hunt.io Open in urlscan Pro
35.71.142.77  Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

• https://framer.com/m/phosphor-icons/Sun.js@0.0.53 HTTP 302
• https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js

Request Chain 40

• https://framer.com/m/phosphor-icons/Moon.js@0.0.53 HTTP 302
• https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Show response hunt.io/blog/	557 KB 46 KB	100ms 36ms	Document text/html	35.71.142.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.71.142.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a0b1d980e1f2226c6.awsglobalaccelerator.com Software Framer/32b700c / Resource Hash 735103ff08357f02f897a41eaaddab0492f9962697b44c7d5937cd6fe999dd67 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000 cache-control public, max-age=0, must-revalidate content-encoding br content-length 46687 content-type text/html date Wed, 11 Dec 2024 08:57:31 GMT etag "51e2af52132b96eddccddd4ff0685171" last-modified Tue, 10 Dec 2024 16:52:44 GMT link <https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin="" server Framer/32b700c server-timing region;desc="eu-west-1", cache;desc="cached", ssg-status;desc="optimized", version;desc="32b700c" strict-transport-security max-age=31536000 vary Accept-Encoding
GET H2	200	js Show response www.googletagmanager.com/gtag/	323 KB 108 KB	48ms 26ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3898899e1dcf24054158f9711d8b6c35722ecd57aa7f55aae9d690dfc1c59bec Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Wed, 11 Dec 2024 08:57:32 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 11 Dec 2024 08:57:32 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 109903 x-xss-protection 0 server Google Tag Manager
GET H2	200	chunk-7PZR57LV.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	657 KB 186 KB	27ms 11ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash ca91ca3baad1db28d57e2e66c1636b41d0b1ebeec150cd744ed7612cfade3310 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"d31ef3a1c75a5b9c5016323bad637661" x-amz-version-id 5TVHMCrEGuD1wgLyMDF.jFLyBKthoZZi age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 1WZCazUyC_zuIWxXzg9m_ECwtVRD85_lLc4MUncL5p0s0CHd2sj5Ug== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="1WZCazUyC_zuIWxXzg9m_ECwtVRD85_lLc4MUncL5p0s0CHd2sj5Ug==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-JR5VT52U.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	1 KB 1 KB	36ms 30ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-JR5VT52U.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 8b91ee4af78a9558d2bbbc889b190d7c47647405fabc8ae5be1c014d6c938228 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"8dc2caa5dfa40c0964a44a081b0b17d9" x-amz-version-id _8xnJxoEpvTiFxGHHyvVZ85IFf3u.3cf age 2471234 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id CkO6fCDew6cY1J4f-kmxeuhRLopPhJ7VWDzBGM252YmFKhxaT8DBXg== date Tue, 12 Nov 2024 18:30:19 GMT content-type text/javascript last-modified Tue, 12 Nov 2024 18:22:56 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CkO6fCDew6cY1J4f-kmxeuhRLopPhJ7VWDzBGM252YmFKhxaT8DBXg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-DOOU7OF4.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	9 KB 4 KB	34ms 28ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-DOOU7OF4.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash e7ded5e12508f728778cdc968bf945badfc120ce873943924e0a6dd516871c7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"589ac5e5c1ef313d2dd8e35dc038ac21" x-amz-version-id OTwc.HV0ROYCSRSUiRgVFv3VuoeXbnK1 age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 5QPwMG6z8IlhUvyK1ymRg48yiPGNA7Zj2zqOSpOe1BsDW6QdKdmbuA== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="5QPwMG6z8IlhUvyK1ymRg48yiPGNA7Zj2zqOSpOe1BsDW6QdKdmbuA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-RIUMFBNJ.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	447 B 1 KB	40ms 35ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-RIUMFBNJ.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash a9428e5e5f6c5ede3339114a8be6230e2cc39a2190d03f1092ae93bdaf556891 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 etag "30ed32fa3444df726bb60d89113cf478" x-amz-version-id vYavs6UabxhB5PKPh4VT.q026xitGK6K age 7391614 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 4Ae4AT0cO4MSTb3yCFQScbTtKPK3f9rrPyIBb81s7NdGfERmrE9ZuA== date Mon, 16 Sep 2024 19:43:59 GMT content-type text/javascript last-modified Mon, 16 Sep 2024 15:39:52 GMT vary Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="4Ae4AT0cO4MSTb3yCFQScbTtKPK3f9rrPyIBb81s7NdGfERmrE9ZuA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 447 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	3NOfmhLkro7nMnJ1Ukn9qft3G68X4tv5oy_-RbaqfP8.UDELJTMX.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	380 KB 51 KB	39ms 33ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/3NOfmhLkro7nMnJ1Ukn9qft3G68X4tv5oy_-RbaqfP8.UDELJTMX.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 19d418a2f626fc1c0356c26eb11f3ee19295720ac760dc28463e75bfafabb1d4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"312965149b43745df19ebb3646a49187" x-amz-version-id CsiOZNoHMTcKkZkWhRweeo1PFjl80IgX age 57634 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id GkTMZVxcms9lj3r6GlxQgLLTSjky0tFQRoiQvNWJVxjLETmR_tgX8Q== date Tue, 10 Dec 2024 16:56:59 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:52:32 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="GkTMZVxcms9lj3r6GlxQgLLTSjky0tFQRoiQvNWJVxjLETmR_tgX8Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-2VZXA2FB.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	3 KB 2 KB	40ms 35ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2VZXA2FB.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 24bd03c6988e57312952d42ebbd11a362b0be97ff666d3d6ac8f3597174c56b6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"4b4dc1288d4d44143b9e6fe8df9e4b6e" x-amz-version-id 41pteK7V_zPtSrEwZLvWYdmJq3AlRdkr age 1097061 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 1eWKZzfQ9FXim5OnAsw8S1sJ489AV1684mvasFEV_n66aD0iF9i2pg== date Thu, 28 Nov 2024 16:13:12 GMT content-type text/javascript last-modified Thu, 28 Nov 2024 15:59:29 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="1eWKZzfQ9FXim5OnAsw8S1sJ489AV1684mvasFEV_n66aD0iF9i2pg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-6QJAY4QR.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	269 KB 66 KB	19ms 18ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-6QJAY4QR.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash d1964a0c53200006e756ef0d0e32cea07deff44d89075cf26ae2afe3d85f43e2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"3afe3347ed0aec09439983af47904a6d" x-amz-version-id zyo9Vn24E.niqDg3AEyJtLy_CnlZx88n age 57634 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id Pktn_Scjxb1DDl6maE_six-N5JqNlc1YHF6SbN0gfsZX2Wagf5MQbA== date Tue, 10 Dec 2024 16:56:59 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:52:32 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Pktn_Scjxb1DDl6maE_six-N5JqNlc1YHF6SbN0gfsZX2Wagf5MQbA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-IQJXJS56.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	2 MB 462 KB	19ms 18ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-IQJXJS56.