www.cfr.org Open in urlscan Pro
2606:4700::6812:9ee Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cfr.org/interactive/cyber-operations/lazarus-group
Effective URL:
https://www.cfr.org/cyber-operations/lazarus-group
Submission: On April 19 via api (April 19th 2022, 10:48:59 pm UTC) from US — Scanned from DE

Summary HTTP 60 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 23 IPs in 3 countries across 19 domains to perform 60 HTTP transactions. The main IP is 2606:4700::6812:9ee, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cfr.org. The Cisco Umbrella rank of the primary domain is 139121.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 27th 2022. Valid for: a year.

This is the only time www.cfr.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 24	2606:4700::68... 2606:4700::6812:9ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:e14e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:215... 2600:9000:2156:ec00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dd1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:f449	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::714	54113 (FASTLY) (FASTLY)
1	108.157.4.113 108.157.4.113	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	108.157.4.122 108.157.4.122	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	143.204.214.148 143.204.214.148	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dcb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	143.204.98.69 143.204.98.69	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
60	23

24 2606:4700::6812:9ee (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

www.cfr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:e14e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:ec00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:7::17d8:4dd1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f449 (United States)

ASN13335 (CLOUDFLARENET, US)

hello.myfonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-113.dus51.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-122.dus51.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.148 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-148.fra53.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dcb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-69.fra50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	cfr.org 3 redirects www.cfr.org — Cisco Umbrella Rank: 139121	716 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	56 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 510 p.typekit.net — Cisco Umbrella Rank: 625	74 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	198 KB
4	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1216 mab.chartbeat.com — Cisco Umbrella Rank: 2301	48 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 621 script.hotjar.com — Cisco Umbrella Rank: 818 vars.hotjar.com — Cisco Umbrella Rank: 999	67 KB
3	fonts.net fast.fonts.net — Cisco Umbrella Rank: 3026	58 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	51 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	315 B
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2388	83 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 354	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 380	14 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5383	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 4	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 95	440 B
1	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 2974	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	70 KB
1	myfonts.net hello.myfonts.net — Cisco Umbrella Rank: 5349	354 B
0	chartbeat.net Failed ping.chartbeat.net Failed
60	19

	Domain	Requested by
24	www.cfr.org	3 redirects www.cfr.org
5	www.google-analytics.com	www.googletagmanager.com www.cfr.org
4	connect.facebook.net	www.cfr.org connect.facebook.net
4	use.typekit.net	www.cfr.org
3	static.chartbeat.com	www.cfr.org
3	fast.fonts.net	www.cfr.org fast.fonts.net
2	www.youtube.com	www.cfr.org www.youtube.com
2	www.facebook.com	www.cfr.org
2	stackpath.bootstrapcdn.com	www.cfr.org stackpath.bootstrapcdn.com
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.cfr.org
1	www.google.de	www.cfr.org
1	www.google.com	www.cfr.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	vars.hotjar.com	static.hotjar.com
1	p.typekit.net	www.cfr.org
1	cdn.amplitude.com	www.cfr.org
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.googletagmanager.com
1	mab.chartbeat.com	static.chartbeat.com
1	www.googletagmanager.com	www.cfr.org
1	hello.myfonts.net	www.cfr.org
0	ping.chartbeat.net Failed
60	23

This site contains links to these domains. Also see Links.

Domain
cfr.org
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
www.linkedin.com
www.foreignaffairs.com
www.us-cert.gov
www.justice.gov
www.operationblockbuster.com
securelist.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-27` - `2022-04-27`	3 months	crt.sh
cdn.amplitude.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.cfr.org/cyber-operations/lazarus-group
Frame ID: 785EA73FEE92367BACC56A8FD8DB8A98
Requests: 58 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: 9F0A3C552E79975D96452710F34FD239
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8106032C3BF4CCC8D8EF0373C4E29C60
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lazarus Group | CFR InteractivesLogo

Page URL History Show full URLs

https://www.cfr.org/interactive/cyber-operations/lazarus-group HTTP 301
https://www.cfr.org/cyber-operations/lazarus-group Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

60
Requests

95 %
HTTPS

73 %
IPv6

19
Domains

23
Subdomains

23
IPs

3
Countries

1457 kB
Transfer

4739 kB
Size

18
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://cfr.org/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/councilonforeignrelations

Search URL Search Domain Scan URL

URL: https://twitter.com/CFR_org

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cfr/featured

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cfr_org/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/council-on-foreign-relations

Search URL Search Domain Scan URL

URL: https://www.foreignaffairs.com/
Title: ForeignAffairs.com

Search URL Search Domain Scan URL

URL: https://cfr.org/interactive/cyber-operations/wannacry
Title: WannaCry

Search URL Search Domain Scan URL

URL: https://www.us-cert.gov/ncas/alerts/TA17-164A
Title: Hidden Cobra

Search URL Search Domain Scan URL

URL: https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
Title: malware analysis report

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and
Title: criminally charged and sanctioned

Search URL Search Domain Scan URL

URL: https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
Title: Operation Blockbuster

Search URL Search Domain Scan URL

URL: https://securelist.com/blog/sas/77908/lazarus-under-the-hood/
Title: Lazarus Under The Hood

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cfr.org/interactive/cyber-operations/lazarus-group HTTP 301
https://www.cfr.org/cyber-operations/lazarus-group Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2 HTTP 301
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2

Request Chain 24

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2 HTTP 301
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request lazarus-group Show response
www.cfr.org/cyber-operations/
Redirect Chain

https://www.cfr.org/interactive/cyber-operations/lazarus-group
https://www.cfr.org/cyber-operations/lazarus-group

81 KB
20 KB

487ms
487ms

Document
text/html

2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b386fda9aeac93c7b0fc27d5ef0a3bc433f01acf30af85a942c90b4637e921c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
age: 7739
cache-control: max-age=10800, public
cf-cache-status: DYNAMIC
cf-ray: 6fe930b22f3f5c14-FRA
content-encoding: gzip
content-language: en
content-type: text/html; charset=UTF-8
date: Tue, 19 Apr 2022 22:48:53 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 14 Apr 2022 15:25:09 GMT
link: <https://microsites-live-backend.cfr.org/node/1300>; rel="shortlink", <https://microsites-live-backend.cfr.org/cyber-operations/lazarus-group>; rel="revision", <//microsites-live-backend.cfr.org>; rel=preconnect; crossorigin, <//microsites-live-backend.cfr.org>; rel=dns-prefetch
server: cloudflare
traceparent: 00-ded13757b9ca4e1eb5e0d0770d2f14d7-939fac93cdc90f7e-00
vary: Accept-Encoding, Cookie, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: ded13757b9ca4e1eb5e0d0770d2f14d7/10637410595685076862;o=0
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-tsxgd
x-robots-tag: all
x-served-by: cache-mdw17336-MDW, cache-hhn4078-HHN
x-styx-req-id: 773cd74c-bde1-11ec-9768-869475f2963b
x-timer: S1650408533.192978,VS0,VE106
x-ua-compatible: IE=edge
z-cf-worker: microsites-live-backend.cfr.org

Redirect headers

access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cf-ray: 6fe930afdc8f5c14-FRA
content-length: 0
date: Tue, 19 Apr 2022 22:48:52 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://www.cfr.org/cyber-operations/lazarus-group
server: cloudflare
vary: Accept-Encoding
x-robots-tag: all

