www.attackiq.com Open in urlscan Pro
2606:4700:10::ac43:662 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/kx8DKoUJvA
Effective URL:
https://www.attackiq.com/2024/07/31/emulating-andariel/
Submission: On October 07 via api (October 7th 2024, 12:57:16 pm UTC) from IN — Scanned from US

Summary HTTP 121 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 49 IPs in 2 countries across 40 domains to perform 121 HTTP transactions. The main IP is 2606:4700:10::ac43:662, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.attackiq.com.
TLS certificate: Issued by WE1 on August 29th 2024. Valid for: 3 months.

This is the only time www.attackiq.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
37	2606:4700:10:... 2606:4700:10::ac43:662	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3037::ac43:8ef5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:562a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2607:f8b0:400... 2607:f8b0:4004:c09::68	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c0b::9a	15169 (GOOGLE) (GOOGLE)
1	18.160.41.112 18.160.41.112	16509 (AMAZON-02) (AMAZON-02)
1	2600:1408:c40... 2600:1408:c400:5::17c7:371d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
3	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:23c... 2600:9000:23cb:ba00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
5	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	23.212.248.24 23.212.248.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.18.17.5 104.18.17.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.207.134.130 23.207.134.130	16625 (AKAMAI-AS) (AKAMAI-AS)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c07::9d	15169 (GOOGLE) (GOOGLE)
1	54.162.9.247 54.162.9.247	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1408:c40... 2600:1408:c400:e::17cd:6a13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	18.164.96.90 18.164.96.90	16509 (AMAZON-02) (AMAZON-02)
1 2	52.206.11.1 52.206.11.1	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 3	68.67.160.117 68.67.160.117	29990 (ASN-APPNEX) (ASN-APPNEX)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	104.18.16.5 104.18.16.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12 15	2600:1f18:61c... 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700::68... 2606:4700::6810:762b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1f18:61c... 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.211.202.130 35.211.202.130	15169 (GOOGLE) (GOOGLE)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	142.251.174.156 142.251.174.156	15169 (GOOGLE) (GOOGLE)
1 2	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.146.5 69.173.146.5	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	64.202.112.31 64.202.112.31	23352 (SERVERCEN...) (SERVERCENTRAL)
1	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	34.200.65.202 34.200.65.202	14618 (AMAZON-AES) (AMAZON-AES)
1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1	107.21.157.193 107.21.157.193	14618 (AMAZON-AES) (AMAZON-AES)
121	49

2 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2606:4700:10::ac43:662 (United States)

ASN13335 (CLOUDFLARENET, US)

www.attackiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.92.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-ab33.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::68 (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c0b::9a (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-112.iad55.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:5::17c7:371d (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:ba00:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.212.248.24 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-248-24.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.17.5 (None, )

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.207.134.130 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-207-134-130.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c07::9d (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.162.9.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-162-9-247.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:e::17cd:6a13 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-90.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.206.11.1 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-11-1.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.117 (Colonia, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

041-fsq-281.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.16.5 (None, )

ASN13335 (CLOUDFLARENET, US)

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2 (Ashburn, United States) 12 redirects

ASN14618 (AMAZON-AES, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.211.202.130 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 130.202.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.174.156 (Farmingdale, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qc-in-f156.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.36.155 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.31 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.65.202 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.21.157.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-157-193.compute-1.amazonaws.com

ipv4.d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	attackiq.com www.attackiq.com	1 MB
19	adroll.com 12 redirects s.adroll.com — Cisco Umbrella Rank: 3395 d.adroll.com — Cisco Umbrella Rank: 1624 x.adroll.com — Cisco Umbrella Rank: 4422 ipv4.d.adroll.com — Cisco Umbrella Rank: 12598	48 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 b.6sc.co — Cisco Umbrella Rank: 3611	21 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	4 KB
6	ml314.com ml314.com — Cisco Umbrella Rank: 1614 in.ml314.com — Cisco Umbrella Rank: 11277	40 KB
6	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192 cm.g.doubleclick.net — Cisco Umbrella Rank: 283	4 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 326	116 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 446	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 267	3 KB
3	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 373	2 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5671	4 KB
3	qualified.com js.qualified.com — Cisco Umbrella Rank: 16970 app.qualified.com — Cisco Umbrella Rank: 16988	242 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 348	15 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147	88 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	304 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1222	159 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 415	981 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 495	567 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 516	515 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 609	1 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4482	2 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 462	836 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 243	1 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3657	7 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1177	61 KB
2	t.co t.co — Cisco Umbrella Rank: 859	1 KB
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 1107	365 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 867	584 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 881	360 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 413	1 KB
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 399	183 B
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	58 KB
1	mktoresp.com 041-fsq-281.mktoresp.com	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 962	395 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 960	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 498	305 B
1	marketo.com app-ab33.marketo.com — Cisco Umbrella Rank: 646768	67 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 683	7 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 7196	453 B
121	40

	Domain	Requested by
37	www.attackiq.com	t.co www.attackiq.com static.cloudflareinsights.com
15	d.adroll.com	12 redirects s.adroll.com
8	b.6sc.co
6	cdn.cookielaw.org	www.attackiq.com cdn.cookielaw.org
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	ml314.com	t.co ml314.com
3	pixel.tapad.com	2 redirects
3	ib.adnxs.com	2 redirects
3	match.adsrvr.org	3 redirects
3	js.zi-scripts.com	t.co js.zi-scripts.com
3	bat.bing.com	t.co bat.bing.com
3	www.googletagmanager.com	t.co www.googletagmanager.com
3	use.fontawesome.com	www.attackiq.com use.fontawesome.com
2	eb2.3lift.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	us-u.openx.net	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	x.adroll.com	s.adroll.com
2	ws.zoominfo.com	js.zi-scripts.com
2	app.qualified.com	js.qualified.com
2	idsync.rlcdn.com	2 redirects
2	dpm.demdex.net	1 redirects
2	td.doubleclick.net	www.googletagmanager.com
2	munchkin.marketo.net	t.co munchkin.marketo.net
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.google.com	1 redirects
2	t.co
1	ipv4.d.adroll.com
1	sync.taboola.com
1	image2.pubmatic.com
1	sync.outbrain.com
1	pixel.rubiconproject.com
1	cm.g.doubleclick.net	1 redirects
1	x.bidswitch.net
1	connect.facebook.net	s.adroll.com
1	041-fsq-281.mktoresp.com	munchkin.marketo.net
1	script.hotjar.com	static.hotjar.com
1	analytics.twitter.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	in.ml314.com	ml314.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	js.qualified.com	www.googletagmanager.com
1	j.6sc.co	t.co
1	s.adroll.com	t.co
1	static.ads-twitter.com	t.co
1	snap.licdn.com	t.co
1	static.hotjar.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	app-ab33.marketo.com	www.attackiq.com
1	static.cloudflareinsights.com	www.attackiq.com
1	bit.ly	1 redirects
121	55

This site contains links to these domains. Also see Links.

Domain
portal.attackiqready.com
manage.attackiqready.com
academy.attackiq.com
www.facebook.com
twitter.com
www.linkedin.com
blog.talosintelligence.com
attack.mitre.org
www.youtube.com
attackiq.com
cookiepedia.co.uk
onetrust.com

Subject Issuer	Validity	Valid
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
www.attackiq.com WE1	`2024-08-29` - `2024-11-27`	3 months	crt.sh
use.fontawesome.com WE1	`2024-09-09` - `2024-12-09`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-09-03` - `2024-12-02`	3 months	crt.sh
app-ab33.marketo.com Cloudflare Inc ECC CA-3	`2024-03-09` - `2024-12-31`	10 months	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-08-21` - `2024-11-19`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
qualified.com WE1	`2024-09-04` - `2024-12-03`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
zi-scripts.com WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
*.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2024-09-14` - `2025-10-11`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M03	`2024-09-08` - `2025-10-07`	a year	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
*.adroll.com Amazon RSA 2048 M02	`2024-07-03` - `2025-07-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-16` - `2024-10-14`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.attackiq.com/2024/07/31/emulating-andariel/
Frame ID: 8FB92FBE5044EF19F54E1F4DF9F7944F
Requests: 117 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-F05SB1HBT8&gacid=1887683055.1728305831&gtm=45je4a20v9116878293z879575729za200zb79575729&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101403289~101529665~101671035~101747727&z=1917105085
Frame ID: 23D32DF2D77859C21D0A7558A9E80723
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/862175634?random=1728305830782&cv=11&fst=1728305830782&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9132208297z879575729za201zb79575729&gcd=13l3l3l3l5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&npa=0&pscdl=noapi&auid=1829524589.1728305831&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 36B92AC0C20710AE8E66C8E218BA1783
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/j1bgMw3UdfB6bHr6/messenger?uuid=9303f4da-b095-49ce-9d3c-5cff0aa11e60
Frame ID: FA8606023EA2B829D20F8797B7F82864
Requests: 1 HTTP requests in this frame

Frame: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV
Frame ID: 134232599FF04E85697F5FEDE3D73F9B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Emulating the Adversary Andariel - AttackIQ

Page URL History Show full URLs

https://t.co/kx8DKoUJvA Page URL
https://bit.ly/4d5OuMO HTTP 301
https://www.attackiq.com/2024/07/31/emulating-andariel/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

121
Requests

84 %
HTTPS

38 %
IPv6

40
Domains

55
Subdomains

49
IPs

2
Countries

2573 kB
Transfer

6188 kB
Size

70
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.attackiqready.com/flex-signup
Title: Sign-Up for Flex

Search URL Search Domain Scan URL

URL: https://manage.attackiqready.com/
Title: Login to Flex

Search URL Search Domain Scan URL

URL: https://academy.attackiq.com/
Title: Academy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Emulating%20the%20Politically%20Motivated%20North%20Korean%20Adversary%20Andariel%20%E2%80%93%20Part%202&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&via=AttackIQ

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&title=Emulating%20the%20Politically%20Motivated%20North%20Korean%20Adversary%20Andariel%20%E2%80%93%20Part%202&source=attackiq.com

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
Title: reported

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1033
Title: T1033

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1087/
Title: T1087

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057/
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1654/
Title: T1654

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1049
Title: T1049

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1012
Title: T1012

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/
Title: T1562

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105
Title: T1105

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1136/001
Title: T1136.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1098
Title: T1098

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1069/
Title: T1069

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/
Title: T1003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/001
Title: T1003.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1543/003/
Title: T1543.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082/
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1518/001/
Title: T1518.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1016
Title: T1016

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1018
Title: T1018

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1031/
Title: M1031 – Network Intrusion Prevention

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/001/
Title: T1003.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1028/
Title: M1028 – Operating System Configuration

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1027/
Title: M1027 – Password Policies

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1026/
Title: M1026 – Privileged Account Management

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1017/
Title: M1017 – User Training

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1040/
Title: M1040 – Behavior Prevention on Endpoint

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1043/
Title: M1043 – Credential Access Protection

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1025/
Title: M1025 – Privileged Process Integrity

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1047/
Title: M1047 – Audit

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/mitigations/M1018/
Title: M1018 – User Account Management

Search URL Search Domain Scan URL

URL: https://twitter.com/AttackIQ
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/attackiq/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/attackiq
Title: YouTube

Search URL Search Domain Scan URL

URL: https://attackiq.com/resources/
Title: Resources

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/kx8DKoUJvA Page URL
https://bit.ly/4d5OuMO HTTP 301
https://www.attackiq.com/2024/07/31/emulating-andariel/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://www.google.com/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dma=0&npa=0&gtm=45He4a20n815VVNX5Kv79575729za200&auid=1829524589.1728305831 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dma=0&npa=0&gtm=45He4a20n815VVNX5Kv79575729za200&auid=1829524589.1728305831

