2023 20:49:59 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
7409
heap-2502874633.js
cdn.heapanalytics.com/js/
114 KB
37 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/heap-2502874633.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-86.fra56.r.cloudfront.net
Software
nginx / Express
Resource Hash
6be2877e62b1e43a8ae3acb72b542f9bd45b340f995601a6148ba0689fb28b93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-encoding
br
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
FRA56-C2
x-powered-by
Express
etag
W/"1c869-N7xl1YnS2x26CJvjrERCd/LqJAU"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
spome04BmSxhxhNVqGQb5i2NdA5SvWug6vZFLZXwD4WP2C2JJm9AHA==
tag.js
abm-tracking.demandscience.com/
2 KB
2 KB
Script
General
Full URL
https://abm-tracking.demandscience.com/tag.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 23 Nov 2023 02:12:04 GMT
Last-Modified
Sat, 21 Oct 2023 14:04:17 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"82b-18b528d0cb8"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2091
zi-tag.js
js.zi-scripts.com/
8 KB
3 KB
Script
General
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15ebddd8f42a017abf38230bbefe743a7a4daeeeec69785baf43ce930d3de6ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-amz-version-id
d0fvXwBE1KKHAVrX57LqVGhiliHVZHvh
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Thu, 16 Nov 2023 09:35:17 GMT
server
cloudflare
via
1.1 21b99afa310f2ff34977f80506fb1672.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL52-C1
etag
W/"84c587b3edbc3a49ffac053ea2e2f6f6"
age
71794
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cf-ray
82a5e2931c766a77-TXL
x-amz-cf-id
pbrxLbJ1NZVUOYM0kpercDN_pmxvblPNqT5sRkp7lHoCrQte-1xglg==
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.reliaquest.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.reliaquest.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2515579476547859158
0
235 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2515579476547859158
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Server
2600:9000:211e:5000:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
via
1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-type
application/json
x-amz-cf-id
7IfPUH1l8AU02HyDyDmAGC5585NBF_W617Rty3PBRnwfDhWOXMOFpg==
content-length
0
apigw-requestid
O1E2QgyRoAMEVyQ=

Redirect headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
an-x-request-uuid
e3d4f305-d3dc-409e-98a9-94267ef20a26
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.reliaquest.com&pId=2515579476547859158
x-proxy-origin
80.255.7.101; 80.255.7.101; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
asl-results-vertical.js
www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/
1 KB
835 B
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/asl-results-vertical.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
45ae39b83ce75a8dbf0febf1e5b630fc54a713039ccfad6b46238212a1b858a9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:55 GMT
server
cloudflare
etag
W/"63dd5c7b-566"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e291883558d8-TXL
asl-ga.js
www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/
3 KB
1 KB
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/asl-ga.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b985f9368c2e5ff522d6ee979d37197bca61a8d463fd55f34afdf0c8183f6358
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:55 GMT
server
cloudflare
etag
W/"63dd5c7b-aba"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e291d8a358d8-TXL
collect
region1.analytics.google.com/g/
0
256 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je3b81v871663715z872282274&_p=1700705523035&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1861369662.1700705524&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1700705523&sct=1&seg=0&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&dt=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&en=page_view&_fv=1&_nsi=1&_ss=1&ep.debug_mode=true&tfd=1455
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
56 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-G6184BWDDN&cid=1861369662.1700705524&gtm=45je3b81v871663715z872282274&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-G6184BWDDN&cid=1861369662.1700705524&gtm=45je3b81v871663715z872282274&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=386722059
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A5%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
i
scout.salesloft.com/
48 B
466 B
XHR
General
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.186.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-186-222.compute-1.amazonaws.com
Software
/
Resource Hash
ea9f15ca498d7b2d725f99ac4c6df5bdfe55cefc931f2a5951fccb38060e437c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
aeb303b5cd06b92c575a0df0c320dc26
asl-autocomplete.js
www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/
2 KB
947 B
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/asl-autocomplete.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
358d031ae310f2f7949026440ade6a6e0d1bf52733503156366796bf2d401347
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:55 GMT
server
cloudflare
etag
W/"63dd5c7b-680"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e292c95c58d8-TXL
55562af4-b5f0-40d4-b417-322ff6461a9d
https://www.reliaquest.com/
43 B
0
Image
General
Full URL
blob:https://www.reliaquest.com/55562af4-b5f0-40d4-b417-322ff6461a9d
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
modules.c8594c199b647db49b88.js
script.hotjar.com/
226 KB
57 KB
Script
General
Full URL
https://script.hotjar.com/modules.c8594c199b647db49b88.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2441060.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-19.fra56.r.cloudfront.net
Software
/
Resource Hash
eb529572e8303d0a62213e86419c6f4b1e816b510b8655dd40453e95bdc3eab1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 16:50:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
33717
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
57336
last-modified
Wed, 22 Nov 2023 16:49:34 GMT
etag
"8c86dcfd87caa6e82d9cb454e84716ca"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
21mQsvUaQ9WADhmLfJLrjqZXwnykf3XOiKpmF9x7V0O-wamQ6pxJ5g==
collect
www.google-analytics.com/j/
4 B
211 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=529463147&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&ul=en-us&de=UTF-8&dt=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1338680233&gjid=903524043&cid=1861369662.1700705524&tid=UA-10904891-3&_gid=550263190.1700705524&_r=1&_slc=1&gtm=45He3b81n71NPQTDRv72282274&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1297568537
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
134470029.js
bat.bing.com/p/action/
0
117 B
Script
General
Full URL
https://bat.bing.com/p/action/134470029.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Thu, 23 Nov 2023 02:12:03 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7F549E1BE6B544A082D8D5819585C78F Ref B: FRA31EDGE0712 Ref C: 2023-11-23T02:12:03Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
286 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=134470029&tm=gtm002&Ver=2&mid=fc6a688e-70e3-4ba8-831a-a5913cde28a9&sid=b18f753089a511ee87922133de592e86&vid=b18fb25089a511ee831b7fb60157c873&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&p=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&r=&lt=1192&evt=pageLoad&sv=1&rn=828160
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 23 Nov 2023 02:12:03 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 474C16AABFFC491DB9391B8823AA18E7 Ref B: FRA31EDGE0712 Ref C: 2023-11-23T02:12:03Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
asl-load.js
www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/
71 B
285 B
Script
General
Full URL
https://www.reliaquest.com/wp-content/plugins/ajax-search-lite/js/min/plugin/optimized/asl-load.js
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/wp-content/cache/asset-cleanup/js/body-e6b90f7e3cd79a261bd62ff6afc95b64b83a12e5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1771aad88d0164b8f869d097851c94cc83d1a837f12fe8de39d0f309fe45f33c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
cf-cache-status
HIT
age
42821
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 03 Feb 2023 19:11:56 GMT
server
cloudflare
etag
W/"63dd5c7c-47"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a5e293098e58d8-TXL
collect
stats.g.doubleclick.net/j/
4 B
351 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-10904891-3&cid=1861369662.1700705524&jid=1338680233&gjid=903524043&_gid=550263190.1700705524&_u=YADAAEAAAAAAACAAI~&z=821574805
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
getSubscriptions
js.zi-scripts.com/unified/v1/master/
199 B
394 B
Fetch
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5aa10ef00f657844c54c87626901a73df92dedfe2526541d0215d59824491ecf

Request headers

Content-Type
application/json
Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer 28bfd1c1ea1670271003
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
visited_url
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
via
1.1 21b99afa310f2ff34977f80506fb1672.cloudfront.net (CloudFront)
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-amz-cf-pop
TXL52-C1
x-powered-by
Express
etag
W/"c7-fhdoDRLo/FDlKWRGlx1bAxFmbuc"
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cf-ray
82a5e296cda3267d-TXL
x-amz-cf-id
2xIj0pEMqxLRPKzn1TrfXDlMsScyiHyX4Il1leEVYfk6Tr8-vj0xDQ==
apigw-requestid
O1E2RjIyPHcEM5g=
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame
0
0
Preflight
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
access-control-max-age
0
apigw-requestid
O1E2MjsgvHcEMPQ=
cf-cache-status
DYNAMIC
cf-ray
82a5e293daec267d-TXL
date
Thu, 23 Nov 2023 02:12:04 GMT
server
cloudflare
vary
Access-Control-Request-Headers
via
1.1 21b99afa310f2ff34977f80506fb1672.cloudfront.net (CloudFront)
x-amz-cf-id
AxBwgiN-cxGQnGmBclJtvZKpq4y0XodPHPC3AKllpuVHcRTGE2mpRQ==
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
x-powered-by
Express
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1700705523773&id=t2_vref6ti7&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=522b3a6b-967b-4103-93ac-5ddd37a80f8b&aaid=&em=0000000000000000000000000000000000000000000000000000000000000000&external_id=6871144572570a76b42cd0909194f75b69c2dc968d5edc4bcfe96fb94dc65121&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
getuidj
secure.adnxs.com/
11 B
573 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
an-x-request-uuid
0ce1963e-fb46-48a3-b86f-fa41dcafc695
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
80.255.7.101; 80.255.7.101; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
47 B
236 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af334f860c47989361cfaa6bb8f2eaf6ddf7d36d58cbec8922d9109459fa7c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
47
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22cdfe02635f87832f7fb37442e2a57166%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22476%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22477%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%225f27aa2807b5216b6b87511c46db116091ad7f0c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22478%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22478%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22479%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22480%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22483%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22484%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%229d89db09-be43-47ea-ad23-917183e7e184%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22484%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22485%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22486%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=null&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22487%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
ga-audiences
www.google.com/ads/
42 B
408 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1861369662.1700705524&jid=1338680233&_u=YADAAEAAAAAAACAAI~&z=1003723133
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-10904891-3&cid=1861369662.1700705524&jid=1338680233&_u=YADAAEAAAAAAACAAI~&z=1003723133
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
c.6sc.co/
47 B
236 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af334f860c47989361cfaa6bb8f2eaf6ddf7d36d58cbec8922d9109459fa7c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:03 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
47
/
ipv6.6sc.co/
19 B
309 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600::170f:b2eb Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:03 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.reliaquest.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:1338:92::5
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1700705523899_386904807_405982006_17_812_48_0_219";dur=1
content-length
19
expires
Thu, 23 Nov 2023 02:12:03 GMT
details
epsilon.6sense.com/v3/company/
686 B
648 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.0.24 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-0-24.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fc16c6c9db9e1c68f7f587c2848b69dd910ec82f802509b9f347d432613bdf23

