| www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware | 52.17.119.105 | 200 OK | 33 kB |
URL User Request GET HTTP/2www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware IP52.17.119.105:443
CertificateIssuerLet's Encrypt Subjectwww.huntress.com Fingerprint92:BF:13:D1:13:76:95:AE:D7:4E:AE:E7:C9:36:58:5E:A0:08:99:5A ValidityFri, 15 Mar 2024 15:18:07 GMT - Thu, 13 Jun 2024 15:18:06 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (41099) Hash7b57987f50c207d0d7375358d245f67b 485a581dd116f874a7b4ef2f7386253b8e8b6a70 77cd6b3978c89883442da2dd3a9f1f0b53288ece51a7e7301cd890b0b4df11ea
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
GET /blog/cobalt-strike-analysis-of-obfuscated-malware HTTP/1.1
Host: www.huntress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:49 GMT
content-type: text/html
content-length: 33269
referrer-policy: origin
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-lambda-id: 3caf9ad9-1722-40f6-bb48-1b2d6d7e311f
content-encoding: gzip
accept-ranges: bytes
age: 51945
x-served-by: cache-iad-kiad7000086-IAD, cache-dub4358-DUB
x-cache: HIT, HIT
x-cache-hits: 7, 0
x-timer: S1715069629.370429,VS0,VE1
vary: Accept-Encoding,x-wf-forwarded-proto
x-cluster-name: eu-west-1-prod-hosting-red
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.c85951d37.min.css | 3.164.240.122 | 200 OK | 62 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.c85951d37.min.css IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (65524), with no line terminators Hashc85951d377930466eaa50914e59469be 5a51f8ee4eedb30cca353fe0555d2494c7efc31f 3e26fa48f7232d476c7c109125c72e106f8f3c3f24526623a510870ff6177150
GET /6579dd0b5f9a54376d296915/css/huntress-new.c85951d37.min.css HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
content-length: 62012
last-modified: Fri, 03 May 2024 17:32:17 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: fzgMz5O5fEzQYO07hKBYHstUkMOXE3Js
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 03:16:50 GMT
cache-control: max-age=84600, must-revalidate
etag: "f823ecabe3ecfb3c8f2721b46ec71a54"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 17820
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: jG8Mhs28a0w9DVByecomhE88lxfn5IKM5fyZf5QMyhbJnWVTA6DIhA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js | 3.164.240.122 | | 131 B |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
Hashf2387ad9877b2716a3df08933b84a986 9ee6bbb092965c6ba60cccad505039f98896a666 6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f
GET /6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 131
date: Tue, 07 May 2024 02:39:16 GMT
last-modified: Tue, 26 Dec 2023 09:16:55 GMT
etag: "94d95acc94c6624c39cb9873e3da3787"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
content-encoding: gzip
x-amz-version-id: fKVYVp7VLozdKwo7Gp68VwPn_1qCAcOV
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 20074
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: AbuCujx0Lcw4M5k75TSA4S8aALnlJWc8wjxMoplWMZp40fpMgx0ltQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png | 3.164.240.122 | | 5.0 kB |
URL assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 333 x 192, 8-bit/color RGBA, non-interlaced Hashd360d7cfb07b3fdc3fbc56204caa4c06 f582b6b5d60826165cf45c79dc0f971ea9bf2682 a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e
GET /655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 5002
date: Sat, 30 Dec 2023 05:44:52 GMT
last-modified: Wed, 22 Nov 2023 05:32:26 GMT
etag: "d360d7cfb07b3fdc3fbc56204caa4c06"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: ds4He9jpqLhVudpNkauPNw12aaYIjxRr
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11154537
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 0A-CukLXgOJbCH-Pc52Zekut3is-rQhCLNrwQMWjMs2bKCSDzNSSNw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp | 3.164.240.122 | 200 OK | 24 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashcd3521a7574865352fcc31cd4d968864 777b61ae21c7e62ed53ea3d9df3adb7021fd6983 889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5
GET /6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 23574
date: Wed, 17 Apr 2024 06:30:41 GMT
last-modified: Sun, 17 Mar 2024 20:18:41 GMT
etag: "cd3521a7574865352fcc31cd4d968864"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: VQxidV2D7M0v1MjkNARxPZzB4FkcrZg4
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 1734189
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: x1dZ1aPqUygx4pdiMDtYp3jx18nweUmOICSdSN0cn54lBmiGS-LqMg==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp | 3.164.240.122 | | 11 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash308d32f3c0dd65a14316ec46469ba463 2093090bc33b1c143023258e609791b92c47105b 640d525f0c6d09a6cdc4c6f6b0d44c4d2d92ce5e35ae1a945ccac5da67071f9d
GET /6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 11112
date: Tue, 23 Apr 2024 14:35:53 GMT
last-modified: Mon, 22 Apr 2024 15:05:55 GMT
etag: "308d32f3c0dd65a14316ec46469ba463"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 5.DnT5LYsjXZnxPaoCXpF7pRsl7yIEO1
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 1186677
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: AYAdFD9FZb7KwV3z9YJACcYeM74s8bk2w2eD27-vtahE7vgsWAwDsA==
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js | 151.101.193.229 | 200 OK | 3.9 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js IP151.101.193.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (6938) Hash10fb79a20b31843bd41eada7ff576ab7 238d6ffa8ab8e372cf401e9a3ea322976eeaf506 2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