Request Chain 79

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D555570%26time%3D1728305831028%26li_adsId%3Da23eed6f-487c-47cc-8039-266108b4db83%26url%3Dhttps%253A%252F%252Fwww.attackiq.com%252F2024%252F07%252F31%252Femulating-andariel%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookiesTest=true&liSync=true&e_ipv6=AQLTZwjRCdcSaAAAAZJnDh3O1qPqPR_dIGwNPxQVOWgyVTMpZOnxUJtN-rRQvSa1GnhkyKxxKgUwxoRDTjNGdNJMOCiQqE0

Request Chain 88

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3647538404092543033&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3647538404092543033&redir=

Request Chain 89

https://idsync.rlcdn.com/395886.gif?partner_uid=3647538404092543033 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NzUzODQwNDA5MjU0MzAzMxAAGg0Ip7WPuAYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=706e813b136f3ebba69f29bd0a92337cebb09cb1fdb1ad22d61f7d3edd210d02f4cb09cee1a4f8eb&person_id=3647538404092543033&eid=50082

Request Chain 90

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=91d4dc0b-dd34-4d1b-9512-919006362cd0&gdpr=0&gdpr_consent=

Request Chain 91

https://ib.adnxs.com/getuid?https://ml314.com/csync.ashx%3Ffp=$UID%26person_id=3647538404092543033%26eid=2 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fml314.com%2Fcsync.ashx%253Ffp%3D%24UID%2526person_id%3D3647538404092543033%2526eid%3D2 HTTP 302
https://ml314.com/csync.ashx?fp=3577541493774079655&person_id=3647538404092543033&eid=2

Request Chain 100

https://d.adroll.com/cm/b/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

Request Chain 101

https://d.adroll.com/cm/experian/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=91d4dc0b-dd34-4d1b-9512-919006362cd0&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%2C%2C

Request Chain 102

https://d.adroll.com/cm/g/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=oVIHy6DVjTPNkPtSHofyOA HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 103

https://d.adroll.com/cm/index/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831&C=1

Request Chain 104

https://d.adroll.com/cm/n/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expires=365

Request Chain 105

https://d.adroll.com/cm/o/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent=

Request Chain 106

https://d.adroll.com/cm/outbrain/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 107

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 108

https://d.adroll.com/cm/r/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Request Chain 109

https://d.adroll.com/cm/taboola/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

Request Chain 110

https://d.adroll.com/cm/triplelift/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

Request Chain 111

https://d.adroll.com/cm/x/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

121 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 kx8DKoUJvA Show response
t.co/ 221 B
901 B 135ms
85ms Document
text/html 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

65c3f460c3efd93348950f2c84f7acd44e120b34006aad85aab242fe89d00585

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
cf-cache-status: DYNAMIC
cf-ray: 8cee0e287e27199d-EWR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 12:57:09 GMT
expires: Mon, 07 Oct 2024 13:02:09 GMT
perf: 7402827104
server: cloudflare tsa_b
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: cb44605854eb20c3f147ed46eb575942ecf8ff77f6a967751672407b2ffa07d0
x-response-time: 19
x-transaction-id: 77e0a4b4c50dfd4c
x-xss-protection: 0

GET
H2

200

Primary Request / Show response
www.attackiq.com/2024/07/31/emulating-andariel/
Redirect Chain

https://bit.ly/4d5OuMO
https://www.attackiq.com/2024/07/31/emulating-andariel/

139 KB
25 KB

214ms
113ms

Document
text/html

2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/2024/07/31/emulating-andariel/

Requested by

Host: t.co
URL: https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03909ded9fe9db84fcb1b54d400c106785b5bec59df31577e8287cf7522bf95a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://t.co/kx8DKoUJvA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=14400
cf-apo-via: tcache
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 8cee0e2a68f17d02-EWR
content-encoding: br
content-security-policy: frame-ancestors 'self'
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 07 Oct 2024 12:57:09 GMT
last-modified: Mon, 07 Oct 2024 10:16:26 GMT
link: <https://www.attackiq.com/wp-json/>; rel="https://api.w.org/", <https://www.attackiq.com/wp-json/wp/v2/posts/23441>; rel="alternate"; title="JSON"; type="application/json", <https://www.attackiq.com/?p=23441>; rel=shortlink
server: cloudflare
vary: Accept-Encoding
x-cache-status: MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=90
content-length: 142
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 12:57:09 GMT
location: https://www.attackiq.com/2024/07/31/emulating-andariel/
referrer-policy: unsafe-url
server: nginx
via: 1.1 google

GET
H2 200 style.min.css
www.attackiq.com/wp-includes/css/dist/block-library/ 110 KB
15 KB 28ms
24ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb3a89cc6347e098063bd15f285bc90411846ddce6f17812364feedab67a67f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66e0d2f0-1b72b"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Tue, 10 Sep 2024 23:14:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a187d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 marketo.css
www.attackiq.com/wp-content/plugins/basis-marketo/lib/ 747 B
472 B 23ms
20ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/basis-marketo/lib/marketo.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd25436a214b803b3f67f8f6598bfc58007bcf8b641d102c5af4cfff8e2b961a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"648a04e5-2eb"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Wed, 14 Jun 2023 18:20:21 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a1b7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 frontend.min.css
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/css/ 102 KB
16 KB 32ms
29ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ac1070175faf426da4bde8870f5d00e6a954104427b4a68ffccc1a24ac27dfd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-19618"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a1e7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 flatpickr.min.css
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 14 KB
3 KB 26ms
23ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-3601"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a1f7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 select2.min.css
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 27ms
25ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-3a75"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a217d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 search-filter.min.css
www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/css/ 36 KB
7 KB 28ms
26ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65ba7e52-91f3"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Wed, 31 Jan 2024 17:07:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a267d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 app.0efb2e5f.css
www.attackiq.com/wp-content/themes/attackiq/dist/ 297 KB
50 KB 38ms
37ms Stylesheet
text/css 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c21a498c92235bcdedf2edfd6cd2f609b243d89ee25d9799ab0d0a149e3f6507

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"650c5cd3-4a3e7"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a297d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-blg-andariel-00-2048x1467.png
www.attackiq.com/wp-content/uploads/2024/07/ 509 KB
509 KB 420ms
419ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/07/col-blg-andariel-00-2048x1467.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

877bd8ac8572e9427fc37ddfd8e3e4734a79e849e2e4a94f3786d90886dc2284

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-cache-status: MISS
etag: "66aa6c67-7f20e"
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/png
last-modified: Wed, 31 Jul 2024 16:55:03 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a2d7d02-EWR
accept-ranges: bytes
content-length: 520718
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-blg-andariel-01.png
www.attackiq.com/wp-content/uploads/2024/07/ 90 KB
91 KB 413ms
412ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/07/col-blg-andariel-01.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dde63036e3ddba17256937088dd7f6ca137384e64070e5b73126b765a858a2a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-cache-status: MISS
etag: "66aa6c63-16904"
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/png
last-modified: Wed, 31 Jul 2024 16:54:59 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b4a317d02-EWR
accept-ranges: bytes
content-length: 92420
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-blg-andariel-02-2048x268.png
www.attackiq.com/wp-content/uploads/2024/07/ 133 KB
133 KB 397ms
394ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/07/col-blg-andariel-02-2048x268.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e3a00c93d910c8542d67d58e472c345d4941ab8acabe36daece610ce06563df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-cache-status: MISS
etag: "66aa6c62-212d3"
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/png
last-modified: Wed, 31 Jul 2024 16:54:58 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b9a957d02-EWR
accept-ranges: bytes
content-length: 135891
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-blg-andariel-03.png
www.attackiq.com/wp-content/uploads/2024/07/ 35 KB
36 KB 319ms
317ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/07/col-blg-andariel-03.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e19a7d521658cc4fa5a62c1890114370a6d2f5228a2c49ca919d816c4cd33e90

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-cache-status: MISS
etag: "66aa6c60-8dc0"
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/png
last-modified: Wed, 31 Jul 2024 16:54:56 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b9a977d02-EWR
accept-ranges: bytes
content-length: 36288
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-blg-andariel-04-2048x256.png
www.attackiq.com/wp-content/uploads/2024/07/ 122 KB
122 KB 391ms
389ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/07/col-blg-andariel-04-2048x256.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3b5253b802748399cb03584bff0bd6deac9f0c029955a26b9e0061d207d7795

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-cache-status: MISS
etag: "66aa6c5f-1e8ee"
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/png
last-modified: Wed, 31 Jul 2024 16:54:55 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b9a987d02-EWR
accept-ranges: bytes
content-length: 125166
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 col-usr-fg-150x150.png
www.attackiq.com/wp-content/uploads/2023/08/ 26 KB
26 KB 23ms
21ms Image
image/png 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2023/08/col-usr-fg-150x150.png

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9e2e7532c94cb461e4039b6ff408ad7ab58198e038e91e94901f5a5c3682b12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cf-bgj: imgq:100,h2pri
etag: "64f06f5f-6d55"
age: 26472
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 05:35:56 GMT
cf-polished: origSize=27989, status=vary_header_present
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/png
last-modified: Thu, 31 Aug 2023 10:45:51 GMT
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2b9a9a7d02-EWR
accept-ranges: bytes
content-length: 26422
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 all.css
use.fontawesome.com/releases/v5.8.1/css/ 54 KB
12 KB 80ms
17ms Stylesheet
text/css 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by: Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=31556926
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
age: 1862428
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2kD%2Bywy9wqloYGtkwVmL%2FRNE4uCb%2FuQOYBnWN7NBfta9ig5%2FphKqm6JFsRzdUMYEsX0SPAzT2WkDmXwoKd%2BWSeX9Ea2TGx%2FbIUAvPcudhJg%2BZVGX%2B8LplOdykYe7O7RrLiOawyZR9krDG3C%2FTfPfeZ6"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cee0e2bf899de97-EWR
access-control-allow-origin: *
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/css
last-modified: Fri, 22 Sep 2023 01:45:55 GMT
vary: Origin, Accept-Encoding
server: cloudflare

GET
H2 200 rocket-loader.min.js Show response
www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 15ms
14ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"66fc0c28-302c"
x-content-type-options: nosniff
cf-ray: 8cee0e2b9a9b7d02-EWR
expires: Wed, 09 Oct 2024 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 14:50:16 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 50ms
25ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://www.attackiq.com/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8cee0e2bb8df43ac-EWR
access-control-allow-origin: *
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 417d9da66e84c787fa30e6c0880fe5b92a9828c75137241bdd24ce7ae80d6fce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 gfx-sm-ft-twitter.svg
www.attackiq.com/wp-content/uploads/2024/08/ 2 KB
1 KB 21ms
19ms Image
image/svg+xml 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/08/gfx-sm-ft-twitter.svg

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

982e7dbc20afcd1e70a40ee3393e0687f3f41026db951bec50ce73d035909e5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66c4c35a-94b"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/svg+xml
last-modified: Tue, 20 Aug 2024 16:24:58 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2bcacc7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 gfx-sm-ft-linkedin.svg
www.attackiq.com/wp-content/uploads/2024/08/ 1 KB
656 B 20ms
19ms Image
image/svg+xml 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/08/gfx-sm-ft-linkedin.svg

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a895ae2e0849cef1bd7c5d82f0564c470a9d37d06f6503b85dbc9776ce10f13

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66c4c35b-528"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/svg+xml
last-modified: Tue, 20 Aug 2024 16:24:59 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2bcacd7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 gfx-sm-ft-youtube.svg
www.attackiq.com/wp-content/uploads/2024/08/ 1 KB
742 B 19ms
18ms Image
image/svg+xml 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.attackiq.com/wp-content/uploads/2024/08/gfx-sm-ft-youtube.svg