Request headers

EpsilonCookie
b8d01702c5d61300f3b45e65a8020000968e0f00
Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
Authorization
Token 5f27aa2807b5216b6b87511c46db116091ad7f0c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
X-6s-CustomID
WebTag 9d89db09-be43-47ea-ad23-917183e7e184

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
x-6si-region
eu-central-1a
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
362
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.0.24 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-0-24.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,epsiloncookie,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,epsiloncookie,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Thu, 23 Nov 2023 02:12:04 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
/
content.hotjar.io/
56 B
161 B
XHR
General
Full URL
https://content.hotjar.io/?gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.c8594c199b647db49b88.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.220.79.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-79-217.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3f6aeef4b1e9ab7c457793ecf90a44b8f35cab830369a32e726d33ecf82f300c

Request headers

Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 23 Nov 2023 02:12:04 GMT
content-length
56
vary
Origin
content-type
application/json
sp-2.10.2.js
cdn.keywee.co/dist/
96 KB
30 KB
Script
General
Full URL
https://cdn.keywee.co/dist/sp-2.10.2.js
Requested by
Host: kdl.keywee.co
URL: https://kdl.keywee.co/www.reliaquest.com/_blog_scattered-spider-attack-analysis-account-compromise_.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5000:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 00:22:30 GMT
content-encoding
gzip
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 06:03:58 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
1302574
etag
W/"69c0026af7f2b8f2eed23f2f5fc5c68f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=315360000
x-amz-cf-id
Gsx-OXKyE7FJJDh1xJoGGvB4hadwL4M5HU2f8uwnzedZtVTCal7y8A==
h
heapanalytics.com/
37 B
261 B
Image
General
Full URL
https://heapanalytics.com/h?a=2502874633&u=5955848137289336&v=5012506109694948&s=5419330675575072&b=web&tv=4.0&z=0&h=%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&d=www.reliaquest.com&t=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&ts=1700705524142&st=1700705524160
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.2.109.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-2-109-32.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=529463147&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&ul=en-us&de=UTF-8&dt=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=1861369662.1700705524&tid=UA-10904891-3&_gid=550263190.1700705524&gtm=45He3b81n71NPQTDRv72282274&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd1=&cd2=&cd3=&cd5=&cd7=&z=301192922
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 02:58:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
83631
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
site-visitors
intentstream.contanuity.com/api/ Frame
0
0
Preflight
General
Full URL
https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-226-187-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
x-pixel-auth
Access-Control-Request-Method
GET
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods
GET
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
access-control-max-age
86400
cache-control
no-cache
content-length
0
date
Thu, 23 Nov 2023 02:12:04 GMT
server
nginx
strict-transport-security
max-age=15724800; includeSubdomains
fp.min.js
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/
33 KB
15 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4031
x-jsd-version
3.4.2
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230066-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsRicDmeuM559YV0Ern8tWkdBcSW3KNOKh9TCRZ1rlcKJ6xkwhP2XBcIHy9DSTJ71vO9%2Fo89XtX5VNJ5IOwI9vrHRrTvfbiuvBF5k%2FCo6YP5joRq1l1OpgnLy64SXdhIFUTmmu2zAd3u1I6ewcA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
82a5e296a98b39d6-FRA
site-visitors
intentstream.contanuity.com/api/
2 B
260 B
Fetch
General
Full URL
https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-reliaquest
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-226-187-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
x-pixel-auth
true

Response headers

date
Thu, 23 Nov 2023 02:12:05 GMT
strict-transport-security
max-age=15724800; includeSubdomains
server
nginx
vary
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reliaquest.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
accept-ranges
bytes
content-length
2
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A03%20GMT%22%2C%22timeSpent%22%3A%221056%22%2C%22totalTimeSpent%22%3A%221056%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/
2 B
665 B
Script
General
Full URL
https://abm-tracking.demandscience.com/page-tracking/demandscience-reliaquest/https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F?visitorId=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473&&clientId=DS&&cookieEnabled=true
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Nov 2023 02:12:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length
2
Expires
-1
i
co-events.anyword.com/
43 B
294 B
Image
General
Full URL
https://co-events.anyword.com/i?stm=1700705524489&e=se&se_ca=klm&se_ac=view&se_va=10&tv=js-2.10.2&tna=cf&aid=2927&p=web&tz=Europe%2FBerlin&lang=en-US&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&eid=1fb41bca-07af-47b3-bd8c-70139a8bffdf&dtm=1700705524487&vp=1600x1200&ds=4000x14744&vid=1&sid=58037d78-a6c4-4bbd-8d03-c742c03c279e&duid=26992072-23bf-4751-8c28-000735c10657&fp=3099058815&url=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&cx=eyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy9jb250ZXh0cy9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6W3sic2NoZW1hIjoiaWdsdTpjby5rZXl3ZWUvY3VzdG9tX2tkbF9jb250ZXh0L2pzb25zY2hlbWEvMS0wLTIiLCJkYXRhIjp7InZhcmlhbnRzIjpbXSwiY2FtcGFpZ25faWQiOiIiLCJleF9pZHMiOltdLCJzdGF0dXMiOiJjbXBfbm90X2ZvdW5kIn19XX0
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.13.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-13-79.compute-1.amazonaws.com
Software
nginx/1.21.3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

status
200 OK
date
Thu, 23 Nov 2023 02:12:04 GMT
x-content-type-options
nosniff
content-type
image/gif
server
nginx/1.21.3
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
tracking
tracking.contanuity.com/
2 B
762 B
Script
General
Full URL
https://tracking.contanuity.com/tracking?visitorId=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473&&clientId=DS&&cookieEnabled=true
Requested by
Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Nov 2023 02:12:05 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length
2
Expires
-1
/
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.reliaquest.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82a5e29a9e054d52-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 23 Nov 2023 02:12:05 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
formcomplete.js
ws-assets.zoominfo.com/
86 KB
27 KB
Script
General
Full URL
https://ws-assets.zoominfo.com/formcomplete.js
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:04 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
age
2835
x-guploader-uploadid
ABPtcPpoErIfb3Ao75b0h1xnJ1JDnz8gM5jWaz7kW_s8qXU4QpRlnWZB7Yu_FcSwd7V5YeXgQ5Y
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 02 Nov 2023 11:05:05 GMT
server
cloudflare
etag
W/"bbabfd4493e8cf8aafea99a2f70825c0"
x-goog-hash
crc32c=4scEgA==, md5=u6v9RJPoz4qv6pmi9wglwA==
x-goog-generation
1698923105172059
content-type
application/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
87554
cf-ray
82a5e29a9e3d5b26-FRA
expires
Thu, 23 Nov 2023 02:24:49 GMT
/
ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/
47 B
371 B
Fetch
General
Full URL
https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

visited-url
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Referer
https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
_vtok
ODAuMjU1LjcuMTAx
_zitok
9320061da244b57b38601700705524
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/javascript

Response headers

date
Thu, 23 Nov 2023 02:12:05 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
access-control-allow-origin
https://www.reliaquest.com
access-control-allow-credentials
true
cf-ray
82a5e29c0a004d4f-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
content-length
47
alt-svc
h3=":443"; ma=86400
forms
ws.zoominfo.com/formcomplete-v2/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://www.reliaquest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin
https://www.reliaquest.com
allow
POST
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82a5e29b2e574d52-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 23 Nov 2023 02:12:05 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
forms
ws.zoominfo.com/formcomplete-v2/
1 KB
836 B
Fetch
General
Full URL
https://ws.zoominfo.com/formcomplete-v2/forms
Requested by
Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
44cc05657b3b4d888ed0c123999fa4e1eb40c8c90a18657abfbe8581c2512bb0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reliaquest.com/
accept-language
de-DE,de;q=0.9
Authorization
bearer 8ad2d798eb60be1b73f09dfc94ae0d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Nov 2023 02:12:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
etag
W/"4d8-AANf4JqcOkI6V97LV45UwzPmND4"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.reliaquest.com
access-control-allow-credentials
true
cf-ray
82a5e29e2c364d4f-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
alt-svc
h3=":443"; ma=86400
usersync
tracking.contanuity.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473
  • https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473&_bee_ppp=1
  • https://tracking.contanuity.com/usersync?bwcookie=AADaLU7KvWoAABYBgo-8cg
0
0
Script
General
Full URL
https://tracking.contanuity.com/usersync?bwcookie=AADaLU7KvWoAABYBgo-8cg
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
HTTP/1.1
Server
54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