GET /npm/@finsweet/attributes-richtext@1/richtext.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.10.2
x-jsd-version-type: version
etag: W/"2147-I41v+oq443LPQB6aPqMil27q9QY"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:49 GMT
age: 38042
x-served-by: cache-fra-eddf8230147-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3918
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg | 3.164.240.122 | 200 OK | 675 B |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash67b0ebebe9b8817edbfa41bdfd2e8c6e 3da84fce5654282e153f08f188405ac8d4e652c1 8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 675
date: Sat, 30 Dec 2023 14:16:16 GMT
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: "67b0ebebe9b8817edbfa41bdfd2e8c6e"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: mMxIOUbXDP4hW6NdJCWI58VrmvAg.At1
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11123854
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: wkur0Wrq9KgGFA__bTm34DJ_Abbp6b01UCpAf7dcybrAgZ8F7s2LqQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg | 3.164.240.122 | 200 OK | 368 B |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashb92a7c9703a268bda64464e9f8c245fd 2dda281cf571cab9a7c37265803b71e6d8aab0a5 f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 368
date: Thu, 28 Dec 2023 18:39:42 GMT
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: "b92a7c9703a268bda64464e9f8c245fd"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: RZplueeOMT9I2ezQMMUJ8cw13HoQeV5p
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11280848
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: jKws0LeANEqydLelhurF6Bwl_ScU9q82qSieIITcy2jV4Y7KScDD7g==
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js | 151.101.193.229 | 200 OK | 3.1 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js IP151.101.193.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (9133) Hash44a7121c73792eb5d3490f4f25d0ae8f e5c93d914c5df0082507ed708f56aa021fef2c3b 89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
GET /npm/medium-zoom@1.0.3/dist/medium-zoom.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.0.3
x-jsd-version-type: version
etag: W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs"
content-encoding: br
accept-ranges: bytes
age: 608256
date: Tue, 07 May 2024 08:13:49 GMT
x-served-by: cache-fra-etou8220020-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3091
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg | 3.164.240.122 | | 351 B |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashe0a4b7f37d6875804665234ecff1cb23 0e2742905b9ce562a70cd31b8a6735cc09ac40d8 553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 351
date: Thu, 28 Dec 2023 19:08:05 GMT
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: "e0a4b7f37d6875804665234ecff1cb23"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: qTS56BoR0gVqfX6mJuOtV4Wu10z6D4RY
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11279145
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: h9PQgRQ29Y-3qI1Iv4pS29gXpbn-Elq_wB5I3kp7GmAMV8wx5UljqQ==
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js | 151.101.193.229 | 200 OK | 11 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js IP151.101.193.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (42862) Hashd5a61c749e44e47159af8a6579dda121 3b41b3bc956685015a347a2238e71db29dfa0dbb 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
GET /npm/slick-carousel@1.8.1/slick/slick.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:49 GMT
age: 8185127
x-served-by: cache-fra-eddf8230096-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 11325
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bf_Run%2520Key.png | 3.164.240.122 | | 71 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bf_Run%2520Key.png IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1318 x 835, 8-bit/color RGBA, non-interlaced Hashdb2890bba34c7287827090246d94a77e 1a932de86e7f2d1a68435ee6b5d15b041f93fa35 e8d428fbce2c8713df7275735bbab7cb66fb022820de266ea8cbd269e0c2d4eb
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bf_Run%2520Key.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 71187
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "db2890bba34c7287827090246d94a77e"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: nOhn57iy9KroYTCfv8cQou7Ha0K3HnRN
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: C9PuRM0KRk0Fc-zfafNqTkvPONNnrP1VyjKIQCxq8uS_lz1I6Ve3Aw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b2_Dynamic%2520Analysis.png | 3.164.240.122 | 200 OK | 103 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b2_Dynamic%2520Analysis.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1178 x 319, 8-bit/color RGBA, non-interlaced Size103 kB (103192 bytes) Hash1ea035b6351e98778980092a8856a1e1 11ecbc219f3b4a19fb28d1582b99bcc6cfacd44a 996167ee36a996b0724251dbe5fd2f84223ae3020ba70fb66150065f580b271b
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b2_Dynamic%2520Analysis.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 103192
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "1ea035b6351e98778980092a8856a1e1"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: 4hta0SJvBUg6GjmkwSZzAt0YdTmsAlbi
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: NUbuArbiwSLXD-QUb-DmTmZ6qRBz_EBJhSOroCpuHvTjkoyPo6GDAQ==