GET
H2 200 css_hFMGFJfRJKZg7iyTG6v-IisooJkE_zs-c6nJA5yVRCg.css
www.cfr.org/cdn/ff/CR9lqtU4KIV_zGvoltUo0IRHEkvzs_zx2THvn1x0u0I/1648753470/public/css/ 10 KB
4 KB 387ms
386ms Stylesheet
text/css 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/CR9lqtU4KIV_zGvoltUo0IRHEkvzs_zx2THvn1x0u0I/1648753470/public/css/css_hFMGFJfRJKZg7iyTG6v-IisooJkE_zs-c6nJA5yVRCg.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

8453061497d124a660ee2c931babfe222b28a09904ff3b3e73a9c9039c954428

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-cnstd
x-served-by: cache-mdw17358-MDW, cache-hhn4047-HHN
x-timer: S1648754049.852256,VS0,VE108
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/css;charset=UTF-8
x-styx-req-id: 66bae1ca-b125-11ec-8365-5e704e22f4b6
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: de2eefd6b5d847e1b62841f13dca8ea9/12774846910427744546;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 0
date: Tue, 19 Apr 2022 22:48:53 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, MISS
content-length: 3064
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-de2eefd6b5d847e1b62841f13dca8ea9-b1495f94bc0ac922-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b54ae45c14-FRA

GET
H2 200 69fdb849-9596-41e2-bfcd-fbef96cc9216.css
fast.fonts.net/cssapi/ 40 KB
3 KB 61ms
28ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b982480e5550c9eb095ce609def69d6a31c2a1ecbe4a1d4119b63f2127a118d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 3974
x-amz-request-id: HF489220S100NGZG
x-amz-id-2: tjCCMWDb3toj7EU5OwLW3uVOJcOwO6ip4SCJ+h07o/68BXKRZcxcS92Jdy1hlRHqGks0H7OLoNo=
last-modified: Wed, 17 Feb 2021 06:09:46 GMT
server: cloudflare
etag: W/"59f5f5953bb1e143a7ff03043e7f7ed8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
expires: Tue, 19 Apr 2022 22:53:53 GMT
cache-control: public, max-age=300
cf-ray: 6fe930b58d19695b-FRA
x-amz-meta-mtime: 1580408781

GET
H2 200 css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/ 870 KB
160 KB 369ms
368ms Stylesheet
text/css 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

3d0dbc13717a3726b829dbaf9d95b84cefc928c4bcef09a169104accd77fdc2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-lwhnb
x-served-by: cache-mdw17351-MDW, cache-fra19155-FRA
x-timer: S1648757084.075264,VS0,VE3
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/css;charset=UTF-8
x-styx-req-id: 66c5ad61-b125-11ec-befc-827ec85074c7
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: c32e54ab68874bed8849e603a4f2d220/1053533008785426169;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:48:53 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 163298
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-c32e54ab68874bed8849e603a4f2d220-0e9ee6b08bcdc6f9-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b54ae55c14-FRA

GET
H2 200 js_JvjVZf22lVrqBDpom2woUqDL0kH_iOH-F9GakV8hJvE.js Show response
www.cfr.org/cdn/ff/EbpnOM6reKlI1j59b1Ac3ltPFI3jFDU15WRQQ0ishVM/1648753471/public/js/ 843 B
956 B 494ms
493ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/EbpnOM6reKlI1j59b1Ac3ltPFI3jFDU15WRQQ0ishVM/1648753471/public/js/js_JvjVZf22lVrqBDpom2woUqDL0kH_iOH-F9GakV8hJvE.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

26f8d565fdb6955aea043a689b6c2852a0cbd241ff88e1fe17d19a915f2126f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
fastly-original-body-size: 513
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-65mrv
x-served-by: cache-mdw17326-MDW, cache-hhn4021-HHN
x-timer: S1648754050.669360,VS0,VE105
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 66c5bcf1-b125-11ec-a525-eec4103032ce
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 78edae7d826f476c80d48aeaf0af95e1/14850853565051241515;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 2, 0
date: Tue, 19 Apr 2022 22:48:53 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, MISS
content-length: 513
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-78edae7d826f476c80d48aeaf0af95e1-ce18d4a25c39042b-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b54ae65c14-FRA

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
10 KB 34ms
7ms Script
application/x-javascript 2600:9000:2156:ec00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4be319fc7e78bf1beb5b73bb76e33e445bf3170ebcd66fd72639743115287a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:44:34 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:18:19 GMT
server: nginx
age: 259
etag: W/"625616cb-595b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: d_qq85N8dYz4Q12qBe4HFMDpoI8avEwkZhm0IjTMneyuHXeLQZazyg==
expires: Wed, 20 Apr 2022 00:44:34 GMT

GET
H2 200 cfr-logo.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 5 KB
3 KB 399ms
397ms Image
image/svg+xml 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-logo.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 441e4e3fe5729e0accb9821c52fe1bad58dd4f340b690dd2e2f92e4a56dc9349

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b86e665c14-FRA
x-cache: HIT, MISS
x-cache-hits: 1, 0
vary: Accept-Encoding
content-length: 2430
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17351-MDW, cache-hhn4076-HHN
expires: Wed, 05 Apr 2023 20:06:42 GMT
last-modified: Sun, 03 Apr 2022 01:53:12 GMT
server: cloudflare
traceparent: 00-f78de5f411d14d26a0a558c799c1e795-6d82b621f5d746ab-00
x-timer: S1649133271.671581,VS0,VE103
etag: W/"6248fe08-131d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: bec6196d-b452-11ec-ac28-5a71cabf4831
x-cloud-trace-context: f78de5f411d14d26a0a558c799c1e795/7891069754081232555;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-6w62l

GET
H2 200 cfr-monogram.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 1 KB
1 KB 404ms
402ms Image
image/svg+xml 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-monogram.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c27689acf09443c53ff547643bd6485954e4220e6bb04de4698ba05ad2fece7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e675c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 4
vary: Accept-Encoding
content-length: 806
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17380-MDW, cache-fra19143-FRA
expires: Sat, 15 Apr 2023 04:42:48 GMT
last-modified: Tue, 12 Apr 2022 11:54:00 GMT
server: cloudflare
traceparent: 00-0c31031471544d70bd67515c3d1e400e-98abd57299a24ea2-00
x-timer: S1650370151.650622,VS0,VE1
etag: W/"62556858-5a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: 55a0f082-bbad-11ec-ac28-5a71cabf4831
x-cloud-trace-context: 0c31031471544d70bd67515c3d1e400e/11001121202963107490;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-6w62l

GET
H2 200 cfr-monogram-white.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 1 KB
1 KB 409ms
407ms Image
image/svg+xml 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-monogram-white.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6260ec37635d4bf6de6c5a19ee5afd3ddac9807858accda9fe27fb102b0306a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: EXPIRED
access-control-allow-origin: *
cf-ray: 6fe930b87e6a5c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 808
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17366-MDW, cache-hhn4078-HHN
expires: Tue, 18 Apr 2023 03:41:09 GMT
last-modified: Sat, 16 Apr 2022 02:39:06 GMT
server: cloudflare
traceparent: 00-abbba11373bf42128a4d7043e4afe71b-219dcf18831602db-00
x-timer: S1650408534.226900,VS0,VE2
etag: W/"625a2c4a-59d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: 385ff8a0-be00-11ec-b93f-a2c7c03b7d3e
x-cloud-trace-context: abbba11373bf42128a4d7043e4afe71b/2422319878780617435;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-5rbmp