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/2024/07/31/emulating-andariel/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14f15a2702fecf1b66b40c1ad1cce817652925f3645c94d133dd4c1668b51b06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66c4c358-521"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/svg+xml
last-modified: Tue, 20 Aug 2024 16:24:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2bcace7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 apercu-light-pro.2a2743b2.woff2
www.attackiq.com/wp-content/themes/attackiq/dist/fonts/ 45 KB
45 KB 20ms
19ms Font
font/woff2 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/fonts/apercu-light-pro.2a2743b2.woff2

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52350d4cec6f6079a23d7da90051f81fbc32579529501285e1f1f168fa7a8e11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Response headers

cf-cache-status: HIT
etag: "650c5cd3-b28c"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: font/woff2
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c1b467d02-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45708
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 Whyte-Regular.412d6af0.woff2
www.attackiq.com/wp-content/themes/attackiq/dist/fonts/ 44 KB
44 KB 21ms
21ms Font
font/woff2 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/fonts/Whyte-Regular.412d6af0.woff2

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acb1007ab807eca533e1ee9349c8033b396f060a590b5d7e4853153d4dfd8abe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Response headers

cf-cache-status: HIT
etag: "650c5cd3-b088"
age: 152048
x-content-type-options: nosniff
expires: Sun, 05 Oct 2025 18:43:01 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: font/woff2
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c1b4a7d02-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45192
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 apercu-mono-regular-pro.35b3e973.woff2
www.attackiq.com/wp-content/themes/attackiq/dist/fonts/ 35 KB
36 KB 22ms
22ms Font
font/woff2 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/fonts/apercu-mono-regular-pro.35b3e973.woff2

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffd5f7087e0c2de523e020e87a885250d36cdc944ba494f1b0f410e2b05bdc73

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://www.attackiq.com/wp-content/themes/attackiq/dist/app.0efb2e5f.css

Response headers

cf-cache-status: HIT
etag: "650c5cd3-8d50"
age: 26472
x-content-type-options: nosniff
expires: Tue, 07 Oct 2025 05:35:57 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: font/woff2
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c1b517d02-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36176
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 wp-consent-api.min.js Show response
www.attackiq.com/wp-content/plugins/wp-consent-api/assets/js/ 2 KB
767 B 25ms
19ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-consent-api/assets/js/wp-consent-api.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edb6c7358824cfc0cb6ebb6cc13224599ef3a4cb5ee44cc06367517c7b101e87

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"665a1aeb-702"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Fri, 31 May 2024 18:46:03 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c2b787d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 googlesitekit-consent-mode-3d6495dceaebc28bcca3.js Show response
www.attackiq.com/wp-content/plugins/google-site-kit/dist/assets/js/ 73 KB
26 KB 28ms
23ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/google-site-kit/dist/assets/js/googlesitekit-consent-mode-3d6495dceaebc28bcca3.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82fbcdbe0b2bdc9a7619c5a99684e09abeb12a11c7dcc5e6e3ed2227ee4461b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66f1f66f-123f7"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 23:14:55 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c2b7b7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 app.a7d8fd16.js Show response
www.attackiq.com/wp-content/themes/attackiq/dist/ 244 KB
76 KB 37ms
32ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/app.a7d8fd16.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d00f5f568802135cf1b7b320d33a89c3ec5496bbf82a47e19034c6d42a17d1e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"650c5cd3-3ced3"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c2b807d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 runtime.d925e6c1.js Show response
www.attackiq.com/wp-content/themes/attackiq/dist/ 2 KB
863 B 23ms
18ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/themes/attackiq/dist/runtime.d925e6c1.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92352075ba806940563a09017ef43fd055a33d3f7f644b46dcf23a0d30a9190b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"650c5cd3-613"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Thu, 21 Sep 2023 15:10:11 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c2b827d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 datepicker.min.js Show response
www.attackiq.com/wp-includes/js/jquery/ui/ 36 KB
11 KB 25ms
20ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-includes/js/jquery/ui/datepicker.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8299ff4f0a4f809995dbace583b14258b897eda6eb49b44d6cc58c9a755d68bc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66b54dbd-8f8c"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 22:59:09 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b847d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 core.min.js Show response
www.attackiq.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 26ms
22ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66b54dbd-53d8"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 22:59:09 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b857d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 frontend.min.js Show response
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/js/ 19 KB
5 KB 39ms
35ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af0d42741b7f3f516d88eb1ce617c93f617bcfb5c7ff68b05f378120dc399a80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-4b28"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b877d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 marketo.js Show response
www.attackiq.com/wp-content/plugins/basis-marketo/lib/ 4 KB
1 KB 37ms
33ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/basis-marketo/lib/marketo.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f3a8e65ec78b77eb0ffa8a7cb3a18c4e0ef2f677e5dd1ec7deaaeadeacac473

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"648a04e5-ee7"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 14 Jun 2023 18:20:21 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b887d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 forms2.min.js Show response
app-ab33.marketo.com/js/forms2/js/ 199 KB
67 KB 115ms
29ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab33.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=63113904
cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "1d4047f-31b91-62370c030d900"
age: 1129
x-content-type-options: nosniff
cf-ray: 8cee0e2cbe32429b-EWR
expires: Mon, 07 Oct 2024 16:57:09 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 chosen.jquery.min.js Show response
www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/js/ 28 KB
7 KB 32ms
28ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/js/chosen.jquery.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65ba7e52-71c1"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 31 Jan 2024 17:07:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b8c7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 search-filter-build.min.js Show response
www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/js/ 64 KB
19 KB 34ms
31ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/search-filter-pro/public/assets/js/search-filter-build.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6d7d5a6953659e28738fb9908ebd2161bb9013afc50e0bb292af091184848a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65ba7e52-10084"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 31 Jan 2024 17:07:30 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b8e7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 select2.min.js Show response
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 31ms
28ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-114c3"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b907d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 flatpickr.min.js Show response
www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 49 KB
15 KB 28ms
25ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddbda21655c0c2cb09913a9e33d856a8b8f3e1eae610cdbda8524def2dc71f7d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66eb0b41-c5a4"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Sep 2024 17:17:53 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b947d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery-migrate.min.js Show response
www.attackiq.com/wp-includes/js/jquery/ 13 KB
5 KB 27ms
25ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6509d337-3509"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Tue, 19 Sep 2023 16:58:31 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b957d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.min.js Show response
www.attackiq.com/wp-includes/js/jquery/ 86 KB
31 KB 32ms
30ms Script
application/javascript 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"656defd7-15601"
age: 252823
x-content-type-options: nosniff
expires: Sat, 04 Oct 2025 14:43:26 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 15:27:19 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cf-ray: 8cee0e2c3b967d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 22 KB
8 KB 50ms
17ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.attackiq.com
URL: https://www.attackiq.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efad755939e511f2bc1feb0d58d6014006e8598a4d431f27a66dd59e14fc19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: uiXk8gw/ehyoMvZ3GeQiaQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCE3E0C241C63A
x-ms-lease-status: unlocked
age: 6
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Tue, 08 Oct 2024 12:57:09 GMT
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: application/javascript
last-modified: Thu, 03 Oct 2024 19:22:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 61ecba25-801e-0016-2462-165214000000
cf-ray: 8cee0e2c5a6115a3-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7214
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 73 KB
73 KB 20ms
15ms Font
font/woff2 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://use.fontawesome.com/releases/v5.8.1/css/all.css

Response headers

cache-control: max-age=31556926
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "5e2f92123d241cabecf0b289b9b08d4a"
age: 26472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ieSXSfDgJFp94EwL0Mp009O866O85jh9dGGCjZirvb2B0Z6X85eEstllFHs4GojjFm9bi6mH2YOqu99kpKisaCa8OOrBVyTWcleWlpoIb1HSo66TNDNCPpevLe5UxZE1OxJV5dbweFMHGl0xjFDoQQqG"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cee0e2c59a6de97-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 74768
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: font/woff2
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
server: cloudflare

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 73 KB
73 KB 21ms
17ms Font
font/woff2 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.attackiq.com
Referer: https://use.fontawesome.com/releases/v5.8.1/css/all.css

Response headers

cache-control: max-age=31556926
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "418dad87601f9c8abd0e5798c0dc1feb"
age: 1675581
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i5xFZmjlhC8RMduh2FiK5XTENnLyi9W61cqBoAtQip7a5Q4t56VnwT73ArP01i0%2FlxbZ3Msc30yPRnPybwrACOMHt8%2BMpCjpKVN6ggvzFic0tlFTn80m0bA4LRZibuxYSO9zjYXCaiBw8Vl9lia%2BXTqR"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cee0e2c69f4de97-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 74256
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: font/woff2
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
server: cloudflare

GET
H2 200 2afbeace-befe-4a9c-b171-2050fe80651e.json Show response
cdn.cookielaw.org/consent/2afbeace-befe-4a9c-b171-2050fe80651e/ 3 KB
2 KB 58ms
36ms XHR
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/2afbeace-befe-4a9c-b171-2050fe80651e/2afbeace-befe-4a9c-b171-2050fe80651e.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4acc3f32c5ef71ec50c2e0b2fb02e87a1a2b250cf3bde73b4bea6113ea5c6e55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: 0FhYva+zrTxkUx2nvfYWzw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8D903170DF198BF
age: 54833
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 08 Oct 2024 12:57:10 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/json
last-modified: Mon, 19 Apr 2021 09:39:40 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 45726a21-e01e-008e-6747-23ef35000000
cf-ray: 8cee0e2f4f7d238e-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1344
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 favicon.ico
www.attackiq.com/wp-content/uploads/2020/08/ 17 KB
1 KB 19ms
18ms Other
image/x-icon 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/wp-content/uploads/2020/08/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3ffdcb1041c61f4aa9fddc86c7f03b6686f5bbff73724343517bd4c002a81da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6219187b-443e"
age: 2488
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/x-icon
last-modified: Fri, 25 Feb 2022 17:57:15 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
cache-control: max-age=14400
cross-origin-opener-policy: same-origin-allow-popups
cf-ray: 8cee0e2f48df7d02-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 284 KB
99 KB 165ms
37ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5VVNX5K

Requested by

Host: t.co
URL: https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7ad2adb73f8fd8ff816c7946e5d5def9fff76cd480ad7711967f5e0be003cacc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 07 Oct 2024 12:57:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 100772
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 149ms
35ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8cee0e3049b40f8d-EWR
access-control-allow-origin: *
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

POST
H3 204 rum Show response
www.attackiq.com/cdn-cgi/ 0
178 B 59ms
57ms XHR
text/plain 2606:4700:10::ac43:662
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.attackiq.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:662 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 8cee0e2fcbff43a9-EWR
access-control-allow-origin: https://www.attackiq.com
date: Mon, 07 Oct 2024 12:57:10 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.16.0/ 374 KB
83 KB 31ms
30ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

353bcd41d11cc5a2bcb6763c269e41ac785c06ace29ac10053bb7c0fa3bf1ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: dGCXlveaBvO7BI0nfZKP+g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D910C57D52F14C
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 68007
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript
last-modified: Thu, 06 May 2021 19:31:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 710ae3a0-c01e-001f-75b5-0c8a87000000
cf-ray: 8cee0e308d9d15a3-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 85065
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dma...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-an...