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js | 151.101.193.229 | 200 OK | 2.0 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js IP151.101.193.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (4449) Hash86484fef1159bbf2971dd71f048267c1 5c687fbb4a13ee14db6905dfd7a8635777cdd0e5 66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017
GET /npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.23.0
x-jsd-version-type: version
etag: W/"1257-XGh/u0oT7hTbaQXf16hjV3fN0OU"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:50 GMT
age: 8002
x-served-by: cache-fra-etou8220149-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2045
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b1_Debugger3.png | 3.164.240.122 | 200 OK | 67 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b1_Debugger3.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 874 x 205, 8-bit/color RGB, non-interlaced Hash8cab88f2b7d2916eac7a988ecf0d922f a0864957b8e01dbc09e024c34bc17ba06de56f1a c8db3bffc0bc4399c84798a07faf138e1ef91118bc07a05f7dccaf0ef9cb7f32
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b1_Debugger3.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 67300
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "8cab88f2b7d2916eac7a988ecf0d922f"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: uFZcXrPZ7DVsnOJpfa8dz09DO4gbwkH5
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: fm9tA-j8F4qOM8lfxb0lf4wL7dMmTM_n5fodUsRZp9tk8fTPcEfqwg==
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css | 151.101.193.229 | 200 OK | 1.8 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css IP151.101.193.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hashf38b2db10e01b1572732a3191d538707 a94a059b3178b4adec09e3281ace2819a30095a4 de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
GET /npm/slick-carousel@1.8.1/slick/slick.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:50 GMT
age: 6408965
x-served-by: cache-fra-eddf8230085-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1776
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js | 151.101.129.91 | 200 OK | 17 kB |
URL GET HTTP/2client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (30631) Hashc69b46ab54effaf2de56da176299834f ac1c10ee1d1be1825886c7c3658c57968245473d 0160f35f2f60526c902bea9e6e6d594ff715cfd573566fbeb5b9b2f7434efb2b
GET /personalize/client/c9c27905c1e445d6.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: LCLBDr1uLy9MGR2W2nv1wMeWrLsxUNzG5zSV/SOatUVYStMgssS+VtLMIOE2WBEtCnVru7KoYOc=
x-amz-request-id: KJS60C8EKTCMTVW9
last-modified: Tue, 30 Apr 2024 19:44:47 GMT
etag: "c69b46ab54effaf2de56da176299834f"
x-amz-server-side-encryption: AES256
cache-control: s-maxage=3600, max-age=0
x-amz-version-id: 0X9TrTDnVCDmidY7kHEAEwkBhhAKiSpU
content-type: application/javascript
server: AmazonS3
x-continent-code: EU
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
age: 2904
date: Tue, 07 May 2024 08:13:50 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 0
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 16842
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b7_Second%2520Binary.png | 3.164.240.122 | 200 OK | 478 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b7_Second%2520Binary.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1796 x 974, 8-bit/color RGBA, non-interlaced Size478 kB (478132 bytes) Hash4d323d56f55e7dde87be887139037712 2192a5850a6bf57371622e1b49c88bacebf4b9d8 10ecb174db163184338ed9dd5eb769732faaa913286164d35ce1ccd601be7b92
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b7_Second%2520Binary.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 478132
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "4d323d56f55e7dde87be887139037712"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: wPMp2FzzQ2c0HZ0cHZ2e5uu6GfvrVDzf
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: PBiFsYzqYF7AX0Q9FKmB0moW-STMC4OHv39_W0k-8I22EEqWrbAbrA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b4_Binary%25204_6.png | 3.164.240.122 | 200 OK | 82 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b4_Binary%25204_6.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1673 x 829, 8-bit/color RGBA, non-interlaced Hash98ed22cc7a3939bbda74e8f6366b7b75 d2670d0ce7b70d2f07e09e4607b118df390f822d b854ab6c00b84bc607714ef164e6f4b64e39db6030061c7d1d68021992afb5d9
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b4_Binary%25204_6.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 82175
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "98ed22cc7a3939bbda74e8f6366b7b75"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: f.n0y94grvgZ6gIt6oKzvmlqJU2AA5QV
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: SX5Y5HPexSZv0wDOOja82crcTgWzrdItNYERa7x2U6g2WNUPlzjmdA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c1_IOC_7.png | 3.164.240.122 | 200 OK | 216 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c1_IOC_7.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1200 x 495, 8-bit/color RGB, non-interlaced Size216 kB (216241 bytes) Hash9b3b0f829b4881337d113e90ab3e42bf 045a094dc52ea08a9eb082cdd91f9e3102c5c71a edde5f240b459fb933ec0023f0ba5e0ef44cf888bb7a438a17fa0ea68ac9c82c
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c1_IOC_7.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 216241
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "9b3b0f829b4881337d113e90ab3e42bf"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: kPOJs3YLl64mDYmMPXCQiGUVVTI8Sia.