GET
H2 200 cfr-logo-grey.svg
www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/ 5 KB
3 KB 386ms
384ms Image
image/svg+xml 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/templates/icons/assets/cfr-logo-grey.svg
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88c718b918764a88fb43e244368d824167eca1b7d4b5586f428d2c654f5db084

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: gzip
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e6b5c14-FRA
x-cache: HIT, MISS
x-cache-hits: 1, 0
vary: Accept-Encoding
content-length: 2431
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17358-MDW, cache-hhn4051-HHN
expires: Wed, 19 Apr 2023 22:02:49 GMT
last-modified: Mon, 18 Apr 2022 00:37:28 GMT
server: cloudflare
traceparent: 00-9d73c1995eed46d29eefff1f48583ae6-b0023d788ed1a1d1-00
x-timer: S1650333583.075394,VS0,VE105
etag: W/"625cb2c8-131d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
x-styx-req-id: 49413d17-bf63-11ec-a1ba-564a52df1d80
x-cloud-trace-context: 9d73c1995eed46d29eefff1f48583ae6/12682767088630211025;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-jqprh

GET
H2 200 fb.png
www.cfr.org/themes/custom/cfr_interactives/images/ 361 B
713 B 414ms
413ms Image
image/png 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/fb.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 858ab6f5b4ffcfc2c7d2a766d0280c773155d12419e4413afabaabbfbd327178

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e6c5c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 361
x-served-by: cache-mdw17377-MDW, cache-fra19178-FRA
expires: Sat, 01 Apr 2023 19:11:23 GMT
last-modified: Thu, 31 Mar 2022 19:03:21 GMT
server: cloudflare
traceparent: 00-1bf78421fa174ee8829e631dcfb3283d-70fe2f3708b5cf02-00
x-timer: S1649917843.014419,VS0,VE1
etag: "6245faf9-169"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 5ada12f7-b126-11ec-90c9-c2ea4801bb9c
x-cloud-trace-context: 1bf78421fa174ee8829e631dcfb3283d/8141997089748274946;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-2h5j7

GET
H2 200 tw.png
www.cfr.org/themes/custom/cfr_interactives/images/ 566 B
926 B 424ms
422ms Image
image/png 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/tw.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0b3d5944c5c487975713c560c2f2d231833194d6e17a234e543bf5008c4a0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e6e5c14-FRA
x-cache: MISS, MISS
x-cache-hits: 0, 0
vary: Accept-Encoding
content-length: 566
x-served-by: cache-mdw17371-MDW, cache-fra19151-FRA
expires: Mon, 10 Apr 2023 00:39:02 GMT
last-modified: Sat, 09 Apr 2022 00:36:49 GMT
server: cloudflare
traceparent: 00-9f2e05dde9e5407989a93eaf3a805a97-084d0adccff95c40-00
x-timer: S1649464743.828600,VS0,VE120
etag: "6250d521-236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 7432cb16-b79d-11ec-ac28-5a71cabf4831
x-cloud-trace-context: 9f2e05dde9e5407989a93eaf3a805a97/598146269008452672;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-6w62l

GET
H2 200 linkedin.png
www.cfr.org/themes/custom/cfr_interactives/images/ 477 B
863 B 267ms
265ms Image
image/png 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/linkedin.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25339168c3002c3963458b77ea5958b13ff3f5360d3ade657ec02e9a15241f2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e6f5c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 477
x-served-by: cache-mdw17348-MDW, cache-hhn4053-HHN
expires: Sun, 16 Apr 2023 08:10:01 GMT
last-modified: Wed, 13 Apr 2022 12:53:11 GMT
server: cloudflare
traceparent: 00-80a3446f953643d88a59087f28fbb21f-e6b2fe559351d262-00
x-timer: S1650389276.424768,VS0,VE2
etag: "6256c7b7-1dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 731b0923-bc93-11ec-b93f-a2c7c03b7d3e
x-cloud-trace-context: 80a3446f953643d88a59087f28fbb21f/16623628818075210338;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-5rbmp

GET
H2 200 email.png
www.cfr.org/themes/custom/cfr_interactives/images/ 2 KB
2 KB 399ms
397ms Image
image/png 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/images/email.png
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16dca0578c5dad27c98ceb0f111551005f088753941e0e7477cfd6b6418eff10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930b87e705c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 1604
x-served-by: cache-mdw17343-MDW, cache-hhn4025-HHN
expires: Mon, 10 Apr 2023 00:29:30 GMT
last-modified: Wed, 06 Apr 2022 19:53:42 GMT
server: cloudflare
traceparent: 00-130cc7eb5e6043c0bef2886181f4a3c8-2ef6a3abff215af3-00
x-timer: S1650247112.451420,VS0,VE1
etag: "624defc6-644"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
x-styx-req-id: 1ed810e3-b79c-11ec-916b-da2649bba442
x-cloud-trace-context: 130cc7eb5e6043c0bef2886181f4a3c8/3384072129130617587;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-7c8dd69879-lx577

GET
H2 200 email-decode.min.js Show response
www.cfr.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
849 B 11ms
10ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 11:16:45 GMT
server: cloudflare
etag: W/"62555f9d-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6fe930b7bd9e5c14-FRA
vary: Accept-Encoding
expires: Thu, 21 Apr 2022 22:48:53 GMT

GET
H2 200 js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js Show response
www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/ 778 KB
226 KB 395ms
395ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

e8ec246be847bd1e0fb874b1fa30d5e86d0c7a545100701c61466cb274a24fba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-lwhnb
x-served-by: cache-mdw17325-MDW, cache-hhn4074-HHN
x-timer: S1649463322.204468,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 66c5b236-b125-11ec-befc-827ec85074c7
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: ef330c04fba74c48aa3db30073f99f21/3804534434668529470;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 230303
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-ef330c04fba74c48aa3db30073f99f21-34cc6be93a28c73e-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b80df05c14-FRA

GET
H2 200 ygq0fud.js Show response
use.typekit.net/ 17 KB
7 KB 28ms
7ms Script
text/javascript 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ygq0fud.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

1fc25c6ef9e9f8c6c661521910a0d4d6daa67795b49fd275799e5b52ff4fa7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Tue, 19 Apr 2022 22:48:53 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6649

GET
H2 200 js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js Show response
www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/ 689 KB
160 KB 420ms
419ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

81c4d4938e8222055bd3392ebcac90f52469848f54a02a36cbbcdd4402cdaa48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-2h5j7
x-served-by: cache-mdw17349-MDW, cache-hhn4051-HHN
x-timer: S1648754050.582727,VS0,VE109
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 7bc44356-b125-11ec-90c9-c2ea4801bb9c
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 96bdb1fdbadb4612b04227b113f8be19/9343816227866854069;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 0
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, MISS
content-length: 163180
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-96bdb1fdbadb4612b04227b113f8be19-81abe75a8488c2b5-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b86e645c14-FRA