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 0d483fb31b7baa932fb38d9e974bcca41a9ecfa605e0d540b66e54e39fe69f6b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"31dd62f5e78dc021748cb2e226a1a631" x-amz-version-id ha0.ZQo2WOP80YQTROckWsD0vmO7dcYH age 4718188 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 8C13iF7A1CRyui0dNW2duYau4tUPEck8f1eT5SaaH0EtQ9gNaGs4-w== date Thu, 17 Oct 2024 18:21:05 GMT content-type text/javascript last-modified Thu, 17 Oct 2024 17:21:59 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="8C13iF7A1CRyui0dNW2duYau4tUPEck8f1eT5SaaH0EtQ9gNaGs4-w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-FXENASNC.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	390 KB 57 KB	35ms 34ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-FXENASNC.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 6fa7b05626f316594c613602ef5bed9327ca1941725837795dfc47414fb05cb5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"2696554a7eb9bf9e3747d04c0b5f0360" x-amz-version-id znlHgDLDddBQnSMvUwmv55NemzXZy.AO age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id S5_asbhnCZlwRZKpoPDy3cVmbUIBn0sGPitx0ymq-p2xZir5oYvVoQ== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="S5_asbhnCZlwRZKpoPDy3cVmbUIBn0sGPitx0ymq-p2xZir5oYvVoQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-AIWW63AC.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	55 KB 18 KB	39ms 39ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash dcb6c51ec0458017b4fc8364df113fc4556a9346ce84daafda08bc73fcd27539 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"c3cfe8d46f0f118acfe59b0243a8cba4" x-amz-version-id ahONgdqL50swsg9dM..A9MBV_QnpoPl7 age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id A3FKaqr8gjym6tiCDeuK00wZeGku2AVbpaTqJ3XKxcp6pkYyt0mnkg== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="A3FKaqr8gjym6tiCDeuK00wZeGku2AVbpaTqJ3XKxcp6pkYyt0mnkg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=12 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-N24P5JZY.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	22 KB 5 KB	39ms 39ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-N24P5JZY.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash af7863f53048fe6d665e912eb1a7438502bcd90275756bd57746711efd07ad1e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"ba9ae5ccd01ced4534b15ed639fe510a" x-amz-version-id 24WB6WJjuF9AhPnBlGKpPJQ1iyRPlZaV age 58972 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id pBAM-OEVSxmnp8EgJAirNfbIzPUiL_ZO9rW7O8K-iYjAWPXck6fYTg== date Tue, 10 Dec 2024 16:34:41 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:27 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="pBAM-OEVSxmnp8EgJAirNfbIzPUiL_ZO9rW7O8K-iYjAWPXck6fYTg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=11 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-WNOMLQKT.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	145 KB 21 KB	37ms 36ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-WNOMLQKT.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash bad9ed8e37d8d1aee7eacb1761e4bf4a7ac110eec89a7e92ff35545023c37cd7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"2d1c59a942931206e7cfd493cbbcb555" x-amz-version-id oSBH9BR_0DA1FjBTiBNPNaDzhvqohcl2 age 58972 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id Bx6RlJuevySn_ebhgUbnJcEHlnd-P0LIC11wi5wXMT8Dv45tw7mNDg== date Tue, 10 Dec 2024 16:34:41 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Bx6RlJuevySn_ebhgUbnJcEHlnd-P0LIC11wi5wXMT8Dv45tw7mNDg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-PLBDR7DK.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	781 B 2 KB	37ms 37ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-PLBDR7DK.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash a1e9b3da59fa84c73948363f79bd0cef61cdb495511606fa4c2d8a06ddc954d8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 etag "d480024738b25adf2a7e816ed250f955" x-amz-version-id Z7pWqGV2dzKFOSyjcA5bS9niESfREDhj age 24451 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id _Xx4fuJU7UdyalygfXaTjbiwHjoK-xcBBUDYYFsW0RBgbWAr4y1mbw== date Wed, 11 Dec 2024 02:10:02 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:52:32 GMT vary Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="_Xx4fuJU7UdyalygfXaTjbiwHjoK-xcBBUDYYFsW0RBgbWAr4y1mbw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 781 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-4DBXZSQR.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	10 KB 2 KB	40ms 39ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-4DBXZSQR.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash dda3ae667335cfd45ec00006177baa81cdcffd2584b76e84cbfe1819b7425484 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"25f1dd66e1da9cb89702f7fd019e7878" x-amz-version-id zb1h5oSo2qz43GdSiNusHNZgez_qMOWl age 58972 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id YdI6pRuEkofss9_DLndMPayIuMhb0r1Sohc7uVWgRX3YZrd2nhIwFw== date Tue, 10 Dec 2024 16:34:41 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="YdI6pRuEkofss9_DLndMPayIuMhb0r1Sohc7uVWgRX3YZrd2nhIwFw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=10 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-MKDKQIQE.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	20 KB 5 KB	40ms 39ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-MKDKQIQE.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash a2cc6f4036b7ba96d44dc4a4489a50aad64157c4648bb10a37292575b85c02ba Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"a5a493f35b5ac2e85c369329993e4f36" x-amz-version-id YmJ7TLOSspR.QEbKNVwELoRz2kXQ0d5s age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id HtykOZ5H25U5gvXX2-I-SOHW6xKc0sh7ZaNOwCotgA-C8CayZZ7A6g== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="HtykOZ5H25U5gvXX2-I-SOHW6xKc0sh7ZaNOwCotgA-C8CayZZ7A6g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=12 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-LCEZCQRN.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	700 B 2 KB	40ms 40ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-LCEZCQRN.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash c56899f4291eff03eed62b752565556777823419de3f2b5c9020c02a883ea8ae Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 etag "f7f362a6b630f4f80759edc1e4b1ba32" x-amz-version-id pEE5MA4PuDjscD93PK1iHgo9617sClk9 age 24386 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id GN7S7UQTh4xfWaopMJz8fVi22BeM8msA7kzfSwHaHcHzmvafKzBSnQ== date Wed, 11 Dec 2024 02:11:07 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:52:34 GMT vary Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="GN7S7UQTh4xfWaopMJz8fVi22BeM8msA7kzfSwHaHcHzmvafKzBSnQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=10 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 700 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	chunk-Q2JEALBM.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	4 KB 3 KB	40ms 39ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-Q2JEALBM.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 449b30c2317c76c281158fa547bb61f301dd9f675b54699a8bfc5040648fda2d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"85385ac97b505762e460a1f6ab0d821f" x-amz-version-id 7ykTzZrRqKmFEWzuhs5LaEC47pDR4Zvg age 59836 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id xJtLaKbjFr8B9U5RQmm0MHYawvFvpWwatNHSUUm8yxDsZojR5Ss6Hw== date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="xJtLaKbjFr8B9U5RQmm0MHYawvFvpWwatNHSUUm8yxDsZojR5Ss6Hw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=13 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	script_main.DVS43U5Q.