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: IWUrxVCy2-qpr_g184PmXzqjuvSjpLDGs3mIHRty6o87oIPdAe0aNw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bb_Screen%2520Shot%25202021-05-20%2520at%25205-23-44%2520PM-png.png | 3.164.240.122 | 200 OK | 75 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bb_Screen%2520Shot%25202021-05-20%2520at%25205-23-44%2520PM-png.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 800 x 210, 8-bit/color RGB, non-interlaced Hash24935031f2cdf740de79abc481df8c50 e84b2a41cbc523ec21f7e7d4fb47587c22bff38e a32a534e1388290826381a1dd8aa874f7e2ed7b23b6b1bc4b81a8078e02ff41d
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bb_Screen%2520Shot%25202021-05-20%2520at%25205-23-44%2520PM-png.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 75033
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "24935031f2cdf740de79abc481df8c50"
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: Y25VEC6PSiGFhFBWIjRmLlpMOTIXHSl8
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 7A3sW66smuTYTZuP0vOBWxwQ1TwcCPHxUEY3FFDNwtUnK9tG7Fp6tQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.c43690333.js | 3.164.240.122 | | 214 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.c43690333.js IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42312) Size214 kB (214524 bytes) Hashc43690333dfc6e0f79e219b78e828664 4a5c285b819354ed26682d59b1aabfc0741c1472 0120871c98d8f9acd8debe42a348fad750a6a0a822cade30755447630a042e8d
GET /6579dd0b5f9a54376d296915/js/huntress-new.c43690333.js HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
content-length: 214524
date: Tue, 07 May 2024 01:35:14 GMT
last-modified: Fri, 03 May 2024 17:32:17 GMT
etag: "09f4f751d96772978a17ea7931971407"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
content-encoding: gzip
x-amz-version-id: FEAYN5wbOTGuEagnKelmFJ5AkrZwvdYR
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 23917
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: Oers1eho-Q1USpwDKu2X_MX7fl4eeQM3k7Ee_Nb5zmXvulYPZSjm9g==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c5_IOC_3.png | 3.164.240.122 | 200 OK | 472 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c5_IOC_3.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 2168 x 678, 8-bit/color RGBA, non-interlaced Size472 kB (472314 bytes) Hashd0111b371223237f378271211c7e6600 9eb7abb6b760e7f3f2e7217ce0956a391147ed0e 962e22dc3f02d1aa0daaa54b33e2ba4d61b498919a687e463e4d41301b7f7f1c
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c5_IOC_3.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 472314
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "d0111b371223237f378271211c7e6600"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: iIMG4hBQIgvNOHQKkl9yJCngjSUB54.N
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: CbV-O_W_CO_5saMgBPfpqOO6ZlyXV4glI2XxgFmcShirrU0NSs_yHQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b3_continued%2520browsing.png | 3.164.240.122 | 200 OK | 137 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b3_continued%2520browsing.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 800 x 201, 8-bit/color RGB, non-interlaced Size137 kB (137433 bytes) Hashdaa2974e31c9cbe7b25f3ad588c4619d 01aa7003a909b0a4de44784d5afc34771cb56a5b 62429bfac1613cac768479f5d36ad1c56a910d7fe6c4a7799efd374999497744
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b3_continued%2520browsing.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 137433
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "daa2974e31c9cbe7b25f3ad588c4619d"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: znsxSnGL85Bf6m6L3Eufjv9GHrfwPHCI
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: zKdb5rIkOfrL1L2wOnLJA_p7hADZNlXUZQgpRTU8h51e5WE4Z1Sj6w==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b5_Obfuscated.png | 3.164.240.122 | 200 OK | 233 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b5_Obfuscated.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1000 x 332, 8-bit/color RGB, non-interlaced Size233 kB (232596 bytes) Hashd4d5e0c14f3e1c913b9021f97aca5668 9ecef5651f07d94f16f8d9c6581751d2a50af6c1 306bb255b39765bc77840966585268313ab71b4e6b0d7932c72dbd03f1b0e4c2
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b5_Obfuscated.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 232596
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "d4d5e0c14f3e1c913b9021f97aca5668"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: .O9dCzonFm8Han4RQZ5eP5IAzZZfU_a5