location
https://tracking.contanuity.com/usersync?bwcookie=AADaLU7KvWoAABYBgo-8cg
Date
Thu, 23 Nov 2023 02:12:05 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A04%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222060%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Requested by
Host: www.reliaquest.com
URL: https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:05 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
core
js.driftt.com/ Frame DFA7
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1700705700000/uvut6nv3vzk9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3efdf09e51f3ec616ed534a682bb3db5eb060dd912e51adc58a9170089ea84e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.reliaquest.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 23 Nov 2023 02:12:05 GMT
etag
W/"49f8c71df632861cfd1a371879fe9e53"
last-modified
Tue, 21 Nov 2023 16:39:02 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-id
ntDLmCAqsSiOffG7QguBq4wlKCyPoQxEI_8yzaI9aMKuxUpu7D2Exw==
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
pULQhqLCuNOuCtO0ELAtN_o8rmZsdQ3t
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
12
chat
js.driftt.com/core/ Frame F396
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1700705700000/uvut6nv3vzk9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3efdf09e51f3ec616ed534a682bb3db5eb060dd912e51adc58a9170089ea84e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.reliaquest.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 23 Nov 2023 02:12:05 GMT
etag
W/"49f8c71df632861cfd1a371879fe9e53"
last-modified
Tue, 21 Nov 2023 16:39:02 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-id
vCx68AOXwr5-7C6oeoejE7uwU43IQcnH_2UTlMYR110f7MGaXA25xw==
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
pULQhqLCuNOuCtO0ELAtN_o8rmZsdQ3t
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
21
up
insight.adsrvr.org/track/ Frame BBC5
0
60 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=e1vlmxc&ref=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&upid=nzz4w81&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reliaquest.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Thu, 23 Nov 2023 02:12:06 GMT
server
Kestrel
runtime~main.f52bd0ba.js
js.driftt.com/core/assets/js/ Frame F396
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ac2be5f6d404a2cdeef5f6b792544790a88fe8098c9513b2bf0ca2b6363af7f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
0kSNKxKJZDtV6oeQ0vGh4IydP7Mz2M_0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
14
last-modified
Tue, 21 Nov 2023 16:21:44 GMT
server
istio-envoy
etag
W/"8f7f7df6e52f6244085b22dbc43178c8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
0sKpf1VRePPT9aF8az679EJbrDl_mbtHZw1z845QrcOmf4V4Q6UJOQ==
9.4a3e9801.chunk.js
js.driftt.com/core/assets/js/ Frame F396
35 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 21 Jul 2023 01:18:07 GMT
x-amz-version-id
q5pTVpOtKy3mkc3tgJvo47OHqvdilate
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10803237
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 20 Jul 2023 18:22:11 GMT
server
istio-envoy
etag
W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
gQkbsdwMNjLXNx8HjRoWocVisM79jRSE-e1Fc9d94aQlWfB5cJa4Tw==
main~493df0b3.d2a43907.chunk.js
js.driftt.com/core/assets/js/ Frame F396
7 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
OTiYyuMgyycXvMHseM5MN77RPTRQczpn
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507111
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
31
last-modified
Mon, 18 Sep 2023 19:58:07 GMT
server
istio-envoy
etag
W/"e094b276ad2035c3a46871991c258c2d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
fXpxZ9cnAZ4Zwu4-GUXnqterVNkI8t63k_atjld1Z4_fSnvbwtvntQ==
runtime~main.f52bd0ba.js
js.driftt.com/core/assets/js/ Frame DFA7
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ac2be5f6d404a2cdeef5f6b792544790a88fe8098c9513b2bf0ca2b6363af7f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
0kSNKxKJZDtV6oeQ0vGh4IydP7Mz2M_0
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
14
last-modified
Tue, 21 Nov 2023 16:21:44 GMT
server
istio-envoy
etag
W/"8f7f7df6e52f6244085b22dbc43178c8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
T2e2ts2qvkHRkWQy5keuU9fOajwuiLFABo6kqIS5Q8EOM_6Jbzhu-Q==
9.4a3e9801.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
35 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 21 Jul 2023 01:18:07 GMT
x-amz-version-id
q5pTVpOtKy3mkc3tgJvo47OHqvdilate
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10803237
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 20 Jul 2023 18:22:11 GMT
server
istio-envoy
etag
W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EBonueqyha2DotqwSTuXCgi57ewcdNuc_s4gJYTMc9Tub4B0GipViA==
main~493df0b3.d2a43907.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
7 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
OTiYyuMgyycXvMHseM5MN77RPTRQczpn
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507111
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
31
last-modified
Mon, 18 Sep 2023 19:58:07 GMT
server
istio-envoy
etag
W/"e094b276ad2035c3a46871991c258c2d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3xrhmEz3-RZqLpREwWo6Ur0ROV1rBcWsxqxMAtl58zWYCkqHqASUnw==
51.558be3c5.chunk.js
js.driftt.com/core/assets/js/ Frame F396
23 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 02:52:29 GMT
x-amz-version-id
Esj.HZA_tbw6gqPOdguyiXaCinsX9owN
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5181577
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"fa281fcbe4b2e35558d60fae3e316367"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
eN9lMVB-ZzzfK4gdko7NhJQN4dqG4jzQTt59-qeR9LqZGbt6ML7Z8Q==
35.d0f1ccda.chunk.js
js.driftt.com/core/assets/js/ Frame F396
36 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 01:19:18 GMT
x-amz-version-id
28EWWIrfyXnbH9o_fCp_ZuBJ9aAwW8z2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5532768
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
33
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"46fa5a7bc37a22544a908e4ad950309c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
m6g1qfQ0G8YUneQXknxrNu3mLF_EiEaPwf7V_A5bRT3qrpzdCoL7VQ==
22.6b9a301a.chunk.js
js.driftt.com/core/assets/js/ Frame F396
32 KB
11 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 04:06:06 GMT
x-amz-version-id
QdsA1eP5upj.c59gGRUMZlWh3VaRO3QX
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5177160
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Fri, 22 Sep 2023 19:55:10 GMT
server
istio-envoy
etag
W/"d8739a9fe9a3a42936f5cd86c8727494"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pvrtqJ_hJtwNTzbQeXSVWu3fscrygxgUYCd_Oyil_dvscL_7TQHI9w==
19.6f85b843.chunk.js
js.driftt.com/core/assets/js/ Frame F396
17 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
sH9o8YkkibMEUbCvCSPhoXTl_6cFk9oY
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
gycwWCSqfcKG01aqqeYcB2x6zAupdLeuOq_IBTQbmnZ5JjpU2n2OhA==
41.b4fc4de2.chunk.js
js.driftt.com/core/assets/js/ Frame F396
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
zY0Ou_sLgA4Cobo6T_PpWO3n4_bhl.BX
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
18
last-modified
Mon, 18 Sep 2023 19:58:06 GMT
server
istio-envoy
etag
W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pwkfqTVFFjxlW4gIQpovp262wZc6H8UTCuTdI7GRsTXeMVu3GlS-Tw==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame F396
74 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 09 Sep 2023 18:42:47 GMT
x-amz-version-id
koF.ql6S6iU4L3DAmCcO8za68l9Cvk6p
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6420559
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 07 Sep 2023 15:58:12 GMT
server
istio-envoy
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
-Vsy8qf73zVK3jWUnhZuNinKHRQUL0gVWUpmpGOhaJqe3ntz2BBWsw==
26.04e7f30b.chunk.js
js.driftt.com/core/assets/js/ Frame F396
66 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 10:11:06 GMT
x-amz-version-id
QuflpVsRjQoeLsgyzbb2dO87jCp6veQD
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
9302460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
32
last-modified
Fri, 28 Jul 2023 18:55:10 GMT
server
istio-envoy
etag
W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wokMtnAloh9hlA5PmvPwiSo0wozrjObCkRxHJGCCsWvmqbrvlch2Rw==
14.e24a6190.chunk.js
js.driftt.com/core/assets/js/ Frame F396
91 KB
28 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
mPHV5tAqPye8LylceWqtCyeRVygMz4fc
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
16
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"16d7ae86e21434a32157d3226ac9bb77"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ho_O_sn72Ums5fa-9nhWXjfqloP8FYn9tK77FiKk74EBTYbRM6dEbw==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame F396
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
XlMxTkRfqAYNG4rhc7QwtAO3yzTax5oV
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Mon, 18 Sep 2023 19:58:04 GMT
server
istio-envoy
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
2kt0IvlrCvEMbmz4ub92zCV32Jk-LozZV8w7asve8LSDBRM1geeyhg==
18.9c1bd1fb.chunk.js
js.driftt.com/core/assets/js/ Frame F396
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 02:55:15 GMT
x-amz-version-id
9mpbkuyHmd3DbfSHS5sKR7jluuxgLo9E
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6909411
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Sat, 02 Sep 2023 21:37:07 GMT
server
istio-envoy
etag
W/"02f09379c544befa413d22eb57ed41de"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
bvAzIc76I5KK7rU-XvTPa7DXfYHbk8Zpu7ocFeYdN7_mjtvar_qUYg==
49.f7274268.chunk.js
js.driftt.com/core/assets/js/ Frame F396
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/49.f7274268.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 17:53:19 GMT
x-amz-version-id
nu5YPPYpbxwbA5KeFnNDvED6qjQ46e.5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10311527
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
22
last-modified
Wed, 26 Jul 2023 13:14:43 GMT
server
istio-envoy
etag
W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
B-9l20wA6VGZL2MrOmN8Q3bnIFF8kR_p3ZvcI1hNSMX9pEKWDA4jPA==
40.31ef8dbf.chunk.js
js.driftt.com/core/assets/js/ Frame F396
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 25 Sep 2023 22:50:10 GMT
x-amz-version-id
4vFIc6iMaOHHRPFul3_EyvJfXUuIcmEs
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5023316
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"b0793fa46e8c0ae1846b7be8a833da35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yQ1xGg4drJp8Pl35eupDy9qdSFxsLTfhPl7q884IhVfBzWmxy6mryg==
29.31d09948.chunk.js
js.driftt.com/core/assets/js/ Frame F396
13 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/29.31d09948.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 04:56:51 GMT
x-amz-version-id
PyawGVolC84hpcWm6OWVT0dG84hVjB6f
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4482915
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"455157cb49065fb85fed54901ddaeb0e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dWmCgL7uSVEoeBxvo_9YciHqdLXIEE7nmnIjF9d8nr0yLVUX8z2ieg==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame F396
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
g1ri2j1Cjjab.VdRD9o2Qfb0pzjBKg2Y
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PQEBy9qYTm42IsvpSTOgPw8UUov7s0O6k8DxQdV5jfNixcWuq3QIuA==
8.7602338c.chunk.css
js.driftt.com/core/assets/css/ Frame F396
31 KB