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	13 KB 7 KB	39ms 38ms	Script text/javascript	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 324a9989ddbb2f2467a735983838314194704fb724135401a55046f54e852cde Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 0 content-encoding br etag W/"ba762ee88aa0962ee71c2f469bb7e8c6" x-amz-version-id tVo24YqlM1fa1zfMef1tHpYucOnAnJ.g age 57634 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id uDzEeeZ1g4V0hc2E6D0ZuR46FDMQ4NIaKMUPDYBuzdsPy_tMMMP-gw== date Tue, 10 Dec 2024 16:56:59 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:52:33 GMT vary Accept-Encoding,Origin x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="uDzEeeZ1g4V0hc2E6D0ZuR46FDMQ4NIaKMUPDYBuzdsPy_tMMMP-gw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=11 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	script Show response events.framer.com/	18 KB 7 KB	125ms 106ms	Script text/javascript	13.32.99.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://events.framer.com/script Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-20.fra60.r.cloudfront.net Software / Resource Hash 89e61318afc569842f98ccd196ff7cfbb36ec69bad3af935dd5c7149b494fde4 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers strict-transport-security max-age=63072000; includeSubDomains; preload x-amzn-remapped-content-length 18177 timestamp Wed, 11 Dec 2024 08:55:48 GMT content-encoding gzip x-amz-apigw-id CnoPiHBQIAMETZQ= x-amzn-trace-id Root=1-675953fc-2b70f9d86bd1ca317fbd49da x-amzn-requestid 792e58ae-0dca-4907-90f8-a72a9944534e via 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront) x-cache Miss from cloudfront content-length 6204 x-amz-cf-id qvNqNBRDtB-qPwfdKBfhDH9qdBDp7vtVXYVKLEaZJUoU-uvU9hUqMA== date Wed, 11 Dec 2024 08:57:32 GMT content-type text/javascript x-amz-cf-pop FRA60-P3
GET DATA	200 OK	truncated /	248 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1903ee47f38fb5a0b56ce197b51aa0e1be80b22ab3afcd1a466eb1ee536aa8b3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET H2	200	1ZFS7N918ojhhd0nQWdj3jz4w.woff2 framerusercontent.com/assets/	27 KB 28 KB	45ms 44ms	Font font/woff2	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/assets/1ZFS7N918ojhhd0nQWdj3jz4w.woff2 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash cc324555c1cd681a59c27be1eda61da587d17bf71cc1ed8aa3e4a51e77907685 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 3000 etag "9a2dbfafd3686aa72cb303a41be28527" x-amz-version-id FhKj_VGbf4ha4CqtjcCeHMQzi9fH8cVU age 7867604 access-control-allow-methods GET, HEAD x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id AsrMh6AXURU0hQKaqNEyShygzug-C3N78DNVOQ2qa06Lzs_aed1YZg== date Wed, 11 Sep 2024 07:30:49 GMT content-type font/woff2 last-modified Mon, 15 Jul 2024 14:12:44 GMT x-amz-server-side-encryption-aws-kms-key-id arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459 x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="AsrMh6AXURU0hQKaqNEyShygzug-C3N78DNVOQ2qa06Lzs_aed1YZg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6 cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 28004 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption aws:kms
GET H2	200	Inter-Medium.latin-Y3IVPL46.woff2 app.framerstatic.com/	19 KB 20 KB	50ms 25ms	Font font/woff2	2600:9000:223e:bc00:d:6b42:4ec0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.framerstatic.com/Inter-Medium.latin-Y3IVPL46.woff2 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:bc00:d:6b42:4ec0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash c861d136456a64c9c5619e9fa7c37c80144ea5d8879d88554c1f8abaaae891bf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 3600 etag "f366e7b832c6d0e8a2038665895c0762" x-amz-version-id null age 26312514 access-control-allow-methods GET x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id y84QYT2vJmdGsQLWFCY4rhnzbNtL2KKm15kH0MbrrHOhgeC7WhAuOw== date Sat, 10 Feb 2024 19:55:39 GMT content-type font/woff2 last-modified Sat, 10 Feb 2024 12:18:59 GMT x-frame-options deny access-control-allow-headers * strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=31536000, immutable cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 19904 x-xss-protection 1; mode=block x-amz-cf-pop FRA56-P4 server CloudFront x-amz-server-side-encryption AES256
GET H2	200	Wbt9vg2M3MLSUK6C8ZimtsouOws.webp framerusercontent.com/images/	52 KB 53 KB	20ms 14ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/Wbt9vg2M3MLSUK6C8ZimtsouOws.webp Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash af40af5e1469d7ef41aee9645556b634ada06969e8a9babf4d4e17c38aad2caf Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "294afbee86a7b816bb58ca4b178d9a09" age 673450 x-content-type-options nosniff x-amzn-requestid 0a40e9b2-0af7-4bf3-be26-e644a48199c7 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id vUytj-bX2BW5Z8nzO3kX1F5qFgeY3IfOuzXM6jg-vkCae-YK6qXsbw== date Tue, 03 Dec 2024 13:53:22 GMT content-type image/avif vary Accept x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="vUytj-bX2BW5Z8nzO3kX1F5qFgeY3IfOuzXM6jg-vkCae-YK6qXsbw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d51-557acc861003e14f1c9dff39;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	yVA9Oy9wbaBjaChzIOH78YiSFE.webp framerusercontent.com/images/	8 KB 9 KB	42ms 37ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "7231b098b0757259dd2bbfd90a7fb0f9" age 671306 x-content-type-options nosniff x-amzn-requestid 3de1bf36-0c6a-42e8-bf76-49da9ceef860 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id d3xPdm0CsLcGAffZWp5Rko77glYYh-FGtbCJ3vH-R-b53Ypg7Q5bBg== date Tue, 03 Dec 2024 14:29:06 GMT content-type image/avif vary Accept x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="d3xPdm0CsLcGAffZWp5Rko77glYYh-FGtbCJ3vH-R-b53Ypg7Q5bBg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f15b1-78bc758e7f872fa50e191290;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	6odJFlTcHq1fzIBehjj2s4p9DY.webp framerusercontent.com/images/	7 KB 8 KB	17ms 12ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/6odJFlTcHq1fzIBehjj2s4p9DY.webp?scale-down-to=512 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 4dc2a5162f03c1768634a7d933f034a800807b5324368e398cdbfc038a06d395 Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "b3fc6d3f97ac740ee5904dc1c19ead8d" age 673449 x-content-type-options nosniff x-amzn-requestid bcf9756b-a7f3-480e-9de4-39e71cd81437 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id jW_2h8bFD6M4exoQg_4pM0flViiuwI4ijwUozireLuVmOoW37rGo3w== date Tue, 03 Dec 2024 13:53:23 GMT content-type image/avif vary Accept x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="jW_2h8bFD6M4exoQg_4pM0flViiuwI4ijwUozireLuVmOoW37rGo3w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d52-3771963431d7a22b4add2727;Parent=1f553ee76613da3a;Sampled=0;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp framerusercontent.com/images/	8 KB 9 KB	39ms 34ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp?scale-down-to=512 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 341f61d7c3838f9e303327f41376afcc21e5e7e5d5408b795be682dcd97cde43 Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "e1a9183cb012ee35efa98e49b5e794c7" age 673449 x-content-type-options nosniff x-amzn-requestid ccc06360-8d94-47a9-b091-1b302a6ae954 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id