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: arPKlpLwfdr-D3_KwFqtKwevrl8WFKXbT_SfyueY2gUa-U078XMtJQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ca_Binary%25204_4.png | 3.164.240.122 | 200 OK | 165 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ca_Binary%25204_4.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1981 x 388, 8-bit/color RGBA, non-interlaced Size165 kB (164679 bytes) Hash993317526cf3fcd181ac33e6b40d7c7a 2080ea33fc68022cd630f4811a5776e819610167 5fed1e221ac5ffb3af07a6de219cc92d0f560280af00596dba054b490678f19d
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ca_Binary%25204_4.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 164679
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "993317526cf3fcd181ac33e6b40d7c7a"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: s_IlN6wn85GMk.jJqkRkVeGx8SwvwJ9F
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 268ksvkulERVsyDJqcIZehgZxdGXj3OUQ04VbsVcToG0tyadTe60zA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b6_Traffic.png | 3.164.240.122 | 200 OK | 113 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b6_Traffic.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 900 x 306, 8-bit/color RGB, non-interlaced Size113 kB (113313 bytes) Hashc4c33358bc740e881bc146eae0b75486 f76e354dabb46a075a97124014e48d214ee33f4b 25634d5d26f85803778d4ac51978a5cf1d8dc0b4a17f4af681e396a4aec75bc6
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b6_Traffic.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 113313
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: YQSkw82Pp3HRPKPZEyn6bzKc8BRRe.Xk
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:50 GMT
cache-control: max-age=84600, must-revalidate
etag: "c4c33358bc740e881bc146eae0b75486"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: TPUpmayWMl2CFPkLR7TXBqKXPFtpdfclKA3ig_2QV3SHo8Jg-TOgTA==
X-Firefox-Spdy: h2
|
|
| j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js | 95.101.10.131 | 200 OK | 510 B |
URL GET HTTP/2j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeASCII text, with very long lines (1002), with no line terminators Hash924fd1c8fe1063b3e4acf99764018260 b4c300cd2740481bb90d78d416129e1d51c7eae5 f143cdd47f943dca511fec190f6f8dc72123af1a03b0acc0b85006d3827469db
GET /j/8769192b-20ba-4df2-8d62-2740a805c3e8.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Thu, 11 Apr 2024 18:58:58 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
x-amz-version-id: zEBnpWOB89tdK2K_PjtVDO4IbLcELopv
accept-ranges: bytes
server: AmazonS3
etag: "924fd1c8fe1063b3e4acf99764018260"
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mWQjfhw9zDEFIZFkn1sxL-qKA0Audr9067m9oEX0Yj6r_wFZN68WBQ==
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 07 May 2024 08:13:50 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:50 GMT
content-length: 510
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| js.na.chilipiper.com/marketing.js | 34.111.224.162 | 200 OK | 22 kB |
URL GET HTTP/2js.na.chilipiper.com/marketing.js IP34.111.224.162:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoGetSSL Subjectchilipiper.com FingerprintA2:B6:D6:A3:6C:18:7C:E8:F7:23:1D:7B:23:65:C6:B6:72:A6:8A:39 ValidityMon, 05 Feb 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd9ecfe9851e1570bcf308fd56d5dee0b 55f88395bd0304dac4b9c545ab37de48617403a6 02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e
GET /marketing.js HTTP/1.1
Host: js.na.chilipiper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
via: 1.1 google
content-length: 22403
date: Tue, 07 May 2024 08:13:50 GMT
cache-control: public, max-age=0, s-maxage=60, must-revalidate
last-modified: Tue, 30 Apr 2024 06:52:03 GMT
etag: W/"66309513-122e0"
content-type: application/javascript
vary: Accept-Encoding
age: 0
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
x-content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache-hit: revalidated
content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c3_IOC_6.png | 3.164.240.122 | 200 OK | 396 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c3_IOC_6.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 858 x 411, 8-bit/color RGBA, non-interlaced Size396 kB (395650 bytes) Hash20cf1a48db31ed238dedb2dd4ed041bb ae47e0193a477e917f5a00785563bc5bfebe75e7 2d322fdd489fb68eb8aac0383e064d076f6a562503eb8bff693524604d69fd3f
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c3_IOC_6.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 395650
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "20cf1a48db31ed238dedb2dd4ed041bb"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: IGOkvw75KD.Nam.oZ_Hnkg3syGHZsbYB