GET
H2 200 eu_cookie_compliance.js Show response
www.cfr.org/cdn/ff/oyBawr07ShAlqXvFNzIel8H0kysLZRnBaxqbYmuz5yE/1649916452/:relative:/modules/contrib/eu_cookie_compliance/js/ 58 KB
9 KB 407ms
405ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/oyBawr07ShAlqXvFNzIel8H0kysLZRnBaxqbYmuz5yE/1649916452/:relative:/modules/contrib/eu_cookie_compliance/js/eu_cookie_compliance.js?v=1.19

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

12d4333dcb06732662dc11038f64c540376dd42f9ece747a2c9a4f22b6760821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
x-pantheon-styx-hostname: styx-fe4-b-555d558b88-8g5bs
x-served-by: cache-mdw17348-MDW, cache-fra19158-FRA
x-timer: S1650059270.659259,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: d86b6570-bbc9-11ec-bbb0-022df9d6f5fb
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 2b9e48d45ab94718a734bf0024aa3c39/16312834976085725402;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 9043
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-2b9e48d45ab94718a734bf0024aa3c39-e262d4fb4d2850da-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b87e745c14-FRA

GET
H2 200 js_SKCzW6eupnaDuc9nhV-4x5vc3GvKS6lR_dvSO4nXkLU.js Show response
www.cfr.org/cdn/ff/CiowIbPUHeyhZ8gnIJkGZm5K0Kho9uiBt6Fb7peMl6I/1648753473/public/js/ 7 KB
2 KB 399ms
397ms Script
application/javascript 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/cdn/ff/CiowIbPUHeyhZ8gnIJkGZm5K0Kho9uiBt6Fb7peMl6I/1648753473/public/js/js_SKCzW6eupnaDuc9nhV-4x5vc3GvKS6lR_dvSO4nXkLU.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Drupal CDN module (https://www.drupal.org/project/cdn)

Resource Hash

48a0b35ba7aea67683b9cf67855fb8c79bdcdc6bca4ba951fddbd23b89d790b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cyber-operations/lazarus-group
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
fastly-original-body-size: 1936
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-q9h4q
x-served-by: cache-mdw17375-MDW, cache-hhn4068-HHN
x-timer: S1648754055.633785,VS0,VE2
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/javascript
x-styx-req-id: 66d6763b-b125-11ec-aac2-b6d4b691b347
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: d0da68ef90b14639a0ff4345c6cbb3c9/11989087743234344261;o=0
cache-control: immutable, max-age=290304000, no-transform, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-content-type-options: nosniff
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
x-powered-by: Drupal CDN module (https://www.drupal.org/project/cdn)
x-cache: HIT, HIT
content-length: 1936
x-ua-compatible: IE=edge
last-modified: Wed, 20 Jan 1988 04:20:42 GMT
server: cloudflare
traceparent: 00-d0da68ef90b14639a0ff4345c6cbb3c9-a661cbc814790545-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Tue, 20 Jan 2037 04:20:42 GMT
accept-ranges: bytes
cf-ray: 6fe930b86e655c14-FRA

GET
H2 200 1.css
fast.fonts.net/t/ 0
218 B 26ms
26ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=69fdb849-9596-41e2-bfcd-fbef96cc9216
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
cf-cache-status: HIT
age: 32516
cf-ray: 6fe930b5bd4e695b-FRA
content-length: 0
x-amz-id-2: BS/cz/1qTrfbN3vvZtU76RLMB8Wru1yInwi2gUhvgqzoWIj9pqkODRt8oXyyHP0X/5RPToygJuc=
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 9Y264NXNXJ35X7Z8
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1519217722

GET
H2 200 320b78
hello.myfonts.net/count/ 0
354 B 43ms
17ms Stylesheet
text/css 2606:4700::6811:f449
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hello.myfonts.net/count/320b78
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:f449 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
server: cloudflare
age: 1
expect-ct: null
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 6fe930b7e95a5c74-FRA
content-length: 0
expires: Wed, 19 Apr 2023 22:48:53 GMT

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 32ms
15ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
age: 7312460
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cf-ray: 6fe930b7db4a997b-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 247 KB
70 KB 154ms
67ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

31caa25a461b1814e171d7a0af59e98076a3592c0c68b59bd783eaaf8680f132

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71499
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:48:53 GMT

GET
H2

200

320B78_3_0.woff2
www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/
Redirect Chain

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2

42 KB
42 KB

423ms
422ms

Font
font/woff2

2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dad1738d16a4a903c1e60e47a7bc561699983e53859269575bc4074d738ba86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
access-control-allow-origin: *
cf-ray: 6fe930ba183e5c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 42748
x-served-by: cache-mdw17334-MDW, cache-hhn4042-HHN
expires: Sat, 01 Apr 2023 19:11:23 GMT
last-modified: Thu, 31 Mar 2022 19:03:21 GMT
server: cloudflare
traceparent: 00-e1822ee969ae41c5a26ac2662d3c1023-f3c2a2b06e40cc38-00
x-timer: S1650406299.569104,VS0,VE2
etag: "6245faf9-a6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
x-styx-req-id: 5b0d33a1-b126-11ec-90c9-c2ea4801bb9c
x-cloud-trace-context: e1822ee969ae41c5a26ac2662d3c1023/17564780375346039864;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-b-97f8fd4b8-2h5j7

Redirect headers

date: Tue, 19 Apr 2022 22:48:54 GMT
server: cloudflare
location: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_3_0.woff2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
x-robots-tag: all
cf-ray: 6fe930b88e8c5c14-FRA
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
content-length: 0

GET
H2

200

320B78_1_0.woff2
www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/
Redirect Chain

https://www.cfr.org/interactive/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2

42 KB
42 KB

383ms
383ms

Font
font/woff2

2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
Protocol: H2
Server: 2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd8f8bea0609488a4902819881e728bec9ce24da7b4ddc409f6e9439bea6b205

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/cdn/ff/vwcU89Su5KUz8lsHTmDH3XFpeHQUdtlaTnACrkWnV7Q/1648753470/public/css/css_PQ28E3F6Nya4KduvnZW4TO_JKMS87wmhaRBKzNd_3C4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
z-cf-worker: microsites-live-backend.cfr.org
cf-cache-status: REVALIDATED
fastly-original-body-size: 42904
access-control-allow-origin: *
cf-ray: 6fe930baf9515c14-FRA
x-cache: HIT, HIT
x-cache-hits: 1, 1
vary: Accept-Encoding
content-length: 42904
x-served-by: cache-mdw17359-MDW, cache-hhn4052-HHN
expires: Sat, 01 Apr 2023 19:11:23 GMT
last-modified: Thu, 31 Mar 2022 19:03:24 GMT
server: cloudflare
traceparent: 00-182bce9d41da4e61828f9f6f788ee3c8-d1727e2a44452e51-00
x-timer: S1649112671.843780,VS0,VE2
etag: "6245fafc-a798"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
x-styx-req-id: 5b1a6225-b126-11ec-aac2-b6d4b691b347
x-cloud-trace-context: 182bce9d41da4e61828f9f6f788ee3c8/15092264021271064145;o=0
cache-control: max-age=31622400
accept-ranges: bytes
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-pantheon-styx-hostname: styx-fe4-a-c8f79d547-q9h4q