DswDLJ_Lnw60Hk9hh9mOlDQfLs1E7y8ETHnu_AlICNtIFDcjbwtohw== date Tue, 03 Dec 2024 13:53:23 GMT content-type image/avif vary Accept x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="DswDLJ_Lnw60Hk9hh9mOlDQfLs1E7y8ETHnu_AlICNtIFDcjbwtohw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d52-337d67ec3b1a02f00d068755;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	fOXtYSvzsNlw0tzPVKMsf72n0.png framerusercontent.com/images/	24 KB 25 KB	44ms 40ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/fOXtYSvzsNlw0tzPVKMsf72n0.png?scale-down-to=2048 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash e1d4e429bec9bc36a28143018ae0400faee2ea7ffe9442942794e016a094220c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "a5fd6921c78d186fd22e12abbea6a593" age 16491609 x-content-type-options nosniff x-amzn-requestid 9df5ba47-2ec8-4bec-96e9-11a9fef30e48 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id Bwa3vn1DVa21lXRedGZ1_CMIBYFfHcNPZhghX4JwVIqGaCaCI2mFMA== date Mon, 03 Jun 2024 11:57:23 GMT content-type image/avif vary Accept x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Bwa3vn1DVa21lXRedGZ1_CMIBYFfHcNPZhghX4JwVIqGaCaCI2mFMA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6 cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * cross-origin-resource-policy cross-origin x-amzn-trace-id root=1-665dafa2-42d508f768a18ae373bdb131;sampled=1;lineage=f456f256:0 content-security-policy-report-only default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly; referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	vQyevYAyHtARFwPqUzQGpnDs.woff2 framerusercontent.com/assets/	27 KB 28 KB	17ms 17ms	Font font/woff2	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 4107b11930c4eef1f6ae5a76d441562e6d21a601f1781f37fd085542cd87412b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 3000 etag "a14a424239fd9cb2e305f2243b1f6177" x-amz-version-id SH9la86RvjI0NEj8MqfrPHVtgDnLUhAV age 10722721 access-control-allow-methods GET, HEAD x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="-3MlePzkjYBZB_cuCfu1YyoxPgk8Kgs-X055NeRaZlkryGmhh0LGng==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Fri, 09 Aug 2024 06:25:32 GMT content-type font/woff2 last-modified Mon, 15 Jul 2024 14:12:38 GMT x-amz-server-side-encryption-aws-kms-key-id arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459 x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-id -3MlePzkjYBZB_cuCfu1YyoxPgk8Kgs-X055NeRaZlkryGmhh0LGng== x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 27404 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption aws:kms
GET H3	200	DXD0Q7LSl7HEvDzucnyLnGBHM.woff2 framerusercontent.com/assets/	27 KB 28 KB	31ms 30ms	Font font/woff2	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/assets/DXD0Q7LSl7HEvDzucnyLnGBHM.woff2 Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 2dc968863319a6f57e6428a7b4c292ae254d3e462b5f23f71bab492317067d5f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://hunt.io/ Response headers access-control-max-age 3000 etag "757ca4a792b8c7bbe09f6e6cee76e727" x-amz-version-id bCCG3uSnAgT3MLzz1ZSQU2cVkYB4Lve. age 11549444 access-control-allow-methods GET, HEAD x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="TrGA70MSDLbDl4gkZ9qYO5wnYi41hfLo30PZ2IM6MqTvyuJwrtYzXg==",cdn-downstream-fbl=3 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 30 Jul 2024 16:46:48 GMT content-type font/woff2 last-modified Mon, 15 Jul 2024 14:11:33 GMT x-amz-server-side-encryption-aws-kms-key-id arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459 x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-id TrGA70MSDLbDl4gkZ9qYO5wnYi41hfLo30PZ2IM6MqTvyuJwrtYzXg== x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 27992 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption aws:kms
GET H/1.1	200 OK	figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/	17 KB 18 KB	303ms 112ms	Image image/webp	16.182.67.178 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 16.182.67.178 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 22e5cfd55973895f60a7f6bf877482dc964962f8dd778612fc149bed56112bc1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers x-amz-id-2 OORGEbxhXRIGQS40oJPPiyFVJw0ot1ToNiJObQ4tV73AZl/6J5Fv0aqapVS4u0xod66sDkiPo5g= ETag "5a63fbd9ea0b1ac71babd58c221894d8" x-amz-request-id 9EAPXRA1K7JA0EK8 Accept-Ranges bytes Content-Length 17688 Date Wed, 11 Dec 2024 08:57:33 GMT Last-Modified Tue, 03 Dec 2024 14:45:58 GMT Content-Type image/webp Server AmazonS3 x-amz-server-side-encryption AES256
GET H/1.1	200 OK	figure_2_associations_tab_showing_six_additional_ip_addresses_sharing_the_same_watermark_hunt__1x.webp public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/	15 KB 16 KB	301ms 110ms	Image image/webp	16.182.67.178 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/figure_2_associations_tab_showing_six_additional_ip_addresses_sharing_the_same_watermark_hunt__1x.webp Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 16.182.67.178 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 9753c83f61822ce350ea508e36e2ee9395589100a0b3afa9df41a4c1a0910408 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers x-amz-id-2 RdUnSCbjwf+1n2A2Ln/fnKZ8Ol/IG464AOODFyTskNGJt1F5udn9NaDSjgjG7BI4qLkFFf2Cu6Y= ETag "0b70d4de7b2cec3732dfb1f26c2f4528" x-amz-request-id 9EAK7DRJ514NA922 Accept-Ranges bytes Content-Length 15826 Date Wed, 11 Dec 2024 08:57:33 GMT Last-Modified Tue, 03 Dec 2024 14:45:56 GMT Content-Type image/webp Server AmazonS3 x-amz-server-side-encryption AES256
POST H2	204	collect region1.google-analytics.com/g/	0 0	45ms 15ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-CKJY21YJ7N&gtm=45je4ca0v9166211784za200&_p=1733907452592&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&cid=1282541463.1733907453&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733907452&sct=1&seg=0&dl=https%3A%2F%2Fhunt.io%2Fblog%2Frare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity&dt=Rare%20Watermark%20Links%20Cobalt%20Strike%204.10%20Team%20Servers%20to%20Ongoing%20Suspicious%20Activity&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=280 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-CKJY21YJ7N Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://hunt.io cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 11 Dec 2024 08:57:32 GMT content-type text/plain server Golfe2
POST H2	200	anonymous events.framer.com/	0 381 B	207ms 206ms	Ping application/json	13.32.99.20 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://events.framer.com/anonymous Requested by Host: events.framer.com URL: https://events.framer.com/script Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.20 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-20.fra60.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://hunt.io/ Response headers x-amz-apigw-id CnoPkFSToAMEgWw= x-amzn-trace-id Root=1-675953fc-773597ce1bb3e49374eb9d29;Parent=249a5d46bd68faa1;Sampled=0;Lineage=1:c457ad49:0 x-amzn-requestid 3683656c-336f-41df-b68e-412712f65aea via 1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront) access-control-allow-origin * x-cache Miss from cloudfront content-length 0 x-amz-cf-id CdB9V5vdsfJizQ1iFDHnQRPHPFQLfRGgDH7Jo66WCOT0NLDfLRYlyg== date Wed, 11 Dec 2024 08:57:32 GMT content-type application/json x-amz-cf-pop FRA60-P3