4 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
310de82ec6ba5948814ab8ec2369aa1d437e84e26ac56967fc79897acaa99a95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:19 GMT
x-amz-version-id
hjTFQAoU.KAgYbJR7bli92DUId80a05s
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668947
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
30
last-modified
Thu, 21 Sep 2023 18:21:34 GMT
server
istio-envoy
etag
W/"76d0343f1f9f445c80d5c68c2a35b6e0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
GpcT-KpUYql9UOOYNvUhJxiMiasYdXVsjUYEqLBV20I_95PdrO3z5g==
8.044769eb.chunk.js
js.driftt.com/core/assets/js/ Frame F396
81 KB
26 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.044769eb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1a942c4e7372897cb501fba0ddb4b51fb3533d71975bd2d9d3a1f39ac5403831
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 17:04:21 GMT
x-amz-version-id
17DfV7s42f89YbincTHPPVmLUV_bhnjp
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1674465
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
52
last-modified
Fri, 03 Nov 2023 16:05:58 GMT
server
istio-envoy
etag
W/"44b93d3484fa424f7b36b2e344e21e24"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yuW2DMDAxoWscZLpR8U9UzYq9Vl5AAwnJIV8xysL0njSWBmRO7Pg4Q==
16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame F396
24 B
695 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 09 Sep 2023 18:42:47 GMT
x-amz-version-id
L7ekVthaAMSAcl7y3LfpvLig..DjHOJ0
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA60-P6
age
6420559
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
content-length
24
last-modified
Thu, 07 Sep 2023 15:58:10 GMT
server
istio-envoy
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
2DtdCDsoPdVOL8_k6Tv_d6JqSwA9-5DQ3bMCehMPvcnUm5aBypdKOg==
16.2394064c.chunk.js
js.driftt.com/core/assets/js/ Frame F396
92 KB
24 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.2394064c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1f1af18d64fdcfd9d2191eec42881a3e16a482792ff4d1c4a7da67981a51d899
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 18:06:41 GMT
x-amz-version-id
E5klQAQs3D4aAXVjfwX8.j3PQlETJSVe
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1843524
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
42
last-modified
Wed, 01 Nov 2023 17:45:49 GMT
server
istio-envoy
etag
W/"b3fe5876c5b8966c8af8f22496366c99"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pUbLTEIqu1xAMj1gL-Itv6P-vbQf_s5SDIl3GvNsnbvfuvA0IPjm5Q==
24.b6ed1466.chunk.js
js.driftt.com/core/assets/js/ Frame F396
50 KB
14 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/24.b6ed1466.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
cedc3b05f6b82af9696f663cebb5afdcea4e495d8646316f30fa041b8530d9ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
uX9XQ33R8MHMUXsK6itOLSboNk6JZ1R7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Tue, 21 Nov 2023 16:21:41 GMT
server
istio-envoy
etag
W/"b3b902de8819aee144f4219ddd27fe90"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
C2jdNmY9g7_buVfh7amgLtFrYM2kxtYyBWYvQ6ZY9b-Td4CXEC_VIw==
17.140f8b44.chunk.js
js.driftt.com/core/assets/js/ Frame F396
40 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.140f8b44.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c103980ef9acd760daed97b96d96ccc68bd8dfd9085f963594b007c98ef599b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
jbdCNCK5HJaShZpsTFyBDk6DZsP5d1v6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
36
last-modified
Tue, 21 Nov 2023 16:21:41 GMT
server
istio-envoy
etag
W/"5aca76d118ed5ee582ce5ade6c0d8226"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
8XFvyMIOXtjzcil24c5-a1W1oq0nSBCMO2xnn9Peth8jZzw4tnwGnw==
51.558be3c5.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
23 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 02:52:29 GMT
x-amz-version-id
Esj.HZA_tbw6gqPOdguyiXaCinsX9owN
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5181577
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"fa281fcbe4b2e35558d60fae3e316367"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
dnPjqcaF_S-PBXKUzUEAuYoQrsuaBnq-epN_5sC195dVQPvfer3Cqw==
35.d0f1ccda.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
36 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 01:19:18 GMT
x-amz-version-id
28EWWIrfyXnbH9o_fCp_ZuBJ9aAwW8z2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5532768
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
33
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"46fa5a7bc37a22544a908e4ad950309c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
NuMSSnO-W-qaWpIyAZZD8mhn3wLcR1xbgcAMlMxbNiXr5WCglO-Hdw==
22.6b9a301a.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
32 KB
11 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 04:06:06 GMT
x-amz-version-id
QdsA1eP5upj.c59gGRUMZlWh3VaRO3QX
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5177160
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Fri, 22 Sep 2023 19:55:10 GMT
server
istio-envoy
etag
W/"d8739a9fe9a3a42936f5cd86c8727494"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
zx1SY22vPVnQfc58X_8O189JcrCU9luiMrXRH1bA33MjJfxHmWAEFQ==
19.6f85b843.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
17 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
sH9o8YkkibMEUbCvCSPhoXTl_6cFk9oY
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
v3W0qEIUnf6zmuBmU0cY6K2WAR2dwTfVdkImJLRhSv0kXSofGyxHJw==
41.b4fc4de2.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
zY0Ou_sLgA4Cobo6T_PpWO3n4_bhl.BX
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
18
last-modified
Mon, 18 Sep 2023 19:58:06 GMT
server
istio-envoy
etag
W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
YNeCp1iGMouIUmGAeVU3D0d1uVOvRNCqipKrBSvv18SJi4wthUCRng==
20.8c21ea18.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
74 KB
23 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 09 Sep 2023 18:42:47 GMT
x-amz-version-id
koF.ql6S6iU4L3DAmCcO8za68l9Cvk6p
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6420559
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 07 Sep 2023 15:58:12 GMT
server
istio-envoy
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UU8iUVts4wEPRiHBJeg_aQ9kg3aZdy5I6sOCNalN-HwjqDe9nhdbzg==
26.04e7f30b.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
66 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 10:11:06 GMT
x-amz-version-id
QuflpVsRjQoeLsgyzbb2dO87jCp6veQD
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
9302460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
32
last-modified
Fri, 28 Jul 2023 18:55:10 GMT
server
istio-envoy
etag
W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ZltHghxpXr9ZhXQz8L3InYWYWihuRCGjEe7mLXdbyAx_sRr4hNg8fQ==
14.e24a6190.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
91 KB
28 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
mPHV5tAqPye8LylceWqtCyeRVygMz4fc
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
16
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"16d7ae86e21434a32157d3226ac9bb77"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
onukBqWFSmRHkHFlmHeLNnW2fAQAgyEgdAaxD0rtaWjx9ESof5WiIA==
11.639238ba.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
XlMxTkRfqAYNG4rhc7QwtAO3yzTax5oV
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
23
last-modified
Mon, 18 Sep 2023 19:58:04 GMT
server
istio-envoy
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Fn_uX9fG-_kkUrDwDzlVwih6oLNDNLROhubRwBTDmM7jeEfJR68DYA==
18.9c1bd1fb.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 02:55:15 GMT
x-amz-version-id
9mpbkuyHmd3DbfSHS5sKR7jluuxgLo9E
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6909411
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Sat, 02 Sep 2023 21:37:07 GMT
server
istio-envoy
etag
W/"02f09379c544befa413d22eb57ed41de"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
J7Lu15G3Le6YpAUriTE5GnuQoBJifEYtSJs_9hH28Kyqjl8Tt2l04A==
49.f7274268.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/49.f7274268.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 17:53:19 GMT
x-amz-version-id
nu5YPPYpbxwbA5KeFnNDvED6qjQ46e.5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10311527
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
22
last-modified
Wed, 26 Jul 2023 13:14:43 GMT
server
istio-envoy
etag
W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ixO9FmuiYK06iX76Z71YG9g-ikRA58wRHi4qdS_DnWdysUXiPyOqcg==
40.31ef8dbf.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 25 Sep 2023 22:50:10 GMT
x-amz-version-id
4vFIc6iMaOHHRPFul3_EyvJfXUuIcmEs
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5023316
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"b0793fa46e8c0ae1846b7be8a833da35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
sTOzgc-USEEN6-bq0DC3I3MkWFh20Cf6ZP06EmHPvydMkarhmZ48nQ==
29.31d09948.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
13 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/29.31d09948.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 04:56:51 GMT
x-amz-version-id
PyawGVolC84hpcWm6OWVT0dG84hVjB6f
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4482915
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 21 Sep 2023 18:21:36 GMT
server
istio-envoy
etag
W/"455157cb49065fb85fed54901ddaeb0e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kXlXBtrglJpLBitVrBllQBllmtX3yUmNZ5tEWpZMvHx_tAUGQHXv4A==
21.b8c41db9.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:54 GMT
x-amz-version-id
g1ri2j1Cjjab.VdRD9o2Qfb0pzjBKg2Y
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9pjolU1z99lqF4fAx9hiaAK6nz6XFgLi_wxFueqsHvYK-fu3tEOdug==
8.7602338c.chunk.css
js.driftt.com/core/assets/css/ Frame DFA7
31 KB
4 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
310de82ec6ba5948814ab8ec2369aa1d437e84e26ac56967fc79897acaa99a95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:19 GMT
x-amz-version-id
hjTFQAoU.KAgYbJR7bli92DUId80a05s
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668947
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
30
last-modified
Thu, 21 Sep 2023 18:21:34 GMT
server
istio-envoy
etag
W/"76d0343f1f9f445c80d5c68c2a35b6e0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UplYOFQVwjtBfZGAwK0zRITUp2LBFqBM_nRFMNUsfCSaZqjEf5naLQ==
8.044769eb.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
81 KB
26 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.044769eb.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1a942c4e7372897cb501fba0ddb4b51fb3533d71975bd2d9d3a1f39ac5403831
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 17:04:21 GMT
x-amz-version-id
17DfV7s42f89YbincTHPPVmLUV_bhnjp
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1674465
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
52
last-modified
Fri, 03 Nov 2023 16:05:58 GMT
server
istio-envoy
etag
W/"44b93d3484fa424f7b36b2e344e21e24"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UXRlVLmzn5HGFlZgh0Zpp4R7pGFmsS_5KnpnyIYzDmRRJYSGrIVc7A==
16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame DFA7
24 B
695 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 09 Sep 2023 18:42:47 GMT
x-amz-version-id
L7ekVthaAMSAcl7y3LfpvLig..DjHOJ0
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA60-P6
age
6420559
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
15
content-length
24
last-modified
Thu, 07 Sep 2023 15:58:10 GMT
server
istio-envoy
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