Redirect headers

date: Tue, 19 Apr 2022 22:48:54 GMT
server: cloudflare
location: https://www.cfr.org/themes/custom/cfr_interactives/assets/fonts/larsseit/320B78_1_0.woff2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
x-robots-tag: all
cf-ray: 6fe930b88e8d5c14-FRA
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
content-length: 0

GET
H2 200 8b6420fe-9ace-4e4c-87a7-33443a3cb299.woff2
fast.fonts.net/dv2/14/ 54 KB
55 KB 70ms
41ms Font
application/octet-stream 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/8b6420fe-9ace-4e4c-87a7-33443a3cb299.woff2?d44f19a684109620e484167ca290e818d9c1120d6d0fea3d498fda0806f1e5eae97c96851e3f4384ff35ca4cfffa38c19a656128e0e2395e9e78c9e9c493fe4ccab829002d6d00c976ad63585b912a52d51da549cd071660d3261ab779a9cbcb3562db307bb363cb3ad0d44bacfcc9da8ab0a43826e97d225c7a63b26337aa2f1a97401c9867888356c8b381240ad815d8ede6416d5872768bcec0d086e32e9547d5ce747430bfda2132820d7132855394660cda7a43bf961780ab77601a42a8d05a65c788b3d4a323a0d1bd15f0723c39b84264558f5e11f265a999ccfa8a640254dbb8329ea09548676820bc6005f0fe85067349192ed693aba568cc959c&projectId=69fdb849-9596-41e2-bfcd-fbef96cc9216
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533d4bc4adee3856a32a9fb3551504a67d39cdfae04ae16510229c5af6e69ac3

Request headers

Referer: https://fast.fonts.net/cssapi/69fdb849-9596-41e2-bfcd-fbef96cc9216.css
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
cf-cache-status: HIT
age: 4076
content-length: 55372
x-amz-request-id: 3FXFCZCAN88C57GA
x-amz-id-2: uvMDcEuDR0RJDezsLDzyleytllevW09jFhsmytF96RY1puk0xRITVERJ2ihxI7HYNqHFmDRQkuw=
expires: Tue, 19 Apr 2022 22:53:53 GMT
last-modified: Sat, 14 Nov 2020 04:52:26 GMT
server: cloudflare
etag: "e6e00338332336a89212db660bdfb15a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 6fe930b8bcc890a2-FRA
x-amz-meta-mtime: 1425319654

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 176 B
494 B 138ms
105ms XHR
application/json 2a04:4e42:400::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=cfr.org&domain=cfr.org&path=%2Fcyber-operations%2Flazarus-group
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 77ee0a81972445b3d5641c7c7376a2a94bbe14183bac7efecf17614e14def17e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
content-encoding: gzip
x-cache-hits: 0
age: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 141
x-served-by: cache-hhn4051-HHN
access-control-allow-origin: *
x-timer: S1650408534.897052,VS0,VE96
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sun, 17 Apr 2022 22:48:53 GMT

GET
H3 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 47ms
29ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 287700
cdn-proxyver: 1.02
cdn-cachedat: 04/09/2022 08:19:45
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: "af7ae505a9eed503f8b8e6982036873e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 6d92d1e7ba38dc358e86307726569226
accept-ranges: bytes
cf-ray: 6fe930b8ec19922f-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 hotjar-1768366.js Show response
static.hotjar.com/c/ 4 KB
2 KB 37ms
16ms Script
application/javascript 108.157.4.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1768366.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-113.dus51.r.cloudfront.net

Software

Resource Hash

2557b90ab8b4b6d3db1a2b3f998375ea32b397de072b8ef7f0334a12398a9028

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1900
access-control-allow-origin: *
cache-control: max-age=60
etag: W/8b78d3bd2361b1d9020704904498a220
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
x-cache-hit: 1
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: XNOfwB4TNZQwF4VmA48VIBYit8blYnwNx38gzQPTYXbMVUxrhCARrg==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 23ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: QrI6VVQBtB8pouyQQKE2veZd0nFg5TpM0MHbtWbdKNXv43x2ju0QQB8d5L+LYiHwxwEjEG36f6HrVYY/Cq8ILg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:48:54 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1714601028806149 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1714601028806149?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c8c5680917d5b71eef16f83c0faac8912db660d5337b834074f9e6e17b82a36b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 89189
x-xss-protection: 0
pragma: public
x-fb-debug: HVMhbKw8LCZ+sfziPLQXE0UKi9CnB871MhQ7l75tia/FydZ6EGeGmUFeGeDLeBI0v29bWsZCfR1ZrZkmu/nH4A==
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:48:54 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 modules.0076bf93c385ddf0ff58.js Show response
script.hotjar.com/ 239 KB
63 KB 32ms
10ms Script
application/javascript 108.157.4.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1768366.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-122.dus51.r.cloudfront.net

Software

Resource Hash

e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 10:49:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 561588
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63817
access-control-allow-origin: *
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
etag: "838915b4bc2438e3190a8320d0520962"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Ux6I282slgJE2kXfxMya1Xc6Z8iyzeiitjWAe7wdrVaASCA8vMYaQw==

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 22ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1714601028806149&ev=PageView&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Flazarus-group&rl=&if=false&ts=1650408534162&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1650408534162.1544950807&it=1650408534110&coo=false&rqm=GET

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 19 Apr 2022 22:48:54 GMT

GET
H2 200 amplitude-7.1.0-min.gz.js Show response
cdn.amplitude.com/libs/ 60 KB
20 KB 29ms
9ms Script
application/javascript 143.204.214.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-7.1.0-min.gz.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-148.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a9a2e998ee0fd7c858904e6a1ece449c07dea8477a51aa735b7ef1187742a102

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 01:20:17 GMT
content-encoding: gzip
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 9149318
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 19526
access-control-allow-origin: *
last-modified: Mon, 29 Jun 2020 06:18:29 GMT
server: AmazonS3
etag: "8d78d87e6eadfbd4df24e750b9c398ae"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: 9zlZ7fCv5jRdo6qeyQG2EZMqwYjFbDWy
via: 1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: WNT-oTYsDqSUlDAeE_ORXvLGJEyhB_XdXg-GS3ke57wPX6qvZKI9QQ==

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 202ms
62ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

694d8fc000129e93ffaaad7d7573313f9fce12cbe3455fdb055fce9c36a21705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 19 Apr 2022 22:48:54 GMT

GET
H2 200 l
use.typekit.net/af/502632/00000000000000000001748f/27/ 22 KB
22 KB 26ms
7ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/502632/00000000000000000001748f/27/l?subset_id=1&fvd=n4&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a3f8eef8811877a6d90ea98c65f5f65ecaf55156b7e3daf2344cd42b9bcffe09

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
server: nginx
etag: "67de382613545a8d856bebf617df6207953bcca8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22772

GET
H2 200 l
use.typekit.net/af/0098d0/000000000000000000017490/27/ 22 KB
23 KB 28ms
9ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0098d0/000000000000000000017490/27/l?subset_id=1&fvd=i4&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 784f301f5fedd36f20fe297ce9ba6554ccb14585a4c0781eb6a1b919184db764

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
server: nginx
etag: "99c1499906537400d974e50dabcd06ae06fb74f1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22848