GET H3	200	psEar9BZHC3V1ST6mGHxVJQfBxc.png framerusercontent.com/images/	391 B 1 KB	11ms 11ms	Other image/png	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/images/psEar9BZHC3V1ST6mGHxVJQfBxc.png Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash 1444a7eaffad2eae4dd0999fb1fd4c308e51876b70db2c4f1181c8a038f1f859 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "939ec6fdc5062f6529950c37ab817812" age 16914066 x-content-type-options nosniff x-amzn-requestid b0ac55ce-81d8-4ec5-a63d-b4e0230c1b65 server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="fGEiV-6HUTH4h6Sp2hpTXtYQF2M1If_eNoDiAKut096xIWQK1TJdPw==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Wed, 29 May 2024 14:36:26 GMT content-type image/png vary Accept x-amz-cf-id fGEiV-6HUTH4h6Sp2hpTXtYQF2M1If_eNoDiAKut096xIWQK1TJdPw== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * cross-origin-resource-policy cross-origin x-amzn-trace-id root=1-66573d6a-4e285cd21e7c73b36b481c52;sampled=1;lineage=f456f256:0 content-security-policy-report-only default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly; referrer-policy strict-origin-when-cross-origin via 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	206	wvsIsx8BB-indexes-default.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	3 KB 4 KB	10ms 10ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash f5b8526bb0e6c1a53d014fca1808aebfb9abaa825ba0e7f54c32562023e255b4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=6919-10110 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54854 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="XbTN6DoAp8jNwVnZPtURq0x-3zG176Xja2MuiOKEzszpOIuYZr2XeQ==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:18 GMT content-type application/octet-stream x-amz-cf-id XbTN6DoAp8jNwVnZPtURq0x-3zG176Xja2MuiOKEzszpOIuYZr2XeQ== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * Content-Range bytes 6919-10110/276280 referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * Content-Length 3192 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	206	wvsIsx8BB-chunk-default-0.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	3 KB 4 KB	10ms 9ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash 22b07807afbc388ecd51abfcbecb67055935c2e3b93ac4283a5becedd5e70621 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=235-3430 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54853 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="FW_axv4URkDZp6sibEgvFX7UqQkF33GcDNIB6jP-9jdfNmwxhV9U8A==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:19 GMT content-type application/octet-stream x-amz-cf-id FW_axv4URkDZp6sibEgvFX7UqQkF33GcDNIB6jP-9jdfNmwxhV9U8A== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * Content-Range bytes 235-3430/245022 referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * Content-Length 3196 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	wvsIsx8BB-chunk-default-dict.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	31 KB 32 KB	12ms 12ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-dict.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash 25aeb8cf020d602895b80560676fabfa34b3c350195a0660572b6c87d8c0c37d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 24448 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="CuZPMuB59Dg4It9yXyO8ntBDlNF4c32B_b8-RLsfwycZsprO9FenVg==",cdn-downstream-fbl=4 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Wed, 11 Dec 2024 02:10:04 GMT content-type application/octet-stream x-amz-cf-id CuZPMuB59Dg4It9yXyO8ntBDlNF4c32B_b8-RLsfwycZsprO9FenVg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * content-length 32000 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	206	wvsIsx8BB-indexes-default.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	1 KB 2 KB	10ms 10ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash 9cc352a4d050c98f080c4ab6550f54f4d383c9509c902b666e64548d83a62471 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=0-1241 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54855 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="BvcMP-x8I0cAFpa0AXFvT1PleFZ62oyZ923xPHK2Ck1F72uyZD2-yA==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:18 GMT content-type application/octet-stream x-amz-cf-id BvcMP-x8I0cAFpa0AXFvT1PleFZ62oyZ923xPHK2Ck1F72uyZD2-yA== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * Content-Range bytes 0-1241/276280 referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * Content-Length 1242 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	Sun.js Show response framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/ Redirect Chain https://framer.com/m/phosphor-icons/Sun.js@0.0.53 https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js	5 KB 2 KB	10ms 9ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js Protocol H3 Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash e77e2400288b5496592bb75f3d2c61871d947b1705f8a2d98c4bdea3a8ebbadd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://framerusercontent.com/ Response headers access-control-expose-headers Content-Range content-encoding br age 264672 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="OJotu3ynXmmWDevRrdvHBCBftGP_4z922wGC0NEjSy2qiyXn7-ZBFg==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Sun, 08 Dec 2024 07:26:21 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding x-amz-cf-id OJotu3ynXmmWDevRrdvHBCBftGP_4z922wGC0NEjSy2qiyXn7-ZBFg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 Redirect headers access-control-expose-headers Content-Range age 1290 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id NkBAEuhdWQVoPcFwUaH6sFhlteab1AU98_w3tsS190_GjIJUPTUkIg== date Wed, 11 Dec 2024 08:36:03 GMT content-type text/html; charset=utf-8 x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=3600 location https://framerusercontent.com/modules/wp6xzA2QrHTqCWJAsoKa/Hyhw8DdNtDxDqd366SY7/Sun.js referrer-policy strict-origin-when-cross-origin via 1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront) access-control-allow-origin * content-length 109 x-xss-protection 0 x-amz-cf-pop FRA60-P9
GET H3	200	Moon.js Show response framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/ Redirect Chain https://framer.com/m/phosphor-icons/Moon.js@0.0.53 https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js	4 KB 2 KB	12ms 12ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js Protocol H3 Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash cf51594b76c66c43206e9aa471baec6a92594ea6b8cbead1b40f445468de76e0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://framerusercontent.com/ Response headers access-control-expose-headers Content-Range content-encoding br age 520878 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="HeH8Kn4KfQeR_jLmnTsP05vZgY8mPwwjKkP7p4l0-14PzIiKSQmbAg==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Thu, 05 Dec 2024 08:16:15 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding x-amz-cf-id HeH8Kn4KfQeR_jLmnTsP05vZgY8mPwwjKkP7p4l0-14PzIiKSQmbAg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 Redirect headers access-control-expose-headers Content-Range age 3161 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id 7NUjrCnIq2h9ECerBP5-smMFRHhgNLluGu_Dxo24lroSXIGfw_tSPw== date Wed, 11 Dec 2024 08:04:52 GMT content-type text/html; charset=utf-8 x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=3600 location https://framerusercontent.com/modules/qdFz1d7MF7d8Wsxrv3Ew/tbOlJ2GGWCCiI25KWvfU/Moon.js referrer-policy strict-origin-when-cross-origin via 1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront) access-control-allow-origin * content-length 110 x-xss-protection 0 x-amz-cf-pop FRA60-P9