_J51pycDP4ebvUmWoVTx3LRiCX8XSuE_Z1F298QfK5k9hmipIO2H8g==
16.2394064c.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
92 KB
24 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.2394064c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1f1af18d64fdcfd9d2191eec42881a3e16a482792ff4d1c4a7da67981a51d899
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 18:06:41 GMT
x-amz-version-id
E5klQAQs3D4aAXVjfwX8.j3PQlETJSVe
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1843524
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
42
last-modified
Wed, 01 Nov 2023 17:45:49 GMT
server
istio-envoy
etag
W/"b3fe5876c5b8966c8af8f22496366c99"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
nb1NNYIXtkF7x8UZ9Qt7OEmYgyLSNBmeFq0iSkVgTojmpxYSmtJ1KA==
24.b6ed1466.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
50 KB
14 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/24.b6ed1466.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
cedc3b05f6b82af9696f663cebb5afdcea4e495d8646316f30fa041b8530d9ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
uX9XQ33R8MHMUXsK6itOLSboNk6JZ1R7
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
21
last-modified
Tue, 21 Nov 2023 16:21:41 GMT
server
istio-envoy
etag
W/"b3b902de8819aee144f4219ddd27fe90"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
plkZcE1qgjpjxD619rczJ54xQ0iltcDEsgVaq1xx1hSJUCT3rIUW4A==
17.140f8b44.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
40 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.140f8b44.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c103980ef9acd760daed97b96d96ccc68bd8dfd9085f963594b007c98ef599b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
jbdCNCK5HJaShZpsTFyBDk6DZsP5d1v6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
36
last-modified
Tue, 21 Nov 2023 16:21:41 GMT
server
istio-envoy
etag
W/"5aca76d118ed5ee582ce5ade6c0d8226"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pqRtsd0MT3IdYrtq0MKpJR_2sgScQC4y7KsTit47z_gdWYSg5rnanw==
37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame F396
3 KB
1 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:20 GMT
x-amz-version-id
Hu5iSIFN36zIxSOSUYZtBnss99Os2EQi
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668946
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
71
last-modified
Thu, 21 Sep 2023 18:21:33 GMT
server
istio-envoy
etag
W/"87532c4db85f1429fa6d759bc3332f36"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
hVt4UnwX5RiC_U2ag5wHHh4JHT7XGv_mfccecboNMS_XoGqPYRlsYg==
37.298cbb69.chunk.js
js.driftt.com/core/assets/js/ Frame F396
3 KB
2 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:14:58 GMT
x-amz-version-id
PUAI0__GdQuv9OUrb9AbmioJKXyFo.FH
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5450228
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
102
last-modified
Fri, 15 Sep 2023 20:51:07 GMT
server
istio-envoy
etag
W/"86b289eeb2bf9d30034f30d9794e8041"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
FeBo0-zh2UHP147g8IRdzm2D8qzHkvuJP3OsPPGnc0Z_hygv2rZZLQ==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:20 GMT
x-amz-version-id
N.P1rsR6Ulh0hyhpF1x45w2GtJbK5a1j
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668946
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Fri, 29 Sep 2023 23:27:53 GMT
server
istio-envoy
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
MeeDC4SND6Yq1qn5zMfqg_ws9u3P00jZozXFkgsUW_IhtF07XKLuaQ==
27.01c2bea5.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
35 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 13 Sep 2023 23:54:28 GMT
x-amz-version-id
YMtskddlt_BynGDwl8_lx2.1Au5P.Zy_
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6056258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
40
last-modified
Wed, 13 Sep 2023 15:34:32 GMT
server
istio-envoy
etag
W/"04a233a42dcf8c50a83bfecea8ba552d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
31KIAlNm0Fnfvxt1aO9MDWcP_LEfq6TQ3yVssV9Zg_rh9du3UWPgvA==
28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame DFA7
8 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 23:24:26 GMT
x-amz-version-id
dWp9miJXOVmUTXcain7mZ7aJqiAGjznQ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
6835660
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
41
last-modified
Mon, 04 Sep 2023 22:45:58 GMT
server
istio-envoy
etag
W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6EgU6O06ck_Txr-mlZlzqe__l-CqLklIcQxPHfQBjbR26W4cN71mnQ==
28.bdd92ff2.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
14 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/28.bdd92ff2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:11:07 GMT
x-amz-version-id
6o.8mkxiaRsFl_owIpE1sA3Ubz4dTFIZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4669259
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
37
last-modified
Fri, 15 Sep 2023 20:51:06 GMT
server
istio-envoy
etag
W/"260fbabe310bd2cae5c44538f3d833ad"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
J6MHL4BS-MDp7fh-NLCQ70L2WCft8L9kSC3wdkvXsdLtGcEtcHPoOg==
25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame DFA7
365 B
1 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/25.c695453b.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 06:06:36 GMT
x-amz-version-id
I8MJvRD6MTh126AnSPBNc7JG7IhkzIAO
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA60-P6
age
5515529
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
64
content-length
365
last-modified
Mon, 18 Sep 2023 19:58:03 GMT
server
istio-envoy
etag
"06b2963b029c0824382815165bfea73e"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4hG2Qw4n04eqUnf90j2SO36qn4DZEoWS3TRYM3VTZDCMp-vb5WkerA==
25.a6216a28.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
91 KB
25 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/25.a6216a28.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5cca4cddd4f59dc1890d79a18b1dd68d69c68e4c28c568d7edca037a2dce1979
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 16:39:02 GMT
x-amz-version-id
9mlLoc0dRXl0hXBoCbQBVq1nQlfFX_0K
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
120784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Tue, 21 Nov 2023 16:21:41 GMT
server
istio-envoy
etag
W/"19611a790aca824f3a06d4fa0aa0f651"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
jc-97AoyJDNg68QlPiF3_D1iFX-d74O5vu9KjLZwKjKOxUQLEiECeg==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame F396
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:20 GMT
x-amz-version-id
N.P1rsR6Ulh0hyhpF1x45w2GtJbK5a1j
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668946
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Fri, 29 Sep 2023 23:27:53 GMT
server
istio-envoy
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
YNy8t66QHNXvL-QdQwuJLJoMVAFhRzlepzp5vxVNgXtsApo1nBfC8A==
3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame F396
7 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 17:53:21 GMT
x-amz-version-id
Ov831I2a5yEZEgVNkzjL3jR4iYT4qeoU
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10311525
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
40
last-modified
Wed, 26 Jul 2023 13:12:09 GMT
server
istio-envoy
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
AnTcR2FHqNClzcetM3sXd-vGZtvcfhL_WxgyDaI2RX8G65NR7zMgHg==
3.f50b964b.chunk.js
js.driftt.com/core/assets/js/ Frame F396
54 KB
15 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 08:26:55 GMT
x-amz-version-id
Kynz7_sRLMeatVgI4HEORmIIXnKig1_t
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5507111
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
37
last-modified
Mon, 18 Sep 2023 19:58:05 GMT
server
istio-envoy
etag
W/"1ac37bf2b93050f29058b66a9ad43e10"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
rSS2DRNFAkSKh5cuzRhBQkdCtO76QQjnKXK2EI1eDl8Pm87OBvZ2gg==
1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame F396
44 KB
7 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 11:27:15 GMT
x-amz-version-id
eSNvdp0yfhg_hVHGVV1T0Cg9aS8M1FwM
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
9297891
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
20
last-modified
Fri, 28 Jul 2023 18:55:08 GMT
server
istio-envoy
etag
W/"3b8ba82e1bac13ee29e9764a55620d99"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5YSDvPHgUgeYtWYAQzLmiCx9ZOOSJbBwoIsmi0hzNpRFLutJSJd6bw==
1.2aebee2c.chunk.js
js.driftt.com/core/assets/js/ Frame F396
54 KB
18 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/1.2aebee2c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
60409946ec37f5d25bf3516bd3fbc347358e60feaf168a3d578b323cb750860b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 01:16:20 GMT
x-amz-version-id
njKFRQMyITptDyb8dy9pniiadoNlCW6r
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
4668946
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
45
last-modified
Fri, 15 Sep 2023 20:51:05 GMT
server
istio-envoy
etag
W/"8dec138e62d799d028f8c7ed0cc19058"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
imRlowWJEoB9P5Kyd4sXt9Rvtx3NPn2PoUS62qwAkcqYkzk6yTF0cg==
4.9d776499.chunk.js
js.driftt.com/core/assets/js/ Frame F396
23 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/4.9d776499.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 25 Jul 2023 18:55:58 GMT
x-amz-version-id
uGJ36CDXFf5jc7zFgfXUohqg1i8mPHWM
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
10394168
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
17
last-modified
Tue, 25 Jul 2023 18:08:15 GMT
server
istio-envoy
etag
W/"cc02ad980b6b04f3bba61e68883356d4"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
LekCXJIWxnRHFi7uauTegJjFDLQtN73_rOLsCi3imDIH-KY06_24rw==
34.d13ab69b.chunk.css
js.driftt.com/core/assets/css/ Frame F396
16 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/34.d13ab69b.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7c8b113cce07a87ca4cb9dc4f1c55d701efd44834430e1939c27b2e5e1c12ac1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 17:04:21 GMT
x-amz-version-id
pFWMvJB2j2wrLwpXYClAbSTx9Ncr0bnJ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1674465
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
19
last-modified
Fri, 03 Nov 2023 16:05:55 GMT
server
istio-envoy
etag
W/"cd2168c34ad30fc16e40bb8888419c0b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4drY8EMSllYPlS73SD2ty6l8otW2F0IqwY-zQKk5-t0p69LJjVcwhQ==
34.565cc93a.chunk.js
js.driftt.com/core/assets/js/ Frame F396
13 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/34.565cc93a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
08b15334412c5f3ad02391af96b4068d23b85e63c63fa8d78ee9bb7e78ce752d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 19:13:34 GMT
x-amz-version-id
Vj75Ma3SPAXLgnv1oVNlXdl73AwytxU2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5554712
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
58
last-modified
Fri, 15 Sep 2023 20:51:07 GMT
server
istio-envoy
etag
W/"57c0a57c3cf808c4592182b4c490b3a0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
GjLBfVC9DzFX78uydOf5vGFua3kZhAC0Jtg3Mkebez7zMFxZX74mzg==
v2
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame DFA7
208 B
647 B
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping/v2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
03541fc8f386465b2ccc5a134053891cbaf180dae12d83c85728beb2789b753f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 23 Nov 2023 02:12:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
4d99efe2ae7061ac
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