42 B
65 B

76ms
28ms

Ping
image/gif

2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dma=0&npa=0&gtm=45He4a20n815VVNX5Kv79575729za200&auid=1829524589.1728305831

Protocol

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 42
date: Mon, 07 Oct 2024 12:57:10 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G1--&gcd=13l3l3l3l5l1&tag_exp=101671035~101747727&rnd=2076702991.1728305831&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dma=0&npa=0&gtm=45He4a20n815VVNX5Kv79575729za200&auid=1829524589.1728305831
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 12:57:10 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 336 KB
110 KB 33ms
32ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F05SB1HBT8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VVNX5K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

806505e40450a2df00980dbd04f8e0b25646288b4d9592ebee07c61f7ab68114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 07 Oct 2024 12:57:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112318
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 hotjar-3147235.js Show response
static.hotjar.com/c/ 13 KB
5 KB 128ms
90ms Script
application/javascript 18.160.41.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3147235.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VVNX5K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-112.iad55.r.cloudfront.net

Software

Resource Hash

2e1e74ad3738a095044a88104e5913d58b8497ae4e5f185ebd3c37ef4d053913

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/ba45a36757401755562377eaaa724cb8
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 1bc23a6188e36846e1cf72b17d7ac1ac.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: ZQbyiWiUcsIkej-MkRctxoVbQwf68PvlH7VxOSWZR44LD6GjyU4HSA==
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: IAD55-P1

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 278 KB
95 KB 49ms
49ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-862175634&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VVNX5K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

130f3cb450648de43b1c83f46a661cf9847f6173753538623a0f9920714aded5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Mon, 07 Oct 2024 12:57:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97169
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 75ms
30ms Script
application/javascript 2600:1408:c400:5::17c7:371d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: t.co
URL: https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:371d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=82748
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 07 Oct 2024 12:57:10 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 91ms
13ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: t.co
URL: https://t.co/kx8DKoUJvA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15412
date: Mon, 07 Oct 2024 12:57:10 GMT
x-tw-cdn: FT
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000052-IAD
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
15 KB 63ms
23ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: t.co
URL: https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "803483b3aaadb1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E1F27E35CC74025B493E736A3346127 Ref B: EWR311000104023 Ref C: 2024-10-07T12:57:10Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14402
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/ 106 KB
32 KB 121ms
22ms Script
text/javascript 2600:9000:23cb:ba00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/roundtrip.js
Requested by: Host: t.co
URL: https://t.co/kx8DKoUJvA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:ba00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 568a8ce0a07a3c5193e7c7788d62f79939537c2187111abef9d2effc767901cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: w3iMFvjh_R3qgW0u_sRGLyKaDOevisfR
Etag: W/"7ae7d1553838bd1ef986a63437ecae9c"
Age: 128
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: MuaEqcE__JnU3Ll_4pNkSY_SiS6OLh8cBSnOlXyMXy17JY9sQTYPqg==
Date: Mon, 07 Oct 2024 12:57:10 GMT
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Last-Modified: Sat, 05 Oct 2024 12:40:30 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 2c6a244ba6cf015578de7d0a0b6908d4.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: JFK50-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 tag.aspx Show response
ml314.com/ 38 KB
39 KB 60ms
11ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?792024
Requested by: Host: t.co
URL: https://t.co/kx8DKoUJvA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
etag: "632616ff15825f030aab3391a58ef042"
age: 2365
x-goog-stored-content-encoding: identity
x-cache-hit: hit
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 39162
date: Mon, 07 Oct 2024 12:17:45 GMT
last-modified: Wed, 24 Jul 2024 19:30:50 GMT
content-type: application/javascript
x-guploader-uploadid: AHmUCY0DshH12dPvOfwCm9Qr320tJSj_-VOQemnaByRDDmcSH8iSM3ZFFXcieU2gS7rNmgru6w
cache-control: public,max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
cache-id: LGA-12baf686
accept-ranges: bytes
x-goog-generation: 1721849450340665
content-length: 39162
server: UploadServer

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 52ms
17ms Script
application/javascript 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: t.co
URL: https://t.co/kx8DKoUJvA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 15:57:10 GMT
accept-ranges: bytes
content-length: 18819
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 qualified.js Show response
js.qualified.com/ 1011 KB
236 KB 53ms
26ms Script
text/javascript 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=j1bgMw3UdfB6bHr6

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VVNX5K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fc89f5379a3d8f96821e0ccad0cdbf211cd65c504e9f1142e86fd33177dc024

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-request-id: 19798e89-cda8-4b55-b8d3-c65f675e196f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f79f06c9c6dbe02ca19e9ca9436811f8"
age: 11017
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 16:57:10 GMT
x-cache: miss
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: text/javascript; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.033754
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public, max-age=14400
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8cee0e3189c2c468-EWR
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 67ms
30ms Script
application/x-javascript 23.207.134.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: t.co
URL: https://t.co/kx8DKoUJvA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.207.134.130 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-134-130.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Content-Encoding: gzip
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Connection: keep-alive
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 729
Date: Mon, 07 Oct 2024 12:57:10 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 52ms
34ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: t.co
URL: https://t.co/kx8DKoUJvA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

server: cloudflare
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 63283
via: 1.1 603de9109fddeee11437fa4100155972.cloudfront.net (CloudFront)
cf-ray: 8cee0e31dda143f2-EWR
x-cache: Hit from cloudfront
x-amz-cf-id: fUxit6m_aCmOv0ChKpjHeQ9c1InJdS5dDCkAPot1dqqTFecRhZzRPw==
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
x-amz-cf-pop: JFK52-P8

GET
H2 200 en-us.json Show response
cdn.cookielaw.org/consent/2afbeace-befe-4a9c-b171-2050fe80651e/8f76fd85-42dd-4471-b2e7-8924f8c5570c/ 45 KB
9 KB 32ms
30ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/2afbeace-befe-4a9c-b171-2050fe80651e/8f76fd85-42dd-4471-b2e7-8924f8c5570c/en-us.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2309ceb0c06604045d3ff007ee5c4110a7a34fb05ad4a263b1809d5c797d681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: JYlvLMiFeKEVU38oLnMqZQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8D903170F5A958E
age: 54833
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Tue, 08 Oct 2024 12:57:10 GMT
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/json
last-modified: Mon, 19 Apr 2021 09:39:42 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 7ab7b1d0-c01e-007c-3d64-e30ebf000000
cf-ray: 8cee0e316a5d238e-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8728
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.16.0/assets/ 12 KB
3 KB 26ms
25ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.16.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: DKM3/i+7h7Fs8cEMor3s2A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D910C572DA86E8
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 54833
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/json
last-modified: Thu, 06 May 2021 19:30:47 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 3a41c480-001e-0010-7612-15fceb000000
cf-ray: 8cee0e31ba88238e-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2938
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.16.0/assets/v2/ 47 KB
11 KB 27ms
25ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.16.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a082145419e862c11e82c8d58fdae1f5bb02c3175d93ce884793ac869994515

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-md5: S3H0HVpdA/Z6/RbJtrvCUQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D910C5747F0CDA
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 54833
x-content-type-options: nosniff
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/json
last-modified: Thu, 06 May 2021 19:30:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 8540493b-401e-0001-23b6-71665f000000
cf-ray: 8cee0e31ba8c238e-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11574
x-ms-blob-type: BlockBlob
server: cloudflare

POST
H2 204 collect
analytics.google.com/g/ 0
0 52ms
22ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-F05SB1HBT8&gtm=45je4a20v9116878293z879575729za200zb79575729&_p=1728305830305&_gaz=1&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&dma=0&tag_exp=101403289~101529665~101671035~101747727&cid=1887683055.1728305831&ecid=1071624278&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728305830&sct=1&seg=0&dl=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&dr=https%3A%2F%2Ft.co%2F&dt=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1414
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F05SB1HBT8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.attackiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
555 B 53ms
21ms Ping
text/plain 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-F05SB1HBT8&cid=1887683055.1728305831&gtm=45je4a20v9116878293z879575729za200zb79575729&aip=1&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&frm=0&tag_exp=101403289~101529665~101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F05SB1HBT8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.attackiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 23D3 0
0 72ms
36ms Document
text/html 2607:f8b0:4004:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-F05SB1HBT8&gacid=1887683055.1728305831&gtm=45je4a20v9116878293z879575729za200zb79575729&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101403289~101529665~101671035~101747727&z=1917105085

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F05SB1HBT8&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.attackiq.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 12:57:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/862175634/ 5 KB
2 KB 36ms
36ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/862175634/?random=1728305830782&cv=11&fst=1728305830782&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9132208297z879575729za201zb79575729&gcd=13l3l3l3l5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&npa=0&pscdl=noapi&auid=1829524589.1728305831&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-862175634&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3da413ba21513151e5993074b647a440f8c8bbd3d46c85146633ce9bc3ddd13e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2375
date: Mon, 07 Oct 2024 12:57:10 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 862175634
td.doubleclick.net/td/rul/ Frame 36B9 0
0 39ms
38ms Document
text/html 2607:f8b0:4004:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/862175634?random=1728305830782&cv=11&fst=1728305830782&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9132208297z879575729za201zb79575729&gcd=13l3l3l3l5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&npa=0&pscdl=noapi&auid=1829524589.1728305831&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-862175634&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.attackiq.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Oct 2024 12:57:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 56239791.js Show response
bat.bing.com/p/action/ 370 B
425 B 25ms
25ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56239791.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE0BF768DED24489829B8453A853DE48 Ref B: EWR311000104023 Ref C: 2024-10-07T12:57:10Z
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 utsync.ashx Show response
ml314.com/ 554 B
1 KB 41ms
40ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=84130&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pv=1728305830905_wgx8pbo1q&bl=en-us&cb=4260564&return=&ht=&d=&dc=&si=1728305830905_wgx8pbo1q&cid=&s=1600x1200&rp=https%3A%2F%2Ft.co%2F&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?792024
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 4d7f7270a79eb6bc7cdb75a92e56119c6d884172c742d769bcc01611747ba349

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
via: 1.1 google
expires: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript
server: Google Frontend

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 36 B
497 B 155ms
81ms Script
application/javascript 54.162.9.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=792024&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?792024
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.9.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-9-247.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 46641a3cd4c211689f3110382ceb957dee3e6bddcd1984191eea9b7905381975

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Cache-Control: public
X-AspNet-Version: 4.0.30319
Content-Encoding: gzip
Connection: keep-alive
Expires: Tue, 08 Oct 2024 12:57:11 GMT
Content-Length: 153
Date: Mon, 07 Oct 2024 12:57:10 GMT
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 20ms
19ms XHR
text/html 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-248-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.attackiq.com
content-length: 7
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 37 B
341 B 99ms
14ms XHR
text/html 2600:1408:c400:e::17cd:6a13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:e::17cd:6a13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 05355283bda5393d0c7e0875941234dfb64a303834e79556dc1eec73df971dc5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a0d:5600:24:1500:1012:c75a:6e4a:9f74
expires: Mon, 07 Oct 2024 12:57:11 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728305830985_400219661_2535988996_25_1205_11_17_219";dur=1
access-control-allow-origin: https://www.attackiq.com
content-length: 37
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 23ms
22ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A10%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:10 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 21ms
20ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A57%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22fa8937fd4032c8e3c2a2ce1d4dadc7af%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A57%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Oct%202024%2012%3A57%3A10%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:10 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 88ms
88ms Script
application/x-javascript 23.207.134.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.207.134.130 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-207-134-130.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection: keep-alive
Expires: Wed, 15 Jan 2025 12:57:11 GMT
Accept-Ranges: bytes
Content-Length: 4741
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Mon, 07 Oct 2024 12:57:11 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
761 B 109ms
83ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=555570&time=1728305831028&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.attackiq.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000623e28f201e956e04a2e862cad91a
x-msedge-ref: Ref A: CF43AE5356154E5A9C44D7DEA52F8730 Ref B: EWR30EDGE0115 Ref C: 2024-10-07T12:57:11Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYj4o8gHpVuBKLoYsrZGg==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D555570%26time%3D1728305831028%26li_adsId%3Da23eed6f-487c-47cc-8039-266108b4db83%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%...