GET
H2 200 l
use.typekit.net/af/fb58b1/000000000000000000017493/27/ 22 KB
22 KB 29ms
10ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/fb58b1/000000000000000000017493/27/l?subset_id=1&fvd=n7&v=3
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 966fa640940030dfce1169bd82f9029043add4c9c836f71df739d496cdab1814

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
server: nginx
etag: "6204cf9074abc4f1d2b021fa96f9ebb9dd0570df"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22724

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/xwB8LHA_SBWrYWg2Hh5wSdoFzlAy2DdTm8DYkY7VlZs/1648753472/public/js/js_gcTUk46CIgVb0zkuvKyQ9SRphI9UoCo2y7zdRALNqkg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48737f109be8173e91fcfe5195d5c4216016023e12c9cd9300ec30c528a2add1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: P1HUccI/RFoSCsgy8zlrsw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: CcbvTzP7yY8h+5bbg8k1oIukKqeGe026t3fqWzzu3YeiqcmWvuwFfBjoS5t8x2Hv+MwrjqdrBZkAes/1lhZOKg==
x-fb-content-md5: 13d8fc98b741736be31bbb481b3d79b7
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:48:54 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "c87d7a8f60f1d10f7f39d3787e0b8843"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 19 Apr 2022 23:05:02 GMT

GET
H2 200 cfr-wrapper Show response
www.cfr.org/site-api/ 154 KB
35 KB 370ms
370ms XHR
text/html 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/site-api/cfr-wrapper

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07755cd06d517fac17e880efe46f0f04f4b483b28a895e14da4e61dd20048d47

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.cfr.org/cyber-operations/lazarus-group
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
age: 27831
x-pantheon-styx-hostname: styx-fe4-b-545d78fdf9-pxhrf
x-dns-prefetch-control: on
content-type: text/html; charset=UTF-8
x-served-by: cache-mdw17380-MDW, cache-fra19178-FRA
x-timer: S1650408535.657681,VS0,VE2
vary: Accept-Encoding, Cookie, Cookie, Cookie
access-control-allow-methods: POST, GET, OPTIONS
content-language: en
x-styx-req-id: 16fa67f5-bff2-11ec-b10e-a283ce57c544
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: ee4a8654363c4d3ca8f797b46e73f475/14506784591039854619;o=0
cache-control: max-age=86400, public
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-cache-hits: 1, 1
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
access-control-allow-origin: *
x-cache: HIT, HIT
x-drupal-dynamic-cache: MISS
x-ua-compatible: IE=edge
link: <//cdn.cfr.org>; rel=preconnect; crossorigin, <//cdn.cfr.org>; rel=dns-prefetch
last-modified: Tue, 19 Apr 2022 15:05:03 GMT
server: cloudflare
traceparent: 00-ee4a8654363c4d3ca8f797b46e73f475-c95273b9ae0a781b-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
cf-ray: 6fe930bb59e65c14-FRA
x-drupal-cache: MISS

GET
H2 200 eu-cookie-compliance-check Show response
www.cfr.org/ 29 B
644 B 644ms
644ms XHR
application/json 2606:4700::6812:9ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cfr.org/eu-cookie-compliance-check

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cb9b278e1e74917ae3942b081796752d22110b9d419e716e510f70a6756862f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cfr.org/cyber-operations/lazarus-group
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-encoding: gzip
age: 0
x-pantheon-styx-hostname: styx-fe4-a-6f6b44d5b8-4sw8s
x-served-by: cache-mdw17363-MDW, cache-hhn4074-HHN
x-timer: S1650408535.691483,VS0,VE270
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
x-styx-req-id: e3fbf599-c032-11ec-a9fa-a62f58703fa8
x-generator: Drupal 9 (https://www.drupal.org)
x-cloud-trace-context: 7bb4cfe3f1fd4e0783ab3e221cac17a5/11398942197107668374;o=0
cache-control: private, must-revalidate
x-robots-tag: all
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
x-cache-hits: 0, 0
date: Tue, 19 Apr 2022 22:48:54 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
access-control-allow-origin: *
x-cache: MISS, MISS
content-length: 49
x-ua-compatible: IE=edge
server: cloudflare
traceparent: 00-7bb4cfe3f1fd4e0783ab3e221cac17a5-9e312d88b9d03596-00
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1000
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 6fe930bb8a195c14-FRA

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 92 KB
36 KB 162ms
76ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-PWR4BQ4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a8c038d491b388ce9c38f4f2e8aa587f688bf9f89954cdd2a79c3973031e5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36678
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Apr 2022 22:48:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 122ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFS3NQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1903
date: Tue, 19 Apr 2022 22:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 20 Apr 2022 00:17:11 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 38ms
7ms Image
image/gif 2a02:26f0:3500:7::17d8:4dcb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=ygq0fud&ht=tk&h=www.cfr.org&f=1883.1884.1885&a=6042891&js=1.21.0&app=typekit&e=js&_=1650408534339
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dcb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:48:54 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 box-4924254a9ce4dc9b959b6e4a9b662d60.html Show response
vars.hotjar.com/ Frame 9F0A 2 KB
1 KB 26ms
7ms Document
text/html 143.204.98.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1768366.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-69.fra50.r.cloudfront.net
Software: /
Resource Hash: 67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer: https://www.cfr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 561588
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 13 Apr 2022 10:49:06 GMT
etag: "1635635016e428baa170305e9282c34a"
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
vary: Accept-Encoding
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
x-amz-cf-id: gryuUAFhtwm3pHG6N7VIe9hrQS_t-L-XRoz58jA5VLbQcZ7ZiWN4Dw==
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 288 KB
82 KB 17ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=229411025d1c0b7c11b813c67a26233e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

df99c4bc6218ff946dc8d969315f8176714d99846bebd09c961fe959f42d6677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cfr.org/
Origin: https://www.cfr.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: t4fTcqwzZs92oa8jRjiqPQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84316
x-fb-rlafr: 0
x-fb-debug: 42cqOiNo6h8KqmATm+k6CGh0Ygx53JCuzPkSTmAce+PG/VnA9kdxVYWb95T84ohIFGJx8e2bJNhCgJn3dCAY2A==
x-fb-content-md5: b7ee265352a167b4930679c7d7d176d5
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 19 Apr 2022 22:48:54 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "919b1acea994eedf5b586bdf4c456da7"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 19 Apr 2023 19:34:14 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/ 152 KB
49 KB 83ms
37ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8168a10196e8806277248bfe5a5d7c7dd3936dd15eddbe4bb52c49d108321d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50468
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 00:11:53 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 19 Apr 2023 22:29:39 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
440 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3596942-1&cid=2071363943.1650408535&jid=764649479&gjid=1673322442&_gid=95948853.1650408535&_u=aGBAiEABRAAAAE~&z=183047305

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cfr.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 19 Apr 2022 22:48:54 GMT
content-type: text/plain
access-control-allow-origin: https://www.cfr.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 112ms
36ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=726208427&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Flazarus-group&ul=en-us&de=UTF-8&dt=Lazarus%20Group%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiEABR~&jid=764649479&gjid=1673322442&cid=2071363943.1650408535&tid=UA-3596942-1&_gid=95948853.1650408535&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1300&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&z=103188947

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 15:30:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 26293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 138ms
48ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3596942-1&cid=2071363943.1650408535&jid=764649479&_u=aGBAiEABRAAAAE~&z=286202097