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 0C23skjp_E11rP0nEjdnZwZJC_AAuCHwEtfj0bYgVsxY_A3om-nn7A==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg | 3.164.240.122 | | 820 B |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash8d8c0614e1e224001d7c6dec535490b1 2a86f349a6a19b8d5476eaba60eea98e6bba28de 350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 820
date: Sat, 30 Dec 2023 14:16:16 GMT
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: "8d8c0614e1e224001d7c6dec535490b1"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 5Ss_XSS0A3iWbPuuBVg7J8jICwbGfHO4
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11123855
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: xZQGNQVA7wNB2soQlvAA-8igQQWbQelNq4eoGjoyHqcGAugw0WoGxA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp | 3.164.240.122 | 200 OK | 6.8 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash2deea30793899f56a236f1ba505155ab 9b5e3882a00dd2bd7f39c402bfcff1398d62c229 6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 6778
last-modified: Thu, 21 Dec 2023 07:39:51 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: .9LTfep43eO88TqIHc3WnYAIb3vaJe3A
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 05:36:35 GMT
cache-control: max-age=84600, must-revalidate
etag: "2deea30793899f56a236f1ba505155ab"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 9574
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: n8T4Apk96W-6Q2TDsANAzI0dijVqK93jhlsCbvhvzxpXae3mNPLfZw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp | 3.164.240.122 | 200 OK | 2.0 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash8a941746cf0b15b4b601f10dac732f1c 17ed51a52c473aff4f0113bcbd78072d911bd090 1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 1996
last-modified: Thu, 21 Dec 2023 07:39:50 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: X1oARd.5yRkM1108eqnTnHXez5VJo2XZ
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 06:18:26 GMT
cache-control: max-age=84600, must-revalidate
etag: "8a941746cf0b15b4b601f10dac732f1c"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 6925
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: c7YJhEjJ_KygESzHzc7mfbEB12xzage1VtLur0ZuikR_yrBmjC006g==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c9_IOC_8.png | 3.164.240.122 | 200 OK | 431 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c9_IOC_8.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1610 x 596, 8-bit/color RGBA, non-interlaced Size431 kB (430898 bytes) Hasha9c972dad68fd735c5d0897a702284b6 bda804325d3678d1b30cbc8b00c4ff88ff54691e 5f60517e56b0e462d0958f187664371100ae9835925474044d4b2383ef63f22b
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c9_IOC_8.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 430898
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "a9c972dad68fd735c5d0897a702284b6"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: IBijZaqt..Xt_QcQcnzhbcfYTAfjz0tu
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: H5TP2W_kozMV4I8pMugaAVR_dtv21BfOrqZGBSpoA280CpNfiVue-A==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ba_Delphi.png | 3.164.240.122 | 200 OK | 464 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ba_Delphi.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1696 x 963, 8-bit/color RGBA, non-interlaced Size464 kB (463824 bytes) Hash020170fdd50f58c8a171d1739f4cbf3b 93fd3657c518a1a40d2e6a6b6673f797ad71cee2 fbe6272f892a2e99d79953cc86fd16544cdbbce9b992f538cf538047585d306f
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970ba_Delphi.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 463824
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "020170fdd50f58c8a171d1739f4cbf3b"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: KVCI4WFpfdI.t33s5YakwSorkNDxmDJU
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: YlxzdalliZpZRPOkuniN5ba_2gUZihgoohvv27mFEoxnso9z9_Lymw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c7_Binary%25205_2.png | 3.164.240.122 | 200 OK | 492 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c7_Binary%25205_2.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 2106 x 954, 8-bit/color RGBA, non-interlaced Size492 kB (492497 bytes) Hashe1294ae9dc0d9c368bd3337cd515d3c1 7f1953ae9a5c6ca6d73e03c5c56d5f357875ff01 3156b70d5e147fbaf90c9c7eef54659179f8f7e17be53cff890ac1e211d75ff4
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c7_Binary%25205_2.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 492497
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "e1294ae9dc0d9c368bd3337cd515d3c1"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: hy7e986UyLmCciCbYStUrlQ2YNwRsMwi
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61526