0
488 B

99ms
77ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookiesTest=true&liSync=true&e_ipv6=AQLTZwjRCdcSaAAAAZJnDh3O1qPqPR_dIGwNPxQVOWgyVTMpZOnxUJtN-rRQvSa1GnhkyKxxKgUwxoRDTjNGdNJMOCiQqE0
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FD9F5C1DDE8B4CCDA01B8506C632CB52 Ref B: EWR311000104011 Ref C: 2024-10-07T12:57:11Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYj4o8l4TUhZWcaBWhG8g==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=555570&time=1728305831028&li_adsId=a23eed6f-487c-47cc-8039-266108b4db83&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookiesTest=true&liSync=true&e_ipv6=AQLTZwjRCdcSaAAAAZJnDh3O1qPqPR_dIGwNPxQVOWgyVTMpZOnxUJtN-rRQvSa1GnhkyKxxKgUwxoRDTjNGdNJMOCiQqE0
x-msedge-ref: Ref A: 560DCDB4BD3D436989E0CBED830D0F2D Ref B: EWR30EDGE0915 Ref C: 2024-10-07T12:57:11Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYj4o8kUmf4S/vdolPGOA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 07 Oct 2024 12:57:10 GMT

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 104ms
89ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.attackiq.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.attackiq.com
apigw-requestid: fR8aKgg-PHcESzA=
cf-cache-status: DYNAMIC
cf-ray: 8cee0e342c114378-EWR
date: Mon, 07 Oct 2024 12:57:11 GMT
server: cloudflare
vary: Origin
via: 1.1 603de9109fddeee11437fa4100155972.cloudfront.net (CloudFront)
x-amz-cf-id: Lza7aECDvt8pyj8vVrvAqOvwD4JBRO3j-ezzjTfBaA9GeMZshcnXvw==
x-amz-cf-pop: JFK52-P8
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 adsct
t.co/i/ 43 B
325 B 175ms
154ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=b792d552-2406-445a-9ebc-79e1d03dd169&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a36e1b91-1388-4ba1-a1a2-de34a06c508f&tw_document_href=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzg3c&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: d011d19633eda760
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 2a4cf63d9831e487e5be486d6cdb331c888e93d11b43e374ce52d95375b16ef3
cf-cache-status: DYNAMIC
cf-ray: 8cee0e343e691849-EWR
x-response-time: 81
content-length: 43
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 205ms
105ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b792d552-2406-445a-9ebc-79e1d03dd169&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a36e1b91-1388-4ba1-a1a2-de34a06c508f&tw_document_href=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzg3c&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 4a39274a81ed7f94
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 8c8b7025254dc6ace33ff6859e314bcddfbe50754d9358f8b6ef71083865c9f5
x-response-time: 73
content-length: 43
date: Mon, 07 Oct 2024 12:57:10 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
526 B 89ms
89ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 007aa4e2dab46574972059695ca25f8d41a83da154607b4e0fe0aff8f691e848

Request headers

Authorization: Bearer 0c44cd781a1684520066
Referer: https://www.attackiq.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.attackiq.com/2024/07/31/emulating-andariel/

Response headers

server: cloudflare
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"96-Nuq3eeZJT08kiGXllbgHWqYeuJU"
via: 1.1 c5b4420a76f7dc44d5e569e0747ac050.cloudfront.net (CloudFront)
cf-ray: 8cee0e34bca44378-EWR
apigw-requestid: fR8aKjCwPHcES4A=
access-control-allow-origin: https://www.attackiq.com
x-cache: Miss from cloudfront
x-amz-cf-id: wnCjlN3fHeio7FLT4cpO531XLmFvQ4dbdHGOukvZxjs8TPbMU_mr7w==
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
vary: Origin
x-amz-cf-pop: JFK52-P8

GET
H2 200 modules.c455055d4255707cc766.js Show response
script.hotjar.com/ 224 KB
56 KB 33ms
10ms Script
application/javascript 18.164.96.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.c455055d4255707cc766.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3147235.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-90.jfk50.r.cloudfront.net

Software

Resource Hash

00f9c41f792123ed96bd748bccf04480481b0a283a40fb39d714551772a8d9cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-robots-tag: none
content-encoding: br
etag: "00be896dff288cee0f2fab3c81ad1a2f"
age: 4444
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 4DF0iiX80eZK7lr_tGLh8bRknupyJCH-tMMTtWX3sXaTu9nTc_5cWg==
date: Mon, 07 Oct 2024 11:43:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 07 Oct 2024 11:42:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 c4d0da6268789cfda9bb5da1f3f8fc58.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56546
x-amz-cf-pop: JFK50-P5

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 16ms
16ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=ipv6&q=%7B%22address%22%3A%222a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:11 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 /
www.google.com/pagead/1p-user-list/862175634/ 42 B
64 B 27ms
27ms Image
image/gif 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/862175634/?random=1728305830782&cv=11&fst=1728302400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9132208297z879575729za201zb79575729&gcd=13l3l3l3l5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&npa=0&pscdl=noapi&auid=1829524589.1728305831&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfEigJDRy84B7qmFmlIOYmd9Cv8ijkb-FkSNKq_jN6pAfLKhyP&random=2315199395&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 07 Oct 2024 12:57:11 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 204 0
bat.bing.com/action/ 0
359 B 23ms
23ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56239791&Ver=2&mid=8b7f20d3-e8b6-45b7-8ae7-8369cd0ac64a&sid=aabef8f084ab11ef902b81d414a1c045&vid=aabf22e084ab11ef8bacd91353f02d0d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ&p=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&r=https%3A%2F%2Ft.co%2F&lt=951&evt=pageLoad&sv=1&cdb=AQEX&rn=105777

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65D1378E3AA0464FB41DD3A29461A47E Ref B: EWR311000104023 Ref C: 2024-10-07T12:57:11Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:57:10 GMT

GET
H2

200

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3647538404092543033&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3647538404092543033&redir=

42 B
717 B

27ms
27ms

Image
image/gif

52.206.11.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3647538404092543033&redir=

Protocol

Server

52.206.11.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-11-1.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-va6-1-v064-0e7eac9e2.edge-va6.demdex.com 8 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: DC4X550+QaY=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3647538404092543033&redir=
dcs: dcs-prod-va6-2-v064-048f0820e.edge-va6.demdex.com 0 ms
pragma: no-cache
x-tid: chPDqoDmSR4=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 07 Oct 2024 12:57:11 GMT

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3647538404092543033
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NzUzODQwNDA5MjU0MzAzMxAAGg0Ip7WPuAYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=706e813b136f3ebba69f29bd0a92337cebb09cb1fdb1ad22d61f7d3edd210d02f4cb09cee1a4f8eb&person_id=3647538404092543033&eid=50082

43 B
56 B

121ms
121ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=706e813b136f3ebba69f29bd0a92337cebb09cb1fdb1ad22d61f7d3edd210d02f4cb09cee1a4f8eb&person_id=3647538404092543033&eid=50082
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

via: 1.1 google
expires: Tue, 08 Oct 2024 12:57:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
server: Google Frontend

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://ml314.com/csync.ashx?fp=706e813b136f3ebba69f29bd0a92337cebb09cb1fdb1ad22d61f7d3edd210d02f4cb09cee1a4f8eb&person_id=3647538404092543033&eid=50082
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Mon, 07 Oct 2024 12:57:11 GMT

GET
H3

200

utsync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=91d4dc0b-dd34-4d1b-9512-919006362cd0&gdpr=0&gdpr_consent=

43 B
61 B

49ms
48ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=91d4dc0b-dd34-4d1b-9512-919006362cd0&gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
via: 1.1 google
expires: 0,Tue, 08 Oct 2024 12:57:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
server: Google Frontend

Redirect headers

location: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=91d4dc0b-dd34-4d1b-9512-919006362cd0&gdpr=0&gdpr_consent=
content-length: 241
date: Mon, 07 Oct 2024 12:57:11 GMT
server: Kestrel

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://ib.adnxs.com/getuid?https://ml314.com/csync.ashx%3Ffp=$UID%26person_id=3647538404092543033%26eid=2
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fml314.com%2Fcsync.ashx%253Ffp%3D%24UID%2526person_id%3D3647538404092543033%2526eid%3D2
https://ml314.com/csync.ashx?fp=3577541493774079655&person_id=3647538404092543033&eid=2

43 B
56 B

43ms
43ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=3577541493774079655&person_id=3647538404092543033&eid=2
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

via: 1.1 google
expires: Tue, 08 Oct 2024 12:57:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
server: Google Frontend

Redirect headers

cache-control: no-store, no-cache, private
location: https://ml314.com/csync.ashx?fp=3577541493774079655&person_id=3647538404092543033&eid=2
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 5.181.234.134; 5.181.234.134; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 9380f530-1678-4e0e-a1df-9333683b8bdf
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 12:57:11 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

POST
H/1.1 200
OK visitWebPage
041-fsq-281.mktoresp.com/webevents/ 2 B
318 B 138ms
17ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://041-fsq-281.mktoresp.com/webevents/visitWebPage?_mchNc=1728305831078&_mchCn=&_mchId=041-FSQ-281&_mchTk=_mch-attackiq.com-1728305831077-29702&_mchHo=www.attackiq.com&_mchPo=&_mchRu=%2F2024%2F07%2F31%2Femulating-andariel%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Ft.co%2F&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: 3410ccec-f71f-492d-9038-7c1f3389ff01
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Mon, 07 Oct 2024 12:57:11 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 messenger
app.qualified.com/w/1/j1bgMw3UdfB6bHr6/ Frame FA86 0
0 93ms
72ms Document
text/html 104.18.16.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/j1bgMw3UdfB6bHr6/messenger?uuid=9303f4da-b095-49ce-9d3c-5cff0aa11e60

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=j1bgMw3UdfB6bHr6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.16.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.attackiq.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8cee0e34ed0d42a9-EWR
content-encoding: gzip
content-security-policy
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 12:57:11 GMT
link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-cache: miss
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: c8115f36-8dd9-48c2-9f99-60019d7330d5
x-runtime: 0.026140
x-xss-protection: 1; mode=block

GET
H2 200 YSZ4UUXZGBFNJCKYN2A5BV Show response
d.adroll.com/consent/check/ 518 B
1 KB 82ms
16ms Script
application/javascript 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/YSZ4UUXZGBFNJCKYN2A5BV?flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&_s=fbd6622616c9fb59840c186535099d10&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: d35e5d9028ad0d710783a382f1e165737921ab439b65b6edacde7ce6a5b3efb5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 518
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
content-type: application/javascript
server: nginx/1.22.1

GET
H3 200 / Show response
ws.zoominfo.com/pixel/65c51ac72a1e88c4e25ffd47/ 3 KB
2 KB 136ms
117ms Fetch
text/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/65c51ac72a1e88c4e25ffd47/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d6302d50e86f371cfd2576f8aa19330e9e692e7076e30d55f137fd31bf1f9505