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:48:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 137ms
52ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3596942-1&cid=2071363943.1650408535&jid=764649479&_u=aGBAiEABRAAAAE~&z=286202097

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 22:48:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8106 0
18 B 17ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.cfr.org
Referer: https://www.cfr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.cfr.org
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 19 Apr 2022 22:48:54 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 nr-1215.min.js Show response
js-agent.newrelic.com/ 36 KB
14 KB 23ms
6ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1215.min.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: mrZZlI3m.d3cabi4HqLBBkr4pQ2c77UF
content-encoding: gzip
etag: "615035bb6557b191e767e19087efabaf"
x-amz-request-id: EWYKNSDS3SGP7J1G
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 13666
x-amz-id-2: xxzn1QDlYmq6N+dWx6DIEnl7oBswakSr9uPTKrfd3YHMAS78y2n12m8ja5lbRwWvRpD2pTxUnqA=
x-served-by: cache-hhn4059-HHN
last-modified: Mon, 24 Jan 2022 22:13:53 GMT
server: AmazonS3
x-timer: S1650408535.755804,VS0,VE0
date: Tue, 19 Apr 2022 22:48:54 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3966

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 8ms
8ms Script
application/x-javascript 2600:9000:2156:ec00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cdn/ff/0fdKpw6fIUAe9lmlNJZg24PZQk3E-yfzQ-sF46_Nplc/1648753471/public/js/js_6Owka-hHvR4PuHSx-jDV6G0MelRRAHAcYUZssnSiT7o.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 094a02cb7e067f306e94e6c08963acd1164d9787e53ae8cb7fa3930198decfa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:10:52 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:05:19 GMT
server: nginx
age: 2281
etag: W/"625613bf-11346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2TSsj-V3BLluZVpaeBFvqaa1W3OBiT-6pK0yhky1w0WsH4nqFNcBoQ==
expires: Wed, 20 Apr 2022 00:10:52 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 10ms
9ms Script
application/x-javascript 2600:9000:2156:ec00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.cfr.org
URL: https://www.cfr.org/cyber-operations/lazarus-group
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: bcb8040a38eb5f6cfc9b625c2b0f2045e4636b5c1f8ba39ffdb4f0f2ebed6046

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 22:05:56 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 00:03:51 GMT
server: nginx
age: 2578
etag: W/"62561367-8e65"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: _WkylgKkYYsi3de98wTM3oaEEbaN35STOPIUOEURzefhaZfe9ImzsQ==
expires: Wed, 20 Apr 2022 00:05:56 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 36ms
36ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=726208427&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Flazarus-group&ul=en-us&de=UTF-8&dt=Lazarus%20Group%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=25%25&_u=aGDAiEABRAAAAE~&jid=&gjid=&cid=2071363943.1650408535&tid=UA-3596942-1&_gid=95948853.1650408535&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1300&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&cm1=1&z=453034521

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 15:30:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 26293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 37ms
36ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=726208427&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cfr.org%2Fcyber-operations%2Flazarus-group&ul=en-us&de=UTF-8&dt=Lazarus%20Group%20%7C%20CFR%20Interactives&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=50%25&_u=aGDAiEABRAAAAE~&jid=&gjid=&cid=2071363943.1650408535&tid=UA-3596942-1&_gid=95948853.1650408535&gtm=2wg4i1KFS3NQ&cd5=drupal_interactives&cd7=&cd8=&cd10=1300&cd12=New&cd14=&cd15=GTM-KFS3NQ&cd16=NAVIGATE&cd17=1&cm1=1&z=1846133153

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Apr 2022 15:30:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 26293
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET ping
ping.chartbeat.net/ 0
0

GET
H/1.1 200
OK NRJS-41206ed7d43567b5fba Show response
bam-cell.nr-data.net/1/ 49 B
1 KB 556ms
521ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRJS-41206ed7d43567b5fba?a=629193583&v=1215.1253ab8&to=bgNRNkIAWEFYUkALCVdJcgFECFlcFkFVBQNmBVIBWAQ%3D&rst=2351&ck=1&ref=https://www.cfr.org/cyber-operations/lazarus-group&ap=66&be=900&fe=2309&dc=1879&perf=%7B%22timing%22:%7B%22of%22:1650408532428,%22n%22:0,%22r%22:0,%22re%22:390,%22f%22:390,%22dn%22:390,%22dne%22:390,%22c%22:390,%22ce%22:390,%22rq%22:391,%22rp%22:878,%22rpe%22:881,%22dl%22:881,%22di%22:1878,%22ds%22:1878,%22de%22:1897,%22dc%22:2308,%22l%22:2308,%22le%22:2314%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1600&fcp=1600&at=QkRSQAoaS08%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1215.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cfr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Tue, 19 Apr 2022 22:48:55 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Connection: keep-alive
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7DT4Tv0TaBIhLIhAUMfelhT1dNLBSYsDbtJwjkebBeO7o9kIRxWyLI89SGHk%2Bst1Drz14psyRs9hc8jI4T74wjysj0ekPkQgBLRFAs9TeUC0IRcdDGJmNmGCtM28VMWZufaNLk6"}],"group":"cf-nel","max_age":604800}
Content-Type: text/javascript
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
CF-Ray: 6fe930be9a4f9a05-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ping.chartbeat.net
URL: https://ping.chartbeat.net/ping?h=cfr.org&p=%2Fcyber-operations%2Flazarus-group&u=C-1GzcCEoru4Css9xi&d=cfr.org&g=61524&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=2166&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2308&t=CwT-UbCz8L_DT5FucDe-eppCUASYb&V=131&i=Lazarus%20Group%20%7C%20CFR%20Interactives&tz=0&sn=1&sv=BHCzM7DJ1UtYYz_1oDrXdngU9tKd&sd=1&im=06530c43&_