9
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
208
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A05%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223062%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:06 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
v3
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame DFA7
25 B
112 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v3
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 23 Nov 2023 02:12:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
1e859c5b4ff16f17
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
14
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
widget_bootstrap
bootstrap.api.drift.com/ Frame DFA7
33 KB
9 KB
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
78869d074a17683bb032167c85f5ce42e47dc0ef53c6891922f8a467b3a233ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 23 Nov 2023 02:12:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
istio-envoy
requestid
107f72bef306d690
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
398
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A06%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224064%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:07 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
track
event.api.drift.com/ Frame
0
0
Preflight
General
Full URL
https://event.api.drift.com/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 23 Nov 2023 02:12:08 GMT
requestid
drift07bef544bf2a0e47e17d461a8b1
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
1
track
event.api.drift.com/ Frame DFA7
631 B
691 B
XHR
General
Full URL
https://event.api.drift.com/track
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
d4cebb76335de0dc110795c651a14c7628806ea898a0526c1c70c655614b4825
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMDE3OTMyODE5NiIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjExNjIyMjciLCJleHAiOjE3MzIzMjc5MjcsImlhdCI6MTcwMDcwNTUyN30.bkPcgIV_vXiuZx3Wr-LO0hwOMUgmPdPO-u5sJArxt17MQMgbYccYW5AW6wVPNe1qzz9sGntSNSGZWes6nP9wOA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
f402767befd269c3
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
631
evaluate_with_log
targeting.api.drift.com/targeting/ Frame DFA7
3 KB
1006 B
XHR
General
Full URL
https://targeting.api.drift.com/targeting/evaluate_with_log
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
39bfe62b168db57a5e861b1872c6c1843aa437cca86fdb3ccaeb2a913e3a5d59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMDE3OTMyODE5NiIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjExNjIyMjciLCJleHAiOjE3MzIzMjc5MjcsImlhdCI6MTcwMDcwNTUyN30.bkPcgIV_vXiuZx3Wr-LO0hwOMUgmPdPO-u5sJArxt17MQMgbYccYW5AW6wVPNe1qzz9sGntSNSGZWes6nP9wOA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
istio-envoy
requestid
62084f78e6b74cb9
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
942
evaluate_with_log
targeting.api.drift.com/targeting/ Frame
0
0
Preflight
General
Full URL
https://targeting.api.drift.com/targeting/evaluate_with_log
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 23 Nov 2023 02:12:08 GMT
requestid
drift1c7e1a443939593a94b23718d34
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
render_initial_v3
flow.api.drift.com/flows/ Frame
0
0
Preflight
General
Full URL
https://flow.api.drift.com/flows/render_initial_v3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 23 Nov 2023 02:12:08 GMT
requestid
drift8c3bac747778317eaabae443da3
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
1
render_initial_v3
flow.api.drift.com/flows/ Frame DFA7
3 KB
2 KB
XHR
General
Full URL
https://flow.api.drift.com/flows/render_initial_v3
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
a3b5935675b024221eb6540d038e75944dbf64759556d5c8a58eaac7cc5188c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMDE3OTMyODE5NiIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjExNjIyMjciLCJleHAiOjE3MzIzMjc5MjcsImlhdCI6MTcwMDcwNTUyN30.bkPcgIV_vXiuZx3Wr-LO0hwOMUgmPdPO-u5sJArxt17MQMgbYccYW5AW6wVPNe1qzz9sGntSNSGZWes6nP9wOA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
istio-envoy
requestid
b1c5c095caeda9a5
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
24
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
1971
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A07%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225065%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
widget
targeting.api.drift.com/impressions/ Frame
0
0
Preflight
General
Full URL
https://targeting.api.drift.com/impressions/widget
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Thu, 23 Nov 2023 02:12:08 GMT
requestid
driftcad1dc743318918d18455b372c8
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
1
widget
targeting.api.drift.com/impressions/ Frame DFA7
0
38 B
XHR
General
Full URL
https://targeting.api.drift.com/impressions/widget
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMDE3OTMyODE5NiIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjExNjIyMjciLCJleHAiOjE3MzIzMjc5MjcsImlhdCI6MTcwMDcwNTUyN30.bkPcgIV_vXiuZx3Wr-LO0hwOMUgmPdPO-u5sJArxt17MQMgbYccYW5AW6wVPNe1qzz9sGntSNSGZWes6nP9wOA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
6237b30f632a7a72
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-credentials
true
x-envoy-upstream-service-time
10
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
57.28dde8ce.chunk.js
js.driftt.com/core/assets/js/ Frame DFA7
19 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?d=1&embedId=uvut6nv3vzk9&eId=uvut6nv3vzk9&region=US&forceShow=false&skipCampaigns=false&sessionId=e8251b2d-c980-4b9e-8e79-a3d104a55d87&sessionStarted=1700705525.875&campaignRefreshToken=d01eac61-5e29-4b17-b940-76a41a78ed05&hideController=false&pageLoadStartTime=1700705522937&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:15:01 GMT
x-amz-version-id
NgwNgUBll2U9FZo8u3lk6X1MiWsF.fFq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5450227
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
22
last-modified
Mon, 18 Sep 2023 19:58:06 GMT
server
istio-envoy
etag
W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5TfowXjdEO3mdmu9twBk9B29Xb6meybsEG0JtJlsZ3QZY0qXCkD8uw==
57.28dde8ce.chunk.js
js.driftt.com/core/assets/js/ Frame F396
19 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f52bd0ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1700705522937
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:15:01 GMT
x-amz-version-id
NgwNgUBll2U9FZo8u3lk6X1MiWsF.fFq
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
5450227
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
22
last-modified
Mon, 18 Sep 2023 19:58:06 GMT
server
istio-envoy
etag
W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
b48z9KbVmnyvum6YBSuf3ZCH9zdc6pIwHEMhcgGunFeQVCDS5hjC-w==
https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1487228%252F2e44850f29c32e2a2fbbd9b51e8af60e8wgb2ih3r23r%3Ffit%3Dmax%26fm%3Dpng%26h...
driftt.imgix.net/ Frame DFA7
13 KB
13 KB
Image
General
Full URL
https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1487228%252F2e44850f29c32e2a2fbbd9b51e8af60e8wgb2ih3r23r%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D52a0ccdcd163600301f50de69d49b57d?fit=max&fm=png&h=200&w=200&s=c9557e32ca8b6ddc0333bf1881cbc3d5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
ca2c9431c62d28c900cfc16631afa5e29e39abe2bfbe7440d22a4c194f42c3dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:08 GMT
x-content-type-options
nosniff
age
6107912
x-cache
HIT, HIT
x-imgix-id
abaf02bd9da09a32413d7775330302be733080f0
cross-origin-resource-policy
cross-origin
content-length
13138
x-served-by
cache-sjc1000087-SJC, cache-fra-etou8220056-FRA
x-imgix-render-farm
02.139816
last-modified
Wed, 13 Sep 2023 09:33:37 GMT
server
Google Frontend
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=315360000
accept-ranges
bytes
timing-allow-origin
*
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame F396
38 KB
39 KB
Font
General
Full URL
https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 09:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
11121090
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
40
content-length
39372
last-modified
Fri, 03 Mar 2023 16:21:38 GMT
server
istio-envoy
etag
"40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/font-woff2,font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
po-h_oCYnsGPuF5vfOGEQHCfQlRPRkzEPShcjEZQhobvgBJb5qz0eA==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame DFA7
38 KB
39 KB
Font
General
Full URL
https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-87.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/assets/css/8.7602338c.chunk.css
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 09:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
11121090
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
40
content-length
39372
last-modified
Fri, 03 Mar 2023 16:21:38 GMT
server
istio-envoy
etag
"40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/font-woff2,font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
agRm6W20GUOv8AMeiyAq8VQsw9F-51Oy3VV04DiH6K40dKajyjgf3A==
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-G6184BWDDN&gtm=45je3b81v871663715z872282274&_p=1700705523035&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1861369662.1700705524&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&sid=1700705523&sct=1&seg=0&dl=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&dt=Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest&en=six_sense_event&ep.debug_mode=true&ep.domain=&ep.country=&ep.revenue_range=&ep.segments=&_et=600&up.hjuid=72241fb2&tfd=7062
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G6184BWDDN&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Nov 2023 02:12:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reliaquest.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=cdfe02635f87832f7fb37442e2a57166&svisitor=b8d01702c5d61300f3b45e65a8020000968e0f00&visitor=aa7db007-c7c4-4434-8a6f-5ff26c7a9797&session=41f76ec1-8a57-4d8a-8e9d-7191a429c7a9&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2023%20Nov%202023%2002%3A12%3A08%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226066%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReliaQuest%20recently%20detected%20an%20intrusion%20by%20the%20Scattered%20Spider%20cybercrime%20group.%20Inside%2C%20we%20map%20the%20attack%20and%20the%20TTPs%20involved%20and%20provide%20recommendations.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Scattered%20Spider%20Attack%20Analysis%20-%20ReliaQuest%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reliaquest.com%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F&pageViewId=9994ed2c-bfb0-4569-8b69-7bb4542c3b55&an_uid=0&webTagId=9d89db09-be43-47ea-ad23-917183e7e184&v=1.1.11
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reliaquest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 02:12:09 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
bulk
metrics.api.drift.com/monitoring/metrics/event3/ Frame DFA7
25 B
112 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/event3/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 23 Nov 2023 02:12:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
87e1063ce527b56b
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
18
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25