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: b13525fe4eae928e7efd1728305831
_vtok: NS4xODEuMjM0LjEzNA==
visited-url: https://www.attackiq.com/2024/07/31/emulating-andariel/
Referer: https://www.attackiq.com/2024/07/31/emulating-andariel/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8cee0e35ed4e43c7-EWR
access-control-allow-origin: https://www.attackiq.com
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/65c51ac72a1e88c4e25ffd47/ Frame 0
0 78ms
60ms Preflight
text/html 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/65c51ac72a1e88c4e25ffd47/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.attackiq.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.attackiq.com
allow: GET,HEAD
cf-cache-status: DYNAMIC
cf-ray: 8cee0e356ea30f8d-EWR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Oct 2024 12:57:11 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 iframe_content.html
x.adroll.com/pxl/ Frame 1342 0
0 117ms
21ms Document
text/html 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&advertisable=YSZ4UUXZGBFNJCKYN2A5BV
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/roundtrip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.attackiq.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
ad-auction-allowed: true
content-encoding: zstd
content-length: 427
content-type: text/html
date: Mon, 07 Oct 2024 12:57:11 GMT
last-modified: Fri, 04 Oct 2024 21:57:34 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 60ms
18ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/roundtrip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=23, mss=1232, tbw=4461, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: QdXutxDhcA8yHXiTSlbq+F21NdZyclQ8mCW38NUNR1ZxhDG/pHQarV+moLB74OmRDrQ4//BMwist5jrU2prW7g==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 KBB6XJACVNDLTMVD674MDC Show response
d.adroll.com/segment/YSZ4UUXZGBFNJCKYN2A5BV/ 42 B
2 KB 23ms
22ms XHR
image/gif 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/segment/YSZ4UUXZGBFNJCKYN2A5BV/KBB6XJACVNDLTMVD674MDC?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookie=&adroll_s_ref=https%3A//t.co/&keyw=&p0=1417&adroll_external_data=&xa4=1&adroll_version=2.0
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/YSZ4UUXZGBFNJCKYN2A5BV/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-rule-type: p
access-control-expose-headers: X-Advertisable-Eid, X-Attribution-Url, X-Segment-Eid, X-Segment-Display-Name, X-Segment-Name, X-Conversion-Currency, X-Conversion-Value, X-Rule, X-Rule-Type, X-Organization-Eid, X-Pixel-Eid
x-organization-eid: F7BQML2UDBFXTLPVVU43LG
access-control-allow-methods: GET
x-segment-eid: IUDH5IOAIVF27A7OPDUEWO
x-advertisable-eid: YSZ4UUXZGBFNJCKYN2A5BV
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
x-pixel-eid: KBB6XJACVNDLTMVD674MDC
content-type: image/gif
x-attribution-url: https%3A%2F%2Fx.adroll.com%2Fattribution%2Ftrigger%3Ffpc%3Dd0418a238889ed2abbfabff457e4651d%26advertisable_eid%3DYSZ4UUXZGBFNJCKYN2A5BV%26conversion_type%3DPageView%26conversion_value%3D0.0%26currency%3DUSC%26flg%3D1%26pv%3D45307588396.29878%26arrfrr%3Dhttps%253A%252F%252Fwww.attackiq.com%252F2024%252F07%252F31%252Femulating-andariel%252F
access-control-allow-headers: Content-Type, *
x-segment-display-name: Visitors to Unsegmented Pages
cache-control: no-store, no-cache, must-revalidate
access-control-request-methods: GET
pragma: no-cache
x-conversion-currency
access-control-allow-credentials: true
x-conversion-value: 0.0
access-control-allow-origin: https://www.attackiq.com
x-segment-name: *
content-length: 42
server: nginx/1.22.1
x-rule: *

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://x.bidswitch.net/sync?dsp_id=44&user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

43 B
183 B

187ms
28ms

Image
image/gif

35.211.202.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
Protocol: H2
Server: 35.211.202.130 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 130.202.211.35.bc.googleusercontent.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://x.bidswitch.net/sync?dsp_id=44&user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H3

200

receive
pixel.tapad.com/idsync/ex/
Redirect Chain

https://d.adroll.com/cm/experian/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel...
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=91d4dc0b-dd34-4d1b-9512-919006362cd0&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%2C%2C

95 B
124 B

33ms
32ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=91d4dc0b-dd34-4d1b-9512-919006362cd0&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%2C%2C

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/png
server: Jetty(11.0.13)

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=91d4dc0b-dd34-4d1b-9512-919006362cd0&ttd_puid=f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b%2C%2C
content-length: 359
date: Mon, 07 Oct 2024 12:57:11 GMT
server: Kestrel

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=oVIHy6DVjTPNkPtSHofyOA
https://d.adroll.com/cm/g/in

42 B
822 B

16ms
15ms

Image
image/gif

2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-result: g.-1.-1.-1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
server: nginx/1.22.1

Redirect headers

cache-control: no-cache, must-revalidate
location: https://d.adroll.com/cm/g/in
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 225
date: Mon, 07 Oct 2024 12:57:11 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831&C=1

43 B
332 B

35ms
34ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831&C=1
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E7tKkd8slBiH3N8ej4yvJKi8uQXh3d319iiUsc%2FYv37b50Xi9Qa5TaRufASYCiD3mVei7ciGKh7oAbzdNvqWYFEi9XJ4de1S8T8Kf84P0kIW3%2FBx5NPcaN1%2BuoBslSbw16HUvSiXssm7yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cee0e362f291a40-EWR
expires: 0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: no-cache
location: /rum?cm_dsp_id=105&external_user_id=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expiration=1759841831&C=1
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dR44t5M9nbt1r0k%2BwmFqggfPVd7FTugHtJAbxxRSOfI2e7wy4i%2B6YwUwTOImlQZ6VmDdjhSfLhlz0WxNFmAzq5CljSGMVt6soPheIb4w7%2B2spQXKFI3oK6HKLj2zFbjsXEIQJ0Ox2060Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cee0e35eefa1a40-EWR
expires: 0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Mon, 07 Oct 2024 12:57:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expires=365

42 B
1 KB

401ms
134ms

Image
image/gif

69.173.146.5
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expires=365
Protocol: HTTP/1.1
Server: 69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 2287badc5c237956b0d76bf6ef4ddf0e
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&expires=365
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent=

43 B
171 B

29ms
28ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 07 Oct 2024 12:57:10 GMT
content-type: image/gif
vary: Accept
server: OXGW/0.0.0

Redirect headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a15207cba0d58d33cd90fb521e87f238&gdpr=0&gdpr_consent=
p3p: CP="CUR ADM OUR NOR STA NID"
content-length: 0
date: Mon, 07 Oct 2024 12:57:10 GMT
server: OXGW/0.0.0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=&us_privacy=1---

0
360 B

67ms
15ms

Image
text/plain

64.202.112.31
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=&us_privacy=1---

Protocol

HTTP/1.1

Server

64.202.112.31 , United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
content-length: 0
date: Mon, 07 Oct 2024 12:57:11 GMT
x-traceid: e87f9aac4dc22448fcd30623f095de43

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=&us_privacy=1---
content-length: 137
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
584 B

76ms
15ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 07 Oct 2024 12:57:09 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

0
129 B

18ms
17ms

Image
text/html

34.200.65.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Protocol

Server

34.200.65.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-65-202.compute-1.amazonaws.com

Software

ATS/9.1.10.137 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Mon, 07 Oct 2024 12:57:11 GMT
age: 0
content-type: text/html
server: ATS/9.1.10.137

Redirect headers

strict-transport-security: max-age=31536000
location: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
content-length: 0
date: Mon, 07 Oct 2024 12:57:11 GMT
age: 0
server: ATS/9.1.10.137

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

0
365 B

61ms
10ms

Image
text/plain

141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
Protocol: H2
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-fastly-to-nlb-rtt: 6473
date: Mon, 07 Oct 2024 12:57:11 GMT
server: nginx
access-control-allow-credentials: true

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andari...
https://eb2.3lift.com/xuid?mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

37 B
474 B

19ms
19ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: /xuid?ld=1&mid=4714&xuid=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Mon, 07 Oct 2024 12:57:11 GMT

GET
H2

200

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&adv...
https://ib.adnxs.com/setuid?entity=172&code=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

43 B
1 KB

23ms
17ms

Image
image/gif

68.67.160.117
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg

Protocol

Server

68.67.160.117 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 5.181.234.134; 5.181.234.134; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: da873ae4-e530-4e00-a813-43817240d858
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 07 Oct 2024 12:57:11 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://ib.adnxs.com/setuid?entity=172&code=YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Mon, 07 Oct 2024 12:57:11 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2 200 KBB6XJACVNDLTMVD674MDC
ipv4.d.adroll.com/seg4/YSZ4UUXZGBFNJCKYN2A5BV/ 42 B
587 B 85ms
16ms Image
image/gif 107.21.157.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipv4.d.adroll.com/seg4/YSZ4UUXZGBFNJCKYN2A5BV/KBB6XJACVNDLTMVD674MDC?adroll_fpc=d0418a238889ed2abbfabff457e4651d-1728305831255&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&cookie=&adroll_s_ref=https%3A//t.co/&keyw=&p0=1417&adroll_external_data=&xa4=1&adroll_version=2.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.157.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-157-193.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

x-rule-type: p
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
x-segment-eid: IUDH5IOAIVF27A7OPDUEWO
x-advertisable-eid: YSZ4UUXZGBFNJCKYN2A5BV
date: Mon, 07 Oct 2024 12:57:11 GMT
x-pixel-eid: KBB6XJACVNDLTMVD674MDC
content-type: image/gif
access-control-allow-headers: *
x-segment-display-name: Visitors to Unsegmented Pages
cache-control: no-store, no-cache, must-revalidate
access-control-request-methods: GET
pragma: no-cache
x-conversion-currency
access-control-allow-credentials: true
x-conversion-value: 0.0
access-control-allow-origin
x-segment-name: *
content-length: 42
server: nginx/1.22.1
x-rule: *

GET
H2 200 trigger
x.adroll.com/attribution/ 2 B
467 B 77ms
15ms Image
text/plain 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.adroll.com/attribution/trigger?fpc=d0418a238889ed2abbfabff457e4651d&advertisable_eid=YSZ4UUXZGBFNJCKYN2A5BV&conversion_type=PageView&conversion_value=0.0&currency=USC&flg=1&pv=45307588396.29878&arrfrr=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:61c0:220b:c342:13e4:43fc:5bd6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

content-length: 2
date: Mon, 07 Oct 2024 12:57:11 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0","priority":"0","deduplication_key":"736189557849951335","filters":{"source_type":["event"]}},{"trigger_data":"0","priority":"0","deduplication_key":"736189557849951335","filters":{"source_type":["navigation"]}}],"debug_key":"2359816915554937743","debug_reporting":true,"filters":{"0":["YSZ4UUXZGBFNJCKYN2A5BV"]}}
content-type: text/plain; charset=utf-8

GET
BLOB 200
OK 87478334-e528-4763-b2c2-f6448f56829c Show response
https://www.attackiq.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.attackiq.com/87478334-e528-4763-b2c2-f6448f56829c
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6302d50e86f371cfd2576f8aa19330e9e692e7076e30d55f137fd31bf1f9505