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: mpJrqC0zBB-UCNcwsGgSie64V554d3xBRbBwMdjtFo3aXTxDsht-ag==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c4_IOC_9.png | 3.164.240.122 | 200 OK | 550 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c4_IOC_9.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 2068 x 786, 8-bit/color RGBA, non-interlaced Size550 kB (549998 bytes) Hash677686011090fbe88d630c9cc46055ff 97b4897b73c5336e4a64438f79d2102056d1841f 63c7c746c77246d5263cf8c14d317e15a1f0129f17f5ffa0d74db5f59524190d
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c4_IOC_9.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 549998
date: Mon, 06 May 2024 15:08:24 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "677686011090fbe88d630c9cc46055ff"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: Z7fE2FCDfKHZCbZySswTo5KJS9spDUYG
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 61527
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: OdIXmLRTDyZlF3H9cdqvgNHMEvqeuqGkYdPhLNMCysU44ixkWit45A==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b9_Binary%2520File%25201.png | 3.164.240.122 | | 489 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b9_Binary%2520File%25201.png IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1688 x 959, 8-bit/color RGBA, non-interlaced Size489 kB (489084 bytes) Hash946f7179afbec4c4507bf3344bd2769e adbf027b7995e27980926fe5f02d46e8335431e1 d5ef30f880252d6c8d8eb26b7c6b83d30b6703564ec01d8f7cc6c3c78695f673
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b9_Binary%2520File%25201.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 489084
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: p6YuUZzIk5EOxj2mbpu7SCazspG2Odrg
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "946f7179afbec4c4507bf3344bd2769e"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: K2VAqMLfEBeTpo6jOkO8cdWfbCK6tkwRIdbNULpLtukQ2ROLA8Qnlg==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b8_Binary4_2.png | 3.164.240.122 | 200 OK | 162 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b8_Binary4_2.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 800 x 564, 8-bit/color RGB, non-interlaced Size162 kB (162165 bytes) Hash9ce32a73eb256630b8f0025f27740b76 967a95a8dba9f8fdff6f258e4254fcb52ab39b17 1f609db7b275f0864e330e047d480d2ec35e284e2429e255a1dec78f47fcb71c
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970b8_Binary4_2.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 162165
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: w1cIu9kKwQNQDnuAedqNJUvrthR.PFhW
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "9ce32a73eb256630b8f0025f27740b76"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: z2sIr-KiKgL4cy47t6_bmB10YTUXMBHve0fyMVYbf396W95sjuIakQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970be_Values.png | 3.164.240.122 | | 359 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970be_Values.png IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 800 x 362, 8-bit/color RGB, non-interlaced Size359 kB (359167 bytes) Hash93d4ab08a17c98a970a8db5b34c0b103 7e0ef8c841eff174ad6da94926c585ed5e6486d4 3efa3b58992a04c06309aada9abea6ca6a1578b7001418099923cd2d2949d4ce
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970be_Values.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 359167
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: V5L6vkps5sURYZ2SsP7D_0W1cBAdZL_m
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "93d4ab08a17c98a970a8db5b34c0b103"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 1n5YOGHumKGQl9L-eFGqzSDZqu9EK9KcF7ZEgcNGr8fmlE3MLuzlqw==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bd_Binary%25205_1.png | 3.164.240.122 | 200 OK | 440 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bd_Binary%25205_1.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1919 x 496, 8-bit/color RGBA, non-interlaced Size440 kB (439813 bytes) Hash1b1456cfd25dac17810f7244181a8c0b 0d81ccf4669c8eb6dbb4b541de0ac330dee38740 32dea316312df50da8a7777af23c11a6c3ccaa8a3d8549aadb5414a159ced767
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970bd_Binary%25205_1.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 439813
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: 1iFpXWe0Si4IPVLInnbOp9EGvNAVF6yG
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "1b1456cfd25dac17810f7244181a8c0b"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: vA8bNsveYsBd4WkR2vz-lZCFs-U5x01vAMIWnOPdCKi-VMkHwtz1DQ==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c6_Binary%25204_5.png | 3.164.240.122 | 200 OK | 534 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c6_Binary%25204_5.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1504 x 1421, 8-bit/color RGBA, non-interlaced Size534 kB (534434 bytes) Hashf6a62239e500fb498c035828b05cd632 8e65a3bf78afe6ce6b769fbf39d74e3c32947773 eeca91299fa72342b22e6d491b8cebbad4ca67be02207a186f0cb23fc2ff48be