GET H/1.1	200 OK	figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/	17 KB 0	0ms 0ms	Image image/webp	16.182.67.178 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://public-hunt-static-blog-assets.s3.us-east-1.amazonaws.com/12-2024/figure_1_screenshot_showing_the_i_button_which_allows_users_to_quickly_view_beacon_configurations_without_downloading_them_in_hunt__1x.webp Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 16.182.67.178 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-east-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash 22e5cfd55973895f60a7f6bf877482dc964962f8dd778612fc149bed56112bc1 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers x-amz-id-2 OORGEbxhXRIGQS40oJPPiyFVJw0ot1ToNiJObQ4tV73AZl/6J5Fv0aqapVS4u0xod66sDkiPo5g= ETag "5a63fbd9ea0b1ac71babd58c221894d8" x-amz-request-id 9EAPXRA1K7JA0EK8 Accept-Ranges bytes Content-Length 17688 Date Wed, 11 Dec 2024 08:57:33 GMT Last-Modified Tue, 03 Dec 2024 14:45:58 GMT Content-Type image/webp Server AmazonS3 x-amz-server-side-encryption AES256
GET H3	206	wvsIsx8BB-indexes-default.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	596 B 1 KB	9ms 8ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-indexes-default.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash f0f40885a14cd51f7d572952787c67b7c3e51399c2107171bb1bf741d22a6989 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=13806-14401 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54855 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="_PzPuQ3JJXbYuz69jD7Eqk70HP0JISjW6beI6sOpKkl-RLIlmqJwgQ==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:18 GMT content-type application/octet-stream x-amz-cf-id _PzPuQ3JJXbYuz69jD7Eqk70HP0JISjW6beI6sOpKkl-RLIlmqJwgQ== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * Content-Range bytes 13806-14401/276280 referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * Content-Length 596 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	206	wvsIsx8BB-chunk-default-0.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	10 KB 11 KB	9ms 8ms	Fetch multipart/byteranges	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash b2e327509e3ce6cf9c6d9b0bd8dd0a7e3c56719626807622bd85c9e7b5fd2dc9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=4-113,51476-56009,157655-160448,167285-170009 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54854 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="RyN15GmPdIUu5TbCUn872Uol7VD_Pjw2mUQ4vR9UhWH4m9CwODMCEw==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:19 GMT content-type multipart/byteranges; boundary=CloudFront:4381BAA570D92B17AF09862FBDD2DFEC x-amz-cf-id RyN15GmPdIUu5TbCUn872Uol7VD_Pjw2mUQ4vR9UhWH4m9CwODMCEw== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * content-length 10740 x-xss-protection 0 x-amz-cf-pop FRA56-P6
OPTIONS H3	200	wvsIsx8BB-chunk-default-0.framercms framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	0 0	9ms 9ms	Preflight	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers range Access-Control-Request-Method GET Origin https://hunt.io Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers Range access-control-allow-methods GET, HEAD, OPTIONS access-control-allow-origin * access-control-expose-headers Content-Range access-control-max-age 600 age 24450 alt-svc h3=":443"; ma=86400 content-length 0 date Wed, 11 Dec 2024 02:10:03 GMT referrer-policy strict-origin-when-cross-origin server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="LGEFOnFGA7mK0NDGbREWwXHeT5BUjHMKMVh_lkWOhbok-MZJddAoIQ==",cdn-downstream-fbl=1 strict-transport-security max-age=31536000; includeSubDomains; preload timing-allow-origin * via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) x-amz-cf-id LGEFOnFGA7mK0NDGbREWwXHeT5BUjHMKMVh_lkWOhbok-MZJddAoIQ== x-amz-cf-pop FRA56-P6 x-cache Hit from cloudfront x-content-type-options nosniff x-frame-options deny x-xss-protection 0
GET H3	206	wvsIsx8BB-chunk-default-0.framercms Show response framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/	121 B 652 B	11ms 10ms	Fetch application/octet-stream	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/modules/drpNeVQopLY1P5khDike/dRsRwQIaLOAXxsU4RZSx/wvsIsx8BB-chunk-default-0.framercms Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-AIWW63AC.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash b9f9ff04701407e5098517bed58cd91737b23cb35f8d9b2a9554b46dca8d8e13 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=114-234 Referer https://hunt.io/ Response headers access-control-expose-headers Content-Range age 54854 access-control-allow-methods GET, HEAD, OPTIONS x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="lacjwC0nwFeBGPg20U7a3L4fxrJ1TVkR5rRii1KzSCMoT9HmSXkK_g==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 17:43:19 GMT content-type application/octet-stream x-amz-cf-id lacjwC0nwFeBGPg20U7a3L4fxrJ1TVkR5rRii1KzSCMoT9HmSXkK_g== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, immutable timing-allow-origin * Content-Range bytes 114-234/245022 referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * Content-Length 121 x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	yVA9Oy9wbaBjaChzIOH78YiSFE.webp framerusercontent.com/images/	8 KB 0	0ms 0ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/yVA9Oy9wbaBjaChzIOH78YiSFE.webp?scale-down-to=512 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a741fd3317fed44c0f1c7b8161f1420298b044e564dfea131957c0e27982a66c Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "7231b098b0757259dd2bbfd90a7fb0f9" age 671306 x-content-type-options nosniff x-amzn-requestid 3de1bf36-0c6a-42e8-bf76-49da9ceef860 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id d3xPdm0CsLcGAffZWp5Rko77glYYh-FGtbCJ3vH-R-b53Ypg7Q5bBg== date Tue, 03 Dec 2024 14:29:06 GMT content-type image/avif vary Accept x-frame-options deny content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="d3xPdm0CsLcGAffZWp5Rko77glYYh-FGtbCJ3vH-R-b53Ypg7Q5bBg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f15b1-78bc758e7f872fa50e191290;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	6odJFlTcHq1fzIBehjj2s4p9DY.webp framerusercontent.com/images/	7 KB 0	0ms 0ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/6odJFlTcHq1fzIBehjj2s4p9DY.webp?scale-down-to=512 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 4dc2a5162f03c1768634a7d933f034a800807b5324368e398cdbfc038a06d395 Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "b3fc6d3f97ac740ee5904dc1c19ead8d" age 673449 x-content-type-options nosniff x-amzn-requestid bcf9756b-a7f3-480e-9de4-39e71cd81437 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id jW_2h8bFD6M4exoQg_4pM0flViiuwI4ijwUozireLuVmOoW37rGo3w== date Tue, 03 Dec 2024 13:53:23 GMT content-type image/avif vary Accept x-frame-options deny content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="jW_2h8bFD6M4exoQg_4pM0flViiuwI4ijwUozireLuVmOoW37rGo3w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d52-3771963431d7a22b4add2727;Parent=1f553ee76613da3a;Sampled=0;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp framerusercontent.com/images/	8 KB 0	1ms 1ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/cJA8dVwYG5AXjO4aXVKQ9QdZFg.webp?scale-down-to=512 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 