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.fonts.net/	1970-01-20 02:26:50	Name: __cf_bm Value: PcqbM1IGmjbqaWJU91uF_WwMEi7dw5UsPvUyGZ7Ykcc-1650408533-0-AXmStrc3QyF0SuTVxHjrnBwxnnei71QHmFkvLyarGOvj3fdx7lNPko8ObYzJUK9DvCA8KqH13HcodFOl03rEOXo=
.myfonts.net/	1970-01-20 02:26:50	Name: __cf_bm Value: daPR4CzjFUQHDOhv4JTGCvzzvMrYmjHPWLMiIhrudVI-1650408533-0-AbxtXZnnPYMVMWcszv7OuEky/m939apwIwQtSrMmHrmUvAiAStx92cPZN5MTbW5vhqSKi3VORAmsjQSEOsEZPN0=
www.cfr.org/	1970-01-20 11:55:36	Name: _cb_ls Value: 1
.cfr.org/	1970-01-20 04:36:24	Name: _fbp Value: fb.1.1650408534162.1544950807
.cfr.org/	1970-01-23 18:02:48	Name: amp_2be1ae Value: vAZ3PUbzEzq6ry-noe_3_V...1g1207c80.1g1207c80.0.0.0
.cfr.org/	1970-01-20 11:12:24	Name: _hjSessionUser_1768366 Value: eyJpZCI6IjI2MmFiYjI4LTFmMzktNTFlYy1iYWI3LTA2ZjY4ZDNhNjgxYiIsImNyZWF0ZWQiOjE2NTA0MDg1MzQxNzMsImV4aXN0aW5nIjpmYWxzZX0=
.cfr.org/	1970-01-20 02:26:50	Name: _hjFirstSeen Value: 1
.cfr.org/	1970-01-20 02:26:50	Name: _hjSession_1768366 Value: eyJpZCI6IjdiMmZkNzE4LTU2NjMtNDg4NS04MGNiLWNiYzViNzQ2ODFkNyIsImNyZWF0ZWQiOjE2NTA0MDg1MzQ0MTYsImluU2FtcGxlIjpmYWxzZX0=
.cfr.org/	1970-01-20 02:26:50	Name: _hjAbsoluteSessionInProgress Value: 0
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: L6JZwPjkk5E
.youtube.com/	1970-01-20 06:46:00	Name: VISITOR_INFO1_LIVE Value: jLP8ncJYP0o
.cfr.org/	1970-01-20 19:58:00	Name: _ga Value: GA1.2.2071363943.1650408535
.cfr.org/	1970-01-20 02:28:14	Name: _gid Value: GA1.2.95948853.1650408535
.cfr.org/	1970-01-20 02:26:48	Name: _dc_gtm_UA-3596942-1 Value: 1
www.cfr.org/	1970-01-20 11:55:36	Name: _cb Value: C-1GzcCEoru4Css9xi
www.cfr.org/	1970-01-20 11:55:36	Name: _chartbeat2 Value: .1650408534768.1650408534768.1.BHCzM7DJ1UtYYz_1oDrXdngU9tKd.1
www.cfr.org/	1970-01-20 02:26:50	Name: _cb_svref Value: null
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: a4ff73848c19b258

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
cdn.amplitude.com
connect.facebook.net
fast.fonts.net
hello.myfonts.net
js-agent.newrelic.com
mab.chartbeat.com
p.typekit.net
ping.chartbeat.net
script.hotjar.com
stackpath.bootstrapcdn.com
static.chartbeat.com
static.hotjar.com
stats.g.doubleclick.net
use.typekit.net
vars.hotjar.com
www.cfr.org
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
ping.chartbeat.net
108.157.4.113
108.157.4.122
143.204.214.148
143.204.98.69
151.101.130.137
162.247.243.147
2600:9000:2156:ec00:18:1fcd:34f:cdc1
2606:4700::6811:e14e
2606:4700::6811:f449
2606:4700::6812:9ee
2606:4700::6812:acf
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::200e
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9d
2a02:26f0:3500:7::17d8:4dcb
2a02:26f0:3500:7::17d8:4dd1
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a04:4e42:400::714
07755cd06d517fac17e880efe46f0f04f4b483b28a895e14da4e61dd20048d47
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
094a02cb7e067f306e94e6c08963acd1164d9787e53ae8cb7fa3930198decfa8
0b386fda9aeac93c7b0fc27d5ef0a3bc433f01acf30af85a942c90b4637e921c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12d4333dcb06732662dc11038f64c540376dd42f9ece747a2c9a4f22b6760821
16dca0578c5dad27c98ceb0f111551005f088753941e0e7477cfd6b6418eff10
18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb
1fc25c6ef9e9f8c6c661521910a0d4d6daa67795b49fd275799e5b52ff4fa7e2
25339168c3002c3963458b77ea5958b13ff3f5360d3ade657ec02e9a15241f2c
2557b90ab8b4b6d3db1a2b3f998375ea32b397de072b8ef7f0334a12398a9028
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26f8d565fdb6955aea043a689b6c2852a0cbd241ff88e1fe17d19a915f2126f1
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cb9b278e1e74917ae3942b081796752d22110b9d419e716e510f70a6756862f
31caa25a461b1814e171d7a0af59e98076a3592c0c68b59bd783eaaf8680f132
3d0dbc13717a3726b829dbaf9d95b84cefc928c4bcef09a169104accd77fdc2e
441e4e3fe5729e0accb9821c52fe1bad58dd4f340b690dd2e2f92e4a56dc9349
48737f109be8173e91fcfe5195d5c4216016023e12c9cd9300ec30c528a2add1
48a0b35ba7aea67683b9cf67855fb8c79bdcdc6bca4ba951fddbd23b89d790b5
4a8c038d491b388ce9c38f4f2e8aa587f688bf9f89954cdd2a79c3973031e5d3
4be319fc7e78bf1beb5b73bb76e33e445bf3170ebcd66fd72639743115287a2a
4dad1738d16a4a903c1e60e47a7bc561699983e53859269575bc4074d738ba86
533d4bc4adee3856a32a9fb3551504a67d39cdfae04ae16510229c5af6e69ac3
5e0b3d5944c5c487975713c560c2f2d231833194d6e17a234e543bf5008c4a0e
6260ec37635d4bf6de6c5a19ee5afd3ddac9807858accda9fe27fb102b0306a3
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
694d8fc000129e93ffaaad7d7573313f9fce12cbe3455fdb055fce9c36a21705
77ee0a81972445b3d5641c7c7376a2a94bbe14183bac7efecf17614e14def17e
784f301f5fedd36f20fe297ce9ba6554ccb14585a4c0781eb6a1b919184db764
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81c4d4938e8222055bd3392ebcac90f52469848f54a02a36cbbcdd4402cdaa48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8453061497d124a660ee2c931babfe222b28a09904ff3b3e73a9c9039c954428
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858ab6f5b4ffcfc2c7d2a766d0280c773155d12419e4413afabaabbfbd327178
88c718b918764a88fb43e244368d824167eca1b7d4b5586f428d2c654f5db084
966fa640940030dfce1169bd82f9029043add4c9c836f71df739d496cdab1814
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3f8eef8811877a6d90ea98c65f5f65ecaf55156b7e3daf2344cd42b9bcffe09
a9a2e998ee0fd7c858904e6a1ece449c07dea8477a51aa735b7ef1187742a102
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
b982480e5550c9eb095ce609def69d6a31c2a1ecbe4a1d4119b63f2127a118d9
bcb8040a38eb5f6cfc9b625c2b0f2045e4636b5c1f8ba39ffdb4f0f2ebed6046
bd8f8bea0609488a4902819881e728bec9ce24da7b4ddc409f6e9439bea6b205
c27689acf09443c53ff547643bd6485954e4220e6bb04de4698ba05ad2fece7b
c8c5680917d5b71eef16f83c0faac8912db660d5337b834074f9e6e17b82a36b
df99c4bc6218ff946dc8d969315f8176714d99846bebd09c961fe959f42d6677
e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8168a10196e8806277248bfe5a5d7c7dd3936dd15eddbe4bb52c49d108321d9
e8ec246be847bd1e0fb874b1fa30d5e86d0c7a545100701c61466cb274a24fba
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.cfr.org Open in urlscan Pro 2606:4700::6812:9ee Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

60 Requests

95 %HTTPS

73 %IPv6

19 Domains

23 Subdomains

23 IPs

3 Countries

1457 kBTransfer

4739 kBSize

18 Cookies

13 Outgoing links

Page URL History

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.cfr.org Open in urlscan Pro
2606:4700::6812:9ee Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

95 %
HTTPS

73 %
IPv6

19
Domains

23
Subdomains

23
IPs

3
Countries

1457 kB
Transfer

4739 kB
Size

18
Cookies

60 HTTP transactions
0 data transactions