Verdicts & Comments Add Verdict or Comment

203 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| documentPictureInPicture object| gsapVersions object| Linear object| Power0 object| Quad object| Power1 object| Cubic object| Power2 object| Quart object| Power3 object| Quint object| Power4 object| Strong object| Elastic object| Bounce object| Expo object| Circ object| Sine object| Back object| SteppedEase function| TweenLite function| TweenMax function| TimelineMax function| TimelineLite function| AttrPlugin function| EndArrayPlugin function| RoundPropsPlugin function| ModifiersPlugin function| SnapPlugin object| gsap object| CSSPlugin function| Observer function| ScrollTrigger string| gtm4wp_datalayer_name object| dataLayer object| a2a_config function| $ function| jQuery object| _6si string| SLScoutObject function| slscout string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk object| ensBootstraps object| Bootstrapper object| techtargetic object| dataLayer_content number| uidEvent object| bootstrap object| themeAjax object| a3_lazyload_params object| a3_lazyload_extend_params object| wpp_params object| WordPressPopularPosts function| DOMPurify string| cssTarget string| ForceInlineSVGActive string| frontSanitizationEnabled function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| a2a function| a2a_init object| process object| MunchkinTracker function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _defineProperty function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| _defineProperties function| _createClass function| _toPropertyKey function| _toPrimitive function| _classCallCheck function| _inherits function| _createSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _wrapNativeSuper function| _construct function| _isNativeReflectConstruct function| _isNativeFunction function| _setPrototypeOf function| _getPrototypeOf function| _typeof function| initIsTouch function| initStickyScrollBlock function| initQSearchReset function| initSelect2 function| initSearchLite function| initChangeHeaderBackground function| initFakeSelect function| initFilterSelect function| initSmoothScroll function| initCounts function| initSwiper function| initLightboxVideo function| initScrollSection function| __assign function| CountUp function| jQueryPlugin function| themePosts function| Swiper function| SmoothScroll function| Sticksy object| ASL object| ASL_INSTANCES object| WPD function| _ASL_load object| _wq function| bodhisvgsInlineSupport object| google_tag_manager object| google_tag_data boolean| _already_called_lintrk string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| hj object| _hjSettings function| getParam function| getExpiryRecord function| addGclid function| drift undefined| driftt function| rdt object| heap function| appendScriptTag string| currentWebsiteUrl string| link object| TAG_INFO object| zi string| ZIProjectKey function| a2a_show_dropdown function| a2a_miniLeaveDelay number| a2apage_init function| onYouTubeIframeAPIReady object| gaGlobal object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| gaplugins object| gaData function| UET function| UET_init function| UET_push object| ueto_c3ee737d03 object| uetq object| zitag object| configArgs number| pixelRatio number| width number| height object| screenSize string| uuidDigits object| labels function| ttd_dom_ready function| TTDUniversalPixelApi boolean| _storagePopulated function| unhide function| kw_init_pixel function| kw_add_kdl_contexts function| kw_set_context function| send_klm_struct_event string| action object| KW object| GlobalSnowplowNamespace function| snowplow_kwdl object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| FingerprintJS object| Snowplow object| _zi_fc object| _zi object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory object| drift_audio_context object| drift_sentry_config

46 Cookies

Domain/Path Name / Value
.www.reliaquest.com/ Name: __cf_bm
Value: 6dduuM7WAjpfpSrWFmjlfRRus9i8sab70BjBTs2XBng-1700705522-0-AQAyBBivPoGqqynD+R6s1TMT8sQ04hSLAcf+mMYeo3k+ptO2g88TaBRgA2qtxdrfGqw1A11Yqfq0n84GjxXcUII=
.techtarget.com/ Name: __cf_bm
Value: TMhwDBSkKe8TKtgq1hXMEIKmBGAExISyG2NR98qXHyk-1700705523-0-AZ2Y8dUpwLGwNzAkMbqrqR1UCL9Q5cQLL3sCgolFXBZ/PHbxC3GURKsayJ7oKms6Yd+ezjQL5vKHaVdlyWvaTRI=
.reliaquest.com/ Name: _mkto_trk
Value: id:438-KYK-786&token:_mch-reliaquest.com-1700705523267-36576
www.reliaquest.com/ Name: _gd_visitor
Value: aa7db007-c7c4-4434-8a6f-5ff26c7a9797
www.reliaquest.com/ Name: _gd_session
Value: 41f76ec1-8a57-4d8a-8e9d-7191a429c7a9
.reliaquest.com/ Name: _gcl_au
Value: 1.1.1993304028.1700705523
www.reliaquest.com/ Name: slireg
Value: https://scout.us2.salesloft.com
.linkedin.com/ Name: li_sugr
Value: d5d45cb9-8b58-428d-a80f-aa3b189c9107
.linkedin.com/ Name: bcookie
Value: "v=2&fc80ed9a-2d62-411b-8599-4c1d7a4f1dae"
.linkedin.com/ Name: lidc
Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2636:u=1:x=1:i=1700705523:t=1700791923:v=2:sig=AQHH02Bt23AgN54lnduvgyK4-JWwR3Dl"
.reliaquest.com/ Name: _ga
Value: GA1.2.1861369662.1700705524
.reliaquest.com/ Name: _gid
Value: GA1.2.550263190.1700705524
.reliaquest.com/ Name: _gat_UA-10904891-3
Value: 1
.reliaquest.com/ Name: _uetsid
Value: b18f753089a511ee87922133de592e86
.reliaquest.com/ Name: _uetvid
Value: b18fb25089a511ee831b7fb60157c873
.6sc.co/ Name: 6suuid
Value: b8d01702c5d61300f3b45e65a8020000968e0f00
www.reliaquest.com/ Name: sliguid
Value: d6fce36f-db9c-48c4-ac84-2ad60acad639
www.reliaquest.com/ Name: slirequested
Value: true
.bing.com/ Name: MUID
Value: 11421004746A6E792ECC03D675C66FF5
.reliaquest.com/ Name: _rdt_uuid
Value: 1700705523767.522b3a6b-967b-4103-93ac-5ddd37a80f8b
.linkedin.com/ Name: UserMatchHistory
Value: AQIewBFT3HH11wAAAYv58tgjDhdnbnfNwQCont8DqxKaI_Gv3QSJDZ-EzaiY-PvmzYTEXV8Usg0erg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQI-KY-7YS9BXQAAAYv58tgkk364ewMmilxY336dLmd0jw5vJTxq_8wJhbGUl9DfIuENWYm1pB9AwDEF0vTBVg
www.reliaquest.com/ Name: _gd_svisitor
Value: b8d01702c5d61300f3b45e65a8020000968e0f00
.reliaquest.com/ Name: _hjFirstSeen
Value: 1
.reliaquest.com/ Name: _hjIncludedInSessionSample_2441060
Value: 1
.reliaquest.com/ Name: _hjSession_2441060
Value: eyJpZCI6IjA1NzBkNDVhLTk3Y2EtNGNjOS04NzhkLWRjMmQ5ZjBiZWVkMSIsImNyZWF0ZWQiOjE3MDA3MDU1MjQwMDEsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjp0cnVlfQ==
.reliaquest.com/ Name: _hjSessionUser_2441060
Value: eyJpZCI6IjcyMjQxZmIyLTBjZTYtNWVmZi1hYWNiLWJkYWZjNDhlMTRmYSIsImNyZWF0ZWQiOjE3MDA3MDU1MjM5OTksImV4aXN0aW5nIjp0cnVlfQ==
.reliaquest.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.www.linkedin.com/ Name: bscookie
Value: "v=1&202311230212036fcecca0-c99b-481f-8e69-06ade9a46aa5AQExzK1GlWGVCw0efx1MZfbPfCJ1XpA4"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDA3MDU1MjM7MjswMjGVWdgT6ZQPyXEIKQpCwp8Z7GLG8Ysm/1MNCdNi6jo6RQ==
www.reliaquest.com/ Name: _an_uid
Value: 0
.adnxs.com/ Name: uuid2
Value: 2515579476547859158
.reliaquest.com/ Name: _hp2_id.2502874633
Value: %7B%22userId%22%3A%225955848137289336%22%2C%22pageviewId%22%3A%225012506109694948%22%2C%22sessionId%22%3A%225419330675575072%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.reliaquest.com/ Name: _ga_G6184BWDDN
Value: GS1.1.1700705523.1.0.1700705524.59.0.0
.reliaquest.com/ Name: _hp2_ses_props.2502874633
Value: %7B%22ts%22%3A1700705524142%2C%22d%22%3A%22www.reliaquest.com%22%2C%22h%22%3A%22%2Fblog%2Fscattered-spider-attack-analysis-account-compromise%2F%22%7D
abm-tracking.demandscience.com/ Name: userId
Value: bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473
.www.reliaquest.com/ Name: _zitok
Value: 9320061da244b57b38601700705524
.zoominfo.com/ Name: __cf_bm
Value: Dn.Pp43wiMXnwyRYa9hQdQ4U0f9ErC3MX.3b9jXgKuw-1700705524-0-AUbpxn+hXoqoEcypE+0rIh9ae2fOP3Vl4wgEJwOrAsjdSQVzaeA6U/2zd/dI61K2gDv+bYOgLFQHBCdL2Ipu754=
.zoominfo.com/ Name: _cfuvid
Value: X5LJQQ5NTOoKvBY.gP8BMMOpo3ZNNBCgY1Ryg7Lwzqk-1700705524934-0-604800000
tracking.contanuity.com/ Name: userId
Value: bcc4ff375a27fef5cf8eb25b0d11379e_1700705524473
tracking.contanuity.com/ Name: clientId
Value: DS
.bidr.io/ Name: bito
Value: AADaLU7KvWoAABYBgo-8cg
.bidr.io/ Name: bitoIsSecure
Value: ok
www.reliaquest.com/ Name: drift_campaign_refresh
Value: d01eac61-5e29-4b17-b940-76a41a78ed05
www.reliaquest.com/ Name: drift_aid
Value: 135b76dc-e639-4229-80d4-00c61e727c92
www.reliaquest.com/ Name: driftt_aid
Value: 135b76dc-e639-4229-80d4-00c61e727c92