341f61d7c3838f9e303327f41376afcc21e5e7e5d5408b795be682dcd97cde43 Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "e1a9183cb012ee35efa98e49b5e794c7" age 673449 x-content-type-options nosniff x-amzn-requestid ccc06360-8d94-47a9-b091-1b302a6ae954 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id DswDLJ_Lnw60Hk9hh9mOlDQfLs1E7y8ETHnu_AlICNtIFDcjbwtohw== date Tue, 03 Dec 2024 13:53:23 GMT content-type image/avif vary Accept x-frame-options deny content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="DswDLJ_Lnw60Hk9hh9mOlDQfLs1E7y8ETHnu_AlICNtIFDcjbwtohw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d52-337d67ec3b1a02f00d068755;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	2iZKHFgbhhPbSXPJTCZSAjibSz0.webp framerusercontent.com/images/	72 KB 73 KB	11ms 10ms	Image image/avif	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/2iZKHFgbhhPbSXPJTCZSAjibSz0.webp Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash f64db61461a61be895b05212054704844b4d20a9da93fc0349b2f0e8046002a8 Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "7ea5391ef5d57b06e20f5613414f4349" age 69032 x-content-type-options nosniff x-amzn-requestid fe09f424-6c55-4446-8e37-76a364637f7e server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="rYSIhHBI48A_ft3GqwTONZHIrc250gWGqWijfDE9CaIXai1Kgp5XkA==",cdn-downstream-fbl=3 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 13:47:01 GMT content-type image/avif vary Accept x-amz-cf-id rYSIhHBI48A_ft3GqwTONZHIrc250gWGqWijfDE9CaIXai1Kgp5XkA== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-67584651-01f645fe4ab0c3500efc6e41;Parent=57bba260d735a1c8;Sampled=0;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	XFsFr3Y6HDDfkPLgSPRuhldm2g.webp framerusercontent.com/images/	67 KB 68 KB	14ms 13ms	Image image/avif	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/XFsFr3Y6HDDfkPLgSPRuhldm2g.webp Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software / Resource Hash baec8ef28ee7d04e84305e579a7a397af272c2b2694b3e2879ea01a14c16a76a Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "71eb302e38ef24d00d5643fd1bc5d3f7" age 416280 x-content-type-options nosniff x-amzn-requestid c6d044ef-f595-45f2-b700-9b4097e2c470 server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="D7OY5VjF7G7_iiN1zPkRFzWvq8dsYPOFRGYWqlZyz5KJ5Hvs8Aj0Jg==",cdn-downstream-fbl=3 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Fri, 06 Dec 2024 13:19:33 GMT content-type image/avif vary Accept x-amz-cf-id D7OY5VjF7G7_iiN1zPkRFzWvq8dsYPOFRGYWqlZyz5KJ5Hvs8Aj0Jg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-6752f9e0-60292b0832e951d5426436f8;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H2	200	Wbt9vg2M3MLSUK6C8ZimtsouOws.webp framerusercontent.com/images/	52 KB 0	0ms 0ms	Image image/avif	2600:9000:2490:3c00:d:ada1:a280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://framerusercontent.com/images/Wbt9vg2M3MLSUK6C8ZimtsouOws.webp Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-7PZR57LV.mjs Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:3c00:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash af40af5e1469d7ef41aee9645556b634ada06969e8a9babf4d4e17c38aad2caf Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://hunt.io/ Response headers etag "294afbee86a7b816bb58ca4b178d9a09" age 673450 x-content-type-options nosniff x-amzn-requestid 0a40e9b2-0af7-4bf3-be26-e644a48199c7 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id vUytj-bX2BW5Z8nzO3kX1F5qFgeY3IfOuzXM6jg-vkCae-YK6qXsbw== date Tue, 03 Dec 2024 13:53:22 GMT content-type image/avif vary Accept x-frame-options deny content-security-policy default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce; cache-control public, max-age=31536000, stale-while-revalidate=31536000 timing-allow-origin * server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="vUytj-bX2BW5Z8nzO3kX1F5qFgeY3IfOuzXM6jg-vkCae-YK6qXsbw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4 cross-origin-resource-policy cross-origin x-amzn-trace-id Root=1-674f0d51-557acc861003e14f1c9dff39;Sampled=1;Lineage=1:f456f256:0 referrer-policy strict-origin-when-cross-origin via 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6
GET H3	200	Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	97 KB 13 KB	11ms 11ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash bece75fc8837c8a539530ef23fa0597efe496fb7d07b7087ed78f7a4a6ea0ceb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Response headers access-control-max-age 0 content-encoding br etag W/"e2db15eaef96000994d25addf69aa280" x-amz-version-id z7JXogl.eXjBn7hF50LEXSemQ.yPc_fu age 59837 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="_JyzkSX223U_aV0Swd63xE0TlNaMWZl1MtoDanZzhS3_cZs1oNzPxw==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:20:17 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-amz-cf-id _JyzkSX223U_aV0Swd63xE0TlNaMWZl1MtoDanZzhS3_cZs1oNzPxw== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status PENDING cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-3OHOHP5K.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	1 KB 1 KB	10ms 10ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-3OHOHP5K.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 85423271cadc50e7a8873249d3ece6c62b3180112ac657e66347ce4241d31dc9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/Jl3Kv7P-kDAXGrkG_Y3TePXcWEHsZdHVwzyhfgdi4S8.AXOWFRVS.mjs Response headers access-control-max-age 0 content-encoding br etag W/"0d3db3f4c9f52ed4383abbcc60719616" x-amz-version-id RGc_Ws_DDVt19gqO4V500uKpAg8wxHba age 3676113 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="RmcBu1IIvnBQwHze3gn5z6kvhmV9F0M1oC-J1ZT0t2hD59iR8xQuwA==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 29 Oct 2024 19:49:00 GMT content-type text/javascript last-modified Tue, 29 Oct 2024 18:16:43 GMT vary Accept-Encoding,Origin x-amz-cf-id RmcBu1IIvnBQwHze3gn5z6kvhmV9F0M1oC-J1ZT0t2hD59iR8xQuwA== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	41 KB 8 KB	10ms 9ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash e96570316195a9f6d9ae66ad55325d340e90ca1563bff1972640b2e0435002f2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Response headers access-control-max-age 0 content-encoding br etag W/"2a7526581ccd8f89b484d69b0f7f8c1c" x-amz-version-id s5XJaIOc6aIR_U1IsAO504Wz.MLo_krr age 59071 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="-h10mYBojHAY-Nqfq5Qw2UYQ_VzbmlMImn-vIMvvkzSo64-ciSMEOA==",cdn-downstream-fbl=1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:33:03 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:27 GMT vary Accept-Encoding,Origin x-amz-cf-id -h10mYBojHAY-Nqfq5Qw2UYQ_VzbmlMImn-vIMvvkzSo64-ciSMEOA== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	45 KB 8 KB	11ms 10ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 831ed047a786cb3bd6a4a3ee93e8457242ee53207b0d04c3b66a3f9899dd78bb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Response headers access-control-max-age 0 content-encoding br etag W/"a8b232442f006891ea01135e0614294c" x-amz-version-id rRHUF1XfR3W7MbiJXLvdmoj6zH8UT8Cc age 59071 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Eg-Er_aI9pdCpsho59_LXG9ACWSuDwnSb-9u5UF8WkkLvnoKDAW5BQ==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:33:03 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:27 GMT vary Accept-Encoding,Origin x-amz-cf-id Eg-Er_aI9pdCpsho59_LXG9ACWSuDwnSb-9u5UF8WkkLvnoKDAW5BQ== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	