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3033

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 82ms
81ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.attackiq.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 0240F5EACA86438593EF48540192082A Ref B: EWR30EDGE0915 Ref C: 2024-10-07T12:57:11Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYj4o8nRwP8Mag6phaztg==
x-li-proto: http/2
access-control-allow-origin: https://www.attackiq.com
x-cache: CONFIG_NOCACHE
date: Mon, 07 Oct 2024 12:57:11 GMT
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 28ms
27ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A10%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:11 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:11 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 73ms
72ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A11%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:12 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:12 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 104ms
104ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A12%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:13 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:13 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 206 7bfc614b2b8cf39efbfb3b15da61c94a.mp3
app.qualified.com/packs/ 6 KB
6 KB 31ms
18ms Media
audio/mpeg 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/packs/7bfc614b2b8cf39efbfb3b15da61c94a.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.attackiq.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5699
Content-Range: bytes 0-5869/5870
cf-ray: 8cee0e487c21c468-EWR
expires: Mon, 07 Oct 2024 16:57:14 GMT
x-cache: miss
Content-Length: 5870
date: Mon, 07 Oct 2024 12:57:14 GMT
content-type: audio/mpeg
last-modified: Fri, 04 Oct 2024 21:05:20 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 20ms
19ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A13%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:14 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:14 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 21ms
20ms Image
image/gif 23.212.248.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=fa8937fd4032c8e3c2a2ce1d4dadc7af&svisitor=null&visitor=18fa3990-4ac6-4b3c-8130-a6cb76b098e8&session=db3f8011-ad54-4a83-82c7-b16368aa77ba&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Oct%202024%2012%3A57%3A14%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22AttackIQ%27s%20new%20graph%20emulates%20North%20Korean%20Andariel%20group%27s%20tactics%20from%20Operation%20Blacksmith%2C%20impacting%20various%20industries%20globally.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Emulating%20the%20Adversary%20Andariel%20-%20AttackIQ%22%7D&cb=&r=https%3A%2F%2Ft.co%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&pageViewId=b211220a-3f54-4db3-848e-cef3b5d99ff7&ipv6=2a0d%3A5600%3A24%3A1500%3A1012%3Ac75a%3A6e4a%3A9f74&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.24 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.attackiq.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 07 Oct 2024 12:57:15 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 07 Oct 2024 12:57:15 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

70 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 09:41:05	Name: muc Value: 049a803f-8244-4327-bdb1-d5b712bc7e6b
.t.co/	1970-01-21 09:41:05	Name: muc_ads Value: 049a803f-8244-4327-bdb1-d5b712bc7e6b
.t.co/	1970-01-21 00:05:07	Name: __cf_bm Value: 3DR_3yZ4Jh.2WhEI2qxm6PvbB0o1Ygx94nARVDtHwgI-1728305829-1.0.1.1-_C6m2w5Oh8n1zqz_zHCoFbye9fd.tmN7h6SVIbQm2YXjP6GA0cJ28mmCtae0ZuxxR05B9GPUNuHZYrUdAtN83Q
.bit.ly/	1970-01-21 04:24:17	Name: _bit Value: o97cV9-a3595d5a74debfabe3-00e
.app-ab33.marketo.com/	1970-01-21 00:05:07	Name: __cf_bm Value: yBBWZT2mk0m0Ni13GJDNOT80UQnaK0MTQbHCmeKQgXY-1728305829-1.0.1.1-.yJJLoHlRYtba2xKJwUl3SDPKOmQDjzcavEGLms22yrfqpG70_IxctsYDz0sCcWS7R1Eq8RpFySAy4gsix6fAw
.attackiq.com/	1970-01-21 02:14:41	Name: _gcl_au Value: 1.1.1829524589.1728305831
.attackiq.com/	1970-01-21 09:41:05	Name: _ga_F05SB1HBT8 Value: GS1.1.1728305830.1.0.1728305830.60.0.1071624278
.attackiq.com/	1970-01-21 09:41:05	Name: _ga Value: GA1.1.1887683055.1728305831
.doubleclick.net/	1970-01-21 09:41:05	Name: IDE Value: AHWqTUlss-HT1uj3Xh1tWop7cY1hwz008RqwkY5fvDrRJXaCDUVbBsd3pNDGy7W3
www.attackiq.com/	1970-01-21 09:41:05	Name: _gd_visitor Value: 18fa3990-4ac6-4b3c-8130-a6cb76b098e8
www.attackiq.com/	1970-01-21 00:05:20	Name: _gd_session Value: db3f8011-ad54-4a83-82c7-b16368aa77ba
.ml314.com/	1970-01-21 08:50:41	Name: pi Value: 3647538404092543033
.ml314.com/	1970-01-21 00:25:15	Name: tp Value: 4%253B10%252F07%252F2024%2B12%253A57%253A10
.attackiq.com/	1970-01-21 08:50:41	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Oct+07+2024+02%3A57%3A11+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.16.0&hosts=&landingPath=https%3A%2F%2Fwww.attackiq.com%2F2024%2F07%2F31%2Femulating-andariel%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.attackiq.com/	1970-01-21 00:06:32	Name: _uetsid Value: aabef8f084ab11ef902b81d414a1c045
.attackiq.com/	1970-01-21 09:26:41	Name: _uetvid Value: aabf22e084ab11ef8bacd91353f02d0d
.attackiq.com/	1970-01-21 09:41:05	Name: _mkto_trk Value: id:041-FSQ-281&token:_mch-attackiq.com-1728305831077-29702
.bing.com/	1970-01-21 09:26:41	Name: MUID Value: 12D2D42E5BC4686F34F9C13F5A4E69B0
.bat.bing.com/	1970-01-21 00:15:10	Name: MR Value: 0
.adnxs.com/	1970-01-21 02:14:41	Name: XANDR_PANID Value: mKYkIwYFmer1ZoK0VpMg8EbIYMfj0-oljzwpFFZ301mA6f4dslnPltgZt0OaIk8FgnB_vbEkRZ-KCtVHz_gUmFSOsIGiCe9ga5XdakEE2Dg.
.adnxs.com/	1970-01-21 09:41:05	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 02:14:41	Name: uuid2 Value: 3577541493774079655
.demdex.net/	1970-01-21 04:24:17	Name: demdex Value: 13487128879351907740452495851719558195
.attackiq.com/	1970-01-21 08:50:41	Name: _hjSessionUser_3147235 Value: eyJpZCI6IjczMDMwYTdmLWY0MDgtNTg5ZC1iNmM4LTc2MTg0NGVlZTg5NCIsImNyZWF0ZWQiOjE3MjgzMDU4MzExMzAsImV4aXN0aW5nIjpmYWxzZX0=
.attackiq.com/	1970-01-21 00:05:07	Name: _hjSession_3147235 Value: eyJpZCI6ImUyMWIyNWFiLTMxOTctNDk4My05NmNkLTIxNzVmZDdlMzU4YiIsImMiOjE3MjgzMDU4MzExMzEsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.adsrvr.org/	1970-01-21 08:50:41	Name: TDID Value: 91d4dc0b-dd34-4d1b-9512-919006362cd0
.rlcdn.com/	1970-01-21 08:50:41	Name: rlas3 Value: ZcXZ3MBUb3euQTYgaCUQBDjHm+ALJRdBuGgzom/DQ74=
.linkedin.com/	1970-01-21 02:14:41	Name: li_sugr Value: 38bb72bf-235d-4cd1-b30c-66d22e025f38
.linkedin.com/	1970-01-21 08:50:41	Name: bcookie Value: "v=2&a60e1600-cda1-4826-806b-1406c5d12165"
.linkedin.com/	1970-01-21 00:06:32	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3137:u=1:x=1:i=1728305831:t=1728392231:v=2:sig=AQGByN8-mAZEnikh3QvqPpvtIa35_ws-"
.dpm.demdex.net/	1970-01-21 04:24:17	Name: dpm Value: 13487128879351907740452495851719558195
.rlcdn.com/	1970-01-21 01:31:29	Name: pxrc Value: CKe1j7gGEgUI6AcQABIFCNtOEAA=
.ml314.com/	1970-01-21 00:05:05	Name: u Value: aHR0cHM6Ly93d3cuYXR0YWNraXEuY29tLw%3D%3D
.linkedin.com/	1970-01-21 00:48:17	Name: UserMatchHistory Value: AQLh38hri28t0AAAAZJnDh0fmYpgXnYqu5mLNy1h-sGaW35PrI6TfqwooGs2wZfYGATbw-eHJjOlVw
.linkedin.com/	1970-01-21 00:48:17	Name: AnalyticsSyncHistory Value: AQJbVcRcMjlQWgAAAZJnDh0g7W-Q-M87oReCzeG0KWXh67ZYo--Vl9SToyYb0lOFPJbLv6AcGBNbR4rjngGRFg
.www.attackiq.com/	1970-01-21 08:50:41	Name: _zitok Value: b13525fe4eae928e7efd1728305831
.twitter.com/	1970-01-21 09:41:05	Name: personalization_id Value: "v1_qMVBUehlYR6ELqGxdAxjXQ=="
.d.adroll.com/	1970-01-21 09:33:53	Name: receive-cookie-deprecation Value: 1
.adroll.com/	1970-01-21 09:33:53	Name: receive-cookie-deprecation Value: 1
.attackiq.com/	1970-01-21 08:51:03	Name: __adroll_fpc Value: d0418a238889ed2abbfabff457e4651d-1728305831255
.www.attackiq.com/	1970-01-21 08:50:41	Name: __ar_v4 Value: %7CYSZ4UUXZGBFNJCKYN2A5BV%3A20241006%3A1%7CKBB6XJACVNDLTMVD674MDC%3A20241006%3A1
.www.linkedin.com/	1970-01-21 08:50:41	Name: bscookie Value: "v=1&202410071257112ec306d4-e919-47a5-87f7-2c7dd79af298AQHulKHqFp8FyYk0grKQpkFLddwJaaZA"
.adnxs.com/	1970-01-21 02:14:41	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2E?kj`zHX!]tbPl@/@8$-^=$U_hsv]1fLyYR-+qA/-t-XZ=/MD%Vu]CfgLC?k9/LFZk[q[2:0HEBS6Ib#rrAwF(][bpRzqF1`*b^#p-!L@F
.casalemedia.com/	1970-01-21 08:50:41	Name: CMID Value: ZwPap9HM6VUAADciAHQuHwAA
.casalemedia.com/	1970-01-21 02:14:41	Name: CMPS Value: 3513
.casalemedia.com/	1970-01-21 02:14:41	Name: CMPRO Value: 3513
.tapad.com/	1970-01-21 01:31:29	Name: TapAd_TS Value: 1728305831352
.tapad.com/	1970-01-21 01:31:29	Name: TapAd_DID Value: f3a0cd7d-d146-47ac-9ed7-9cc507f5bd0b
x.adroll.com/	1969-12-31 23:59:59	Name: ar_debug Value: 1
.taboola.com/	1970-01-21 08:50:41	Name: t_gid Value: dc7cc966-48da-485c-a824-f785b95805a9-tuctdfd6027
.taboola.com/	1970-01-21 08:50:41	Name: t_pt_gid Value: dc7cc966-48da-485c-a824-f785b95805a9-tuctdfd6027
.3lift.com/	1970-01-21 02:14:41	Name: tluidp Value: 3571259611190060648823
.3lift.com/	1970-01-21 02:14:41	Name: tluid Value: 3571259611190060648823
.pubmatic.com/	1970-01-21 02:14:41	Name: KRTBCOOKIE_10 Value: 22808-YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&KRTB&22883-YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&KRTB&23504-YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg&KRTB&23615-YTE1MjA3Y2JhMGQ1OGQzM2NkOTBmYjUyMWU4N2YyMzg
.pubmatic.com/	1970-01-21 00:48:17	Name: PugT Value: 1728305829
.yahoo.com/	1970-01-21 08:51:03	Name: A3 Value: d=AQABBKfaA2cCEDOqGDF2wiSRRpvKXZ0LV60FEgEBAQEsBWcNZ9xC0iMA_eMAAA&S=AQAAAm5HWgPlLyxh5L61qaqEDGQ
.adsrvr.org/	1970-01-21 08:50:41	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCMKH1PSytrM9EAUSFAoFdGFwYWQSCwjI_Jz3srazPRAFGAEgASgCMgsI_vKfpMm2sz0QBTgBWgV0YXBhZGAC
.analytics.yahoo.com/	1970-01-21 08:50:41	Name: IDSYNC Value: 1770~2l4c
.openx.net/	1970-01-21 08:50:41	Name: i Value: dc22c5e1-8263-4dd4-bd40-e29fd2bb42b5\|1728305831
.d.adroll.com/	1970-01-21 09:33:53	Name: __adroll Value: a15207cba0d58d33cd90fb521e87f238-g_1728305831-a_1728305831
.adroll.com/	1970-01-21 09:33:53	Name: __adroll_shared Value: a15207cba0d58d33cd90fb521e87f238-g_1728305831-a_1728305831
.zoominfo.com/	1970-01-21 00:05:07	Name: __cf_bm Value: PwSmgarShVxVvWDReZbgX7uLVhtYvAIiQVDrV7HblPI-1728305831-1.0.1.1-QQ24IYXAJcR.nrfmL30AAja4L5pCmoHWEnmVu.ez79Q2ixePLmihtMoQX9P730ay.ZDsEEo4WfkfUEWA4VXa4A
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: TssyypSo286a4u592MHMRbe1NqooDM80Ca4gkagdoh8-1728305831454-0.0.1.1-604800000
.tapad.com/	1970-01-21 01:31:29	Name: TapAd_3WAY_SYNCS Value: 1!6756
.rubiconproject.com/	1970-01-21 08:50:41	Name: audit_p Value: 1\|oqROtMJaHCDDycbsFSjF6nGrfk7zlNseAUDqJokNur2MaGpsUGBQ3idatx22XclX+bpUnXhR8I+M1KxoLazIt7kxm0k08nop+R4DB+iLIkEJdt26juuvtwobG+jx4wANVic6uaspnkUUA0z4q2POapIPKm3LJXscmutQ4+lrvZk3NcF8fbc9Xg5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 08:50:41	Name: khaos Value: M1Z0O2JD-L-7RU9
.rubiconproject.com/	1970-01-21 08:50:41	Name: khaos_p Value: M1Z0O2JD-L-7RU9
.rubiconproject.com/	1970-01-21 08:50:41	Name: audit Value: 1\|oqROtMJaHCDDycbsFSjF6nGrfk7zlNseAUDqJokNur2MaGpsUGBQ3idatx22XclX+bpUnXhR8I+M1KxoLazIt7kxm0k08nop+R4DB+iLIkEJdt26juuvtwobG+jx4wANVic6uaspnkUUA0z4q2POapIPKm3LJXscmutQ4+lrvZk3NcF8fbc9Xg5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 02:14:41	Name: receive-cookie-deprecation Value: 1
.attackiq.com/	1970-01-21 09:41:05	Name: __q_state_j1bgMw3UdfB6bHr6 Value: eyJ1dWlkIjoiOTMwM2Y0ZGEtYjA5NS00OWNlLTlkM2MtNWNmZjBhYTExZTYwIiwiY29va2llRG9tYWluIjoiYXR0YWNraXEuY29tIiwiYWN0aXZlU2Vzc2lvbklkIjpudWxsLCJzY3JpcHRJZCI6IjEzNjc5MjgzMTI5NjgzNTYzNDQiLCJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsInByb21wdERpc21pc3NlZCI6ZmFsc2UsInN0YXRlQnlTY3JpcHRJZCI6eyIxMzY3OTI4MzEyOTY4MzU2MzQ0Ijp7ImRpc21pc3NlZCI6ZmFsc2UsInNlc3Npb25JZCI6bnVsbH19LCJjb252ZXJzYXRpb25JZCI6IjE0OTk0Nzg2OTE0Mzg5NjExMjEifQ==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