2 Console Messages

Source Level URL
Text
network error URL: https://ws.zoominfo.com/pixel/64946e1443a192e5d7d14677/?iszitag=true
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://js.driftt.com/include/1700705700000/uvut6nv3vzk9.js
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.reliaquest.com/
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

438-kyk-786.mktoresp.com
abm-tracking.demandscience.com
alb.reddit.com
attr.ml-api.io
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
cdn.heapanalytics.com
cdn.jsdelivr.net
cdn.keywee.co
cdnjs.cloudflare.com
co-events.anyword.com
code.jquery.com
content.hotjar.io
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
flow.api.drift.com
heapanalytics.com
ibc-flow.techtarget.com
insight.adsrvr.org
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.driftt.com
js.zi-scripts.com
kdl.keywee.co
match.prod.bidr.io
metrics.api.drift.com
munchkin.marketo.net
nexus.ensighten.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ml-attr.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.hotjar.com
stats.g.doubleclick.net
targeting.api.drift.com
tracking.contanuity.com
trk.techtarget.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.reliaquest.com
104.102.38.132
104.18.37.212
13.107.42.14
13.32.27.19
13.32.27.86
141.193.213.20
151.101.193.140
18.193.0.24
18.245.86.87
18.66.96.113
18.66.97.37
185.89.210.82
192.28.144.124
2001:4860:4802:32::36
2600:9000:206f:b000:2:8f43:5780:93a1
2600:9000:211e:5000:12:3734:2a40:93a1
2600:9000:2156:5000:e:ec66:e40:93a1
2600:9000:236e:6600:1b:8908:cd40:93a1
2606:4700:10::6816:47c5
2606:4700:4400::ac40:973c
2606:4700::6810:5514
2606:4700::6810:880f
2606:4700::6811:180e
2606:4700::6811:4341
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2004
2a00:1450:4001:813::200e
2a00:1450:4001:828::2008
2a00:1450:4001:831::2003
2a00:1450:400c:c00::9c
2a02:26f0:780::210:a40a
2a02:26f0:e600::170f:b2eb
2a04:4e42:600::396
2a04:4e42:600::649
2a04:4e42:8e::720
34.111.208.231
34.193.113.164
34.205.13.79
34.252.177.198
35.71.131.137
44.226.187.177
52.2.109.32
52.32.164.86
52.4.186.222
54.203.236.163
54.220.79.217
68.67.153.60
95.101.111.184
009467e3cab331f459d75e1dbd0df7637e29cb623ff5766dc84b4cb77e8fe7d8
03541fc8f386465b2ccc5a134053891cbaf180dae12d83c85728beb2789b753f
042a9121e1c7bcdc3bfc48ed5e23b8dd1f64f375ef5872a5984e5d5096444702
0593ed190f27b0cc16e3b06396d4556c8faf0b0f6a4b8f1316a6a344780d3e16
08b15334412c5f3ad02391af96b4068d23b85e63c63fa8d78ee9bb7e78ce752d
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
0ad1c6e95efa77267962adc1e96167f6c2aefe9edba8e4b880569dcc6b834edc
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
15ebddd8f42a017abf38230bbefe743a7a4daeeeec69785baf43ce930d3de6ff
1771aad88d0164b8f869d097851c94cc83d1a837f12fe8de39d0f309fe45f33c
1901a8ea3a7bbfbaed9368147df59683e7001afe30fc4c08261fb14a2ea2bad0
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
19f4419755907a00ca2f0952d00451ffe8445bd92ec3828cbc54b8feeae4efd0
1a942c4e7372897cb501fba0ddb4b51fb3533d71975bd2d9d3a1f39ac5403831
1f1af18d64fdcfd9d2191eec42881a3e16a482792ff4d1c4a7da67981a51d899
2298d58f76f75135d021b0f1aa558defa9e66a1cc384b3eedde0f0904fa72def
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2cbcfd31bccdc3dea87f1358af13310043a3592f124d306f60071fcd7dd2ea58
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
310de82ec6ba5948814ab8ec2369aa1d437e84e26ac56967fc79897acaa99a95
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
358d031ae310f2f7949026440ade6a6e0d1bf52733503156366796bf2d401347
386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a
39bfe62b168db57a5e861b1872c6c1843aa437cca86fdb3ccaeb2a913e3a5d59
3df370ec15e0de0d6eda240873c09da096d6e37ca2984ff2ddb7a5603fa71d4a
3efdf09e51f3ec616ed534a682bb3db5eb060dd912e51adc58a9170089ea84e5
3f6aeef4b1e9ab7c457793ecf90a44b8f35cab830369a32e726d33ecf82f300c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44cc05657b3b4d888ed0c123999fa4e1eb40c8c90a18657abfbe8581c2512bb0
45ae39b83ce75a8dbf0febf1e5b630fc54a713039ccfad6b46238212a1b858a9
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4902b09c2efe89a68f7ccc24c9dfc1d4712e14393dd32c71c5085ab37daad9bf
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
572782099de62f3196709e45697c8d260da564cc336cd813214746dae6807ce9
572f5c7956c6df267d7a9725e35602fb2b414dd5c48e53512468e627f0ef3a3c
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5aa10ef00f657844c54c87626901a73df92dedfe2526541d0215d59824491ecf
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5cca4cddd4f59dc1890d79a18b1dd68d69c68e4c28c568d7edca037a2dce1979
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
60409946ec37f5d25bf3516bd3fbc347358e60feaf168a3d578b323cb750860b
61ea329c09b4cc22cd4391b26ca2b66257eb824e590d4de2a760ccbfccf70bf7
622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec
6803ac85fd513fcaece95b62a1ffcb9ca0d42174c7193b7ad1602a7a8520fb7f
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6be2877e62b1e43a8ae3acb72b542f9bd45b340f995601a6148ba0689fb28b93
6c103980ef9acd760daed97b96d96ccc68bd8dfd9085f963594b007c98ef599b
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6d8206c532a6b1a9009fee29165b062b9ec1bb1215294d65a15ce44b9c87885f
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
70daede4992180887e7baf31fa369e0c9b23062af4e38c3d2590e012f157b827
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
77fd2e01fe7322b437084ad512b3c3df777ce7d092b975eb8b29ecb4fb612187
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
78869d074a17683bb032167c85f5ce42e47dc0ef53c6891922f8a467b3a233ae
7c8b113cce07a87ca4cb9dc4f1c55d701efd44834430e1939c27b2e5e1c12ac1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84bf3385585c2a81cf961332af338f36d0fe2d2529a70cec26336a2a47945b2d
84d1a6377c22f7683a00d101a2a1ff90cf1eaf607128ce45a835a188e1dd10ae
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
861150805fb175cca080335007c0581dc6db61634da88f160e8db8641a72f8b9
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8c2b5a2945535269c1cefe505e56b663f26b3d322d35ab4fa835a24c543226dc
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
90cd085fb1b820cab7d04a52702a189d2a3cf9ffbcf1ef3b354283d65d7fa24a
945063ebf0d8666b48130934c6bfc0653210ae7d836fd985d3966efba08aa1a2
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9b9971d96411c9db199cb76e0e3ba2973a1992524321435dacd754e96ac9dace
a3b5935675b024221eb6540d038e75944dbf64759556d5c8a58eaac7cc5188c4
a759130737e704a439f7ff5343435b471664cc63c53bf209ad736ab172c77dff
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
ac2be5f6d404a2cdeef5f6b792544790a88fe8098c9513b2bf0ca2b6363af7f9
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af334f860c47989361cfaa6bb8f2eaf6ddf7d36d58cbec8922d9109459fa7c42
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b985f9368c2e5ff522d6ee979d37197bca61a8d463fd55f34afdf0c8183f6358
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bc46e11ef889c4607d9befe335305d246d312cb0cda290d3beb75a722d417979
be08df326777a8b33cbcd047765e7dc6b8ddf620dcf64a85402ffc8fa006caab
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c81c322867056949b4836c5860843392b7da5dcb563ec2e99f8a5c05f7e74106
c829514739663b0fbaa1e5b4da63fecddb091258f1f8cb852c5e54e1b3fce9af
ca2c9431c62d28c900cfc16631afa5e29e39abe2bfbe7440d22a4c194f42c3dd
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
cedc3b05f6b82af9696f663cebb5afdcea4e495d8646316f30fa041b8530d9ff
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d4cebb76335de0dc110795c651a14c7628806ea898a0526c1c70c655614b4825
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d9a9b2a15666ace13ce304e0a34baaa8a82ce5bc9d01480872869c9871dc552c
d9ac6a85192d4c1dc3c4de260e5b642cd81f352b554f1c5ce69bc15ee8ec64b1
da58c26f3220a8577f0a2d402e63f58fda7c0e5f7d4bbf3abddc4c55e7bf8506
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2
ea9f15ca498d7b2d725f99ac4c6df5bdfe55cefc931f2a5951fccb38060e437c
eaae1d4db82158aa4b92c4286ed1977ad9c3eb18db96573c6404f681fc93a78d
eb529572e8303d0a62213e86419c6f4b1e816b510b8655dd40453e95bdc3eab1
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f524309c83549cab1b81b931d905888234eecf709e4aa0ade136daa5edbb5246
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
f88f89a0cead9c36ddbe19508f32f64bd91e94e92b6006dd575e8d0deb317d7f
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa129022a2c6b9211fba781a2b04119fa8b920a06dcfc71368415748f77dc2d2
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
fc16c6c9db9e1c68f7f587c2848b69dd910ec82f802509b9f347d432613bdf23
fda2279514dad576fac0fe7a591e2aaea6002bf01109bf2986c0302591841e6b
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e