91 KB 13 KB	12ms 11ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 7734581c037aa18ef75406de8fe8447d0194e730d674fa4670495be8982f366d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Response headers access-control-max-age 0 content-encoding br etag W/"db314f045a5d16008ccacbbbd422ba78" x-amz-version-id LknprcHoG9RIWtDgcrp.U4ud8fUJoXsL age 58970 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="p1kd-JenZHNR44P-CzJiUpp5MJ2W_ZTawP_zFoOJfOcj5cp-n2aZRw==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:34:43 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:27 GMT vary Accept-Encoding,Origin x-amz-cf-id p1kd-JenZHNR44P-CzJiUpp5MJ2W_ZTawP_zFoOJfOcj5cp-n2aZRw== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	74 KB 11 KB	12ms 12ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs Requested by Host: framerusercontent.com URL: https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash dae44b82855ff15075c37f13f6492e3407e86c9bf27bf8c06b5e7f6dc7739238 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/script_main.DVS43U5Q.mjs Response headers access-control-max-age 0 content-encoding br etag W/"035ebdba59ce6411283ae98079fa0855" x-amz-version-id Z337c7i8vuZTkZNihwozhfw7558OJnO4 age 59071 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="RXZY1Iu3zmYRcmIxcyivbuhuHvbgwMxxiKPSyyIM_kIkR9WtZTIhVQ==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:33:03 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:28 GMT vary Accept-Encoding,Origin x-amz-cf-id RXZY1Iu3zmYRcmIxcyivbuhuHvbgwMxxiKPSyyIM_kIkR9WtZTIhVQ== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-75KC3OJW.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	999 B 2 KB	11ms 11ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-75KC3OJW.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash f8c7aece584727904d9ece558d571f0a745d505013a200a9e4382d293401e840 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zhL8nU7XNNGFRlAIY2FM-h62K_VrrSiSRyTqnUBhnM8.REHR67NR.mjs Response headers access-control-max-age 0 etag "c8efc240356389f13cecc167c1012996" x-amz-version-id 384fSgCaLNTCw8vS0a1jU0vO3hVbg5BA age 1097059 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="GrJito7osyUTh3gaKa9O2uFt-EGpDj3ma_F73dX82Jb5WhQLb-B3eg==",cdn-downstream-fbl=3 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Thu, 28 Nov 2024 16:13:15 GMT content-type text/javascript last-modified Thu, 28 Nov 2024 15:59:29 GMT vary Origin x-amz-cf-id GrJito7osyUTh3gaKa9O2uFt-EGpDj3ma_F73dX82Jb5WhQLb-B3eg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 999 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-W7PAJESI.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	997 B 2 KB	14ms 14ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-W7PAJESI.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash fd2c9f5458dff3221f07b1f32bb05b7d9fbf9e9f435448ed14ed1c273d0e493e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/zf7oaQsVisvCUlpUMhEzxzxL1qwjjWU7pRoRegRYu8A.4QUJHPOE.mjs Response headers access-control-max-age 0 etag "7840196577db9a0c47d25a45b1404bd5" x-amz-version-id QgHE8RSGZjupsxwZfhUKEXtU06V8c9l9 age 1097059 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="OTyiwWxPAXDoSBPcJq1rlgfWDNn3vXt3uFn8bFkHHqJ5osLDNzzSdw==",cdn-downstream-fbl=4 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Thu, 28 Nov 2024 16:13:15 GMT content-type text/javascript last-modified Thu, 28 Nov 2024 15:59:29 GMT vary Origin x-amz-cf-id OTyiwWxPAXDoSBPcJq1rlgfWDNn3vXt3uFn8bFkHHqJ5osLDNzzSdw== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 997 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-2MP2Z6KV.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	993 B 2 KB	9ms 9ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2MP2Z6KV.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 20f16f669e39ddc2f4fce46463481ec43157c6d23258ec2f59f32a23c3d66a8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs Response headers access-control-max-age 0 etag "a0270dad90dd051af03ad27f756ce88b" x-amz-version-id Xa6i0f68HFqGuYAYsjcBEL8VNbvS_6X7 age 4084577 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="8cysD6R6CtO6QwZQjOkyTyOeXGy3uj2N33w8gqXof84JoCXag26LCQ==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Fri, 25 Oct 2024 02:21:17 GMT content-type text/javascript last-modified Thu, 24 Oct 2024 17:21:26 GMT vary Origin x-amz-cf-id 8cysD6R6CtO6QwZQjOkyTyOeXGy3uj2N33w8gqXof84JoCXag26LCQ== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 993 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-BLPGJRRP.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	16 KB 4 KB	12ms 12ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-BLPGJRRP.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 2559a88e000cccc51219cf9871ce1762dad455a8a76d0cb1d13821e0664b39dd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/pRiwASxP9OJsmj9eXZodYhMZRAVY5w9eI5HAcshw2Vw.BBMY7BTJ.mjs Response headers access-control-max-age 0 content-encoding br etag W/"b00a0c4ceb4d020cc933396dce6edc73" x-amz-version-id cPYhPK3VErO5rbUfXuZ2_cikxBRMYjUB age 59072 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="he8Oe3-SB2LK3z25hMcaVng59JSmL8igF_v19hg8BrExCwBd0cVwyg==",cdn-downstream-fbl=2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Tue, 10 Dec 2024 16:33:02 GMT content-type text/javascript last-modified Tue, 10 Dec 2024 16:09:27 GMT vary Accept-Encoding,Origin x-amz-cf-id he8Oe3-SB2LK3z25hMcaVng59JSmL8igF_v19hg8BrExCwBd0cVwyg== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) access-control-allow-origin * x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256
GET H3	200	chunk-2GYV7IVM.mjs Show response framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/	933 B 2 KB	12ms 12ms	Script text/javascript	108.138.7.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/chunk-2GYV7IVM.mjs Requested by Host: hunt.io URL: https://hunt.io/blog/rare-watermark-links-cobalt-strike-team-servers-to-ongoing-suspicious-activity Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.7.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-13.fra56.r.cloudfront.net Software CloudFront / Resource Hash 195e5840ca8966eb3ab97a9eb1582e7375d49810416f043dd8378af918367b9f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://hunt.io Referer https://framerusercontent.com/sites/6JIWbys4J7luUrNMA4Ci7w/uGlNsLGsxLbZSRZ1mvzu3m0ZuvxWi0UMM-zLyu4GSN4.ASBAZL5M.mjs Response headers access-control-max-age 0 etag "24298ba8391c7d23a5170e0e38318a28" x-amz-version-id 4vGIXYTq8ueJqN572Ig7jiu.3n5EU9ic age 7865405 access-control-allow-methods GET x-content-type-options nosniff server-timing cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Hhs-UN1t4PwAIzPU7BrD_nKJnmZyuOa5eI9A0fPJtowetzMXs3Ri4A==",cdn-downstream-fbl=3 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 date Wed, 11 Sep 2024 08:07:29 GMT content-type text/javascript last-modified Tue, 10 Sep 2024 13:03:14 GMT vary Origin x-amz-cf-id Hhs-UN1t4PwAIzPU7BrD_nKJnmZyuOa5eI9A0fPJtowetzMXs3Ri4A== x-frame-options deny strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-replication-status COMPLETED cache-control public, max-age=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin referrer-policy strict-origin-when-cross-origin via 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 933 x-xss-protection 0 x-amz-cf-pop FRA56-P6 server CloudFront x-amz-server-side-encryption AES256