041-fsq-281.mktoresp.com
analytics.google.com
analytics.twitter.com
app-ab33.marketo.com
app.qualified.com
b.6sc.co
bat.bing.com
bit.ly
c.6sc.co
cdn.cookielaw.org
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
in.ml314.com
ipv4.d.adroll.com
ipv6.6sc.co
j.6sc.co
js.qualified.com
js.zi-scripts.com
match.adsrvr.org
ml314.com
munchkin.marketo.net
pixel.rubiconproject.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.cloudflareinsights.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
td.doubleclick.net
ups.analytics.yahoo.com
us-u.openx.net
use.fontawesome.com
ws.zoominfo.com
www.attackiq.com
www.google.com
www.googletagmanager.com
www.linkedin.com
x.adroll.com
x.bidswitch.net
104.16.92.80
104.18.16.5
104.18.17.5
104.18.36.155
104.244.42.67
107.21.157.193
13.107.42.14
141.226.224.48
142.251.174.156
146.75.28.157
162.159.140.229
172.64.150.44
18.160.41.112
18.164.96.90
192.28.144.124
2001:4860:4802:32::181
23.207.134.130
23.212.248.24
2600:1408:c400:5::17c7:371d
2600:1408:c400:e::17cd:6a13
2600:1f18:61c0:2204:dedd:d3df:b1d0:8ab2
2600:1f18:61c0:220b:c342:13e4:43fc:5bd6
2600:9000:23cb:ba00:6:9280:1080:93a1
2606:4700:10::ac43:662
2606:4700:3037::ac43:8ef5
2606:4700:4400::ac40:9b77
2606:4700::6810:5049
2606:4700::6810:762b
2606:4700::6812:562a
2607:f8b0:4004:c07::9d
2607:f8b0:4004:c09::68
2607:f8b0:4004:c17::9a
2607:f8b0:400d:c04::61
2607:f8b0:400d:c0b::9a
2620:1ec:21::14
2620:1ec:33::10
2a03:2880:f003:c0e:face:b00c:0:3
34.111.113.62
34.117.77.79
34.200.65.202
34.98.64.218
35.211.202.130
35.244.154.8
35.71.131.137
52.206.11.1
52.223.22.214
54.162.9.247
64.202.112.31
67.199.248.11
68.67.160.117
69.173.146.5
8.28.7.83
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
007aa4e2dab46574972059695ca25f8d41a83da154607b4e0fe0aff8f691e848
00f9c41f792123ed96bd748bccf04480481b0a283a40fb39d714551772a8d9cd
03909ded9fe9db84fcb1b54d400c106785b5bec59df31577e8287cf7522bf95a
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
05355283bda5393d0c7e0875941234dfb64a303834e79556dc1eec73df971dc5
0602c4fb1597b7e6e111fe79777e195cacbc73774fcaf233a7835b33372dceae
130f3cb450648de43b1c83f46a661cf9847f6173753538623a0f9920714aded5
14f15a2702fecf1b66b40c1ad1cce817652925f3645c94d133dd4c1668b51b06
1a895ae2e0849cef1bd7c5d82f0564c470a9d37d06f6503b85dbc9776ce10f13
1fc89f5379a3d8f96821e0ccad0cdbf211cd65c504e9f1142e86fd33177dc024
2e1e74ad3738a095044a88104e5913d58b8497ae4e5f185ebd3c37ef4d053913
2e3a00c93d910c8542d67d58e472c345d4941ab8acabe36daece610ce06563df
353bcd41d11cc5a2bcb6763c269e41ac785c06ace29ac10053bb7c0fa3bf1ecf
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e
3da413ba21513151e5993074b647a440f8c8bbd3d46c85146633ce9bc3ddd13e
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
417d9da66e84c787fa30e6c0880fe5b92a9828c75137241bdd24ce7ae80d6fce
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46641a3cd4c211689f3110382ceb957dee3e6bddcd1984191eea9b7905381975
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
4acc3f32c5ef71ec50c2e0b2fb02e87a1a2b250cf3bde73b4bea6113ea5c6e55
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d7f7270a79eb6bc7cdb75a92e56119c6d884172c742d769bcc01611747ba349
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4f3a8e65ec78b77eb0ffa8a7cb3a18c4e0ef2f677e5dd1ec7deaaeadeacac473
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
52350d4cec6f6079a23d7da90051f81fbc32579529501285e1f1f168fa7a8e11
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568a8ce0a07a3c5193e7c7788d62f79939537c2187111abef9d2effc767901cd
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
65c3f460c3efd93348950f2c84f7acd44e120b34006aad85aab242fe89d00585
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6ac1070175faf426da4bde8870f5d00e6a954104427b4a68ffccc1a24ac27dfd
73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186
73aaa4e6bfc1dbed5f3f934710d1ada545f4068742235e59d0cb74f0eaf0a3c4
7ad2adb73f8fd8ff816c7946e5d5def9fff76cd480ad7711967f5e0be003cacc
7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322
7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2
806505e40450a2df00980dbd04f8e0b25646288b4d9592ebee07c61f7ab68114
8299ff4f0a4f809995dbace583b14258b897eda6eb49b44d6cc58c9a755d68bc
82fbcdbe0b2bdc9a7619c5a99684e09abeb12a11c7dcc5e6e3ed2227ee4461b0
877bd8ac8572e9427fc37ddfd8e3e4734a79e849e2e4a94f3786d90886dc2284
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4
92352075ba806940563a09017ef43fd055a33d3f7f644b46dcf23a0d30a9190b
982e7dbc20afcd1e70a40ee3393e0687f3f41026db951bec50ce73d035909e5f
9a082145419e862c11e82c8d58fdae1f5bb02c3175d93ce884793ac869994515
9dde63036e3ddba17256937088dd7f6ca137384e64070e5b73126b765a858a2a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acb1007ab807eca533e1ee9349c8033b396f060a590b5d7e4853153d4dfd8abe
af0d42741b7f3f516d88eb1ce617c93f617bcfb5c7ff68b05f378120dc399a80
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c21a498c92235bcdedf2edfd6cd2f609b243d89ee25d9799ab0d0a149e3f6507
c2309ceb0c06604045d3ff007ee5c4110a7a34fb05ad4a263b1809d5c797d681
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d00f5f568802135cf1b7b320d33a89c3ec5496bbf82a47e19034c6d42a17d1e1
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d35e5d9028ad0d710783a382f1e165737921ab439b65b6edacde7ce6a5b3efb5
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d6302d50e86f371cfd2576f8aa19330e9e692e7076e30d55f137fd31bf1f9505
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd25436a214b803b3f67f8f6598bfc58007bcf8b641d102c5af4cfff8e2b961a
ddbda21655c0c2cb09913a9e33d856a8b8f3e1eae610cdbda8524def2dc71f7d
e19a7d521658cc4fa5a62c1890114370a6d2f5228a2c49ca919d816c4cd33e90
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ffdcb1041c61f4aa9fddc86c7f03b6686f5bbff73724343517bd4c002a81da
e6d7d5a6953659e28738fb9908ebd2161bb9013afc50e0bb292af091184848a7
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
eb1fa7363d6e4772f7c49d67f031d68f209e66de6c3c05aade6fdc57a02505c1
edb6c7358824cfc0cb6ebb6cc13224599ef3a4cb5ee44cc06367517c7b101e87
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efad755939e511f2bc1feb0d58d6014006e8598a4d431f27a66dd59e14fc19cb
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe
f3b5253b802748399cb03584bff0bd6deac9f0c029955a26b9e0061d207d7795
f9e2e7532c94cb461e4039b6ff408ad7ab58198e038e91e94901f5a5c3682b12
fb3a89cc6347e098063bd15f285bc90411846ddce6f17812364feedab67a67f5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ffd5f7087e0c2de523e020e87a885250d36cdc944ba494f1b0f410e2b05bdc73

www.attackiq.com Open in urlscan Pro 2606:4700:10::ac43:662 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

84 %HTTPS

38 %IPv6

40 Domains

55 Subdomains

49 IPs

2 Countries

2573 kBTransfer

6188 kBSize

70 Cookies

45 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.attackiq.com Open in urlscan Pro
2606:4700:10::ac43:662 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

84 %
HTTPS

38 %
IPv6

40
Domains

55
Subdomains

49
IPs

2
Countries

2573 kB
Transfer

6188 kB
Size

70
Cookies

121 HTTP transactions
2 data transactions