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c6_Binary%25204_5.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 534434
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: awMOiJNkANFzQY5NfhkC7zck27NkX5VC
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "f6a62239e500fb498c035828b05cd632"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: wSuEZCo7v4VDCFPcQvqTrx7dLdUIXLjEIgdL0myIzE_ma5syA1_MpA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c0_Debugger5.png | 3.164.240.122 | 200 OK | 373 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c0_Debugger5.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1918 x 478, 8-bit/color RGB, non-interlaced Size373 kB (372664 bytes) Hashee4788ce8d3c8bfbb4159be72c70c800 16fd2ef9ecdb49df895fa991780482117d6312dd b2578a23cdc8c152f39268e6989e88e1d4e8b457e10863c5e3913e6f53a8d89b
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c0_Debugger5.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 372664
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: ixCa1y7TCkwWmcsGTy4jFWAbk8Y0tNUh
accept-ranges: bytes
server: AmazonS3
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=84600, must-revalidate
etag: "ee4788ce8d3c8bfbb4159be72c70c800"
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: YaBQ-O-gSqcXapdXYUXzPIqlMelva_UnaOsMgiRIF_qJxGlVG1qlEg==
X-Firefox-Spdy: h2
|
|
| j.6sc.co/6si.min.js | 95.101.10.131 | 200 OK | 18 kB |
IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeJavaScript source, ASCII text, with very long lines (31995) Hashbf231eb780489fffea00aef444500b14 f0d4603fa4441a3cf3773efffbda309001c579b0 95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb
GET /6si.min.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "662ae46d-10585"
last-modified: Thu, 25 Apr 2024 23:17:01 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cache-control: private, no-cache, proxy-revalidate
expires: Tue, 07 May 2024 08:13:51 GMT
date: Tue, 07 May 2024 08:13:51 GMT
content-length: 17942
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/4.5.3.4.js | 151.101.129.91 | 200 OK | 2.9 kB |
URL GET HTTP/2client-registry.mutinycdn.com/mutiny-client/4.5.3.4.js IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (7567), with no line terminators Hash4862c87e0df637869c7df8395202758f 982882b772a55b79664fc4cd4c5f959a21486dca c305db8bbf0452e04ae20e49774fcec074d4cd90b456c2c968ba558a396119dc
GET /mutiny-client/4.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kp43T182nSdMWajEFgO9fOSOH5PSKHXvif36vn58EIO0PSpMMaRt1DJ0LJR9sqYbZ9NSzRxjoG8=
x-amz-request-id: 2YT8Q8XA2G834WFP
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "4862c87e0df637869c7df8395202758f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: P2mBnoeQjZKQ6u6wd1K_petu1fwXqOC0
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:51 GMT
via: 1.1 varnish
age: 1143767
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 5588
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 2934
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c2_Fourth%2520Binary.png | 3.164.240.122 | 200 OK | 530 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c2_Fourth%2520Binary.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 1694 x 961, 8-bit/color RGBA, non-interlaced Size530 kB (530248 bytes) Hash33a002d08480661a175cb84498a5b1c5 5cc50ff548fb824537a99c3c2dd9a42ca4bf99e2 87a0a8d723f2cff25bc452520d88ed1613f9b9e34114c403a30707a564a11312
GET /6579dd0b5f9a54376d296939/6579dd0b5f9a54376d2970c2_Fourth%2520Binary.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 530248
date: Tue, 07 May 2024 08:13:51 GMT
last-modified: Wed, 13 Dec 2023 16:34:36 GMT
etag: "33a002d08480661a175cb84498a5b1c5"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
cache-control: max-age=84600, must-revalidate
x-amz-version-id: Qj2B1oLfb.qSFsj41UYhwDAbcJplmNlW
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: w50M2heB47u4otcX5Z_rj0VOBfGL8e1rBhMqS35Y-kELV45kTzBf8A==
X-Firefox-Spdy: h2
|
|
| js.hs-scripts.com/3911692.js | 104.16.140.209 | 200 OK | 1.2 kB |
URL GET HTTP/2js.hs-scripts.com/3911692.js IP104.16.140.209:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecths-scripts.com Fingerprint10:6A:CE:54:F8:1D:59:1E:1F:7D:DB:76:07:FC:FF:1A:7D:70:E9:BD ValidityMon, 01 Apr 2024 23:22:11 GMT - Sun, 30 Jun 2024 23:22:10 GMT
File typeASCII text, with very long lines (2931), with no line terminators Hash6dcc4481754d4bd036b534742902119f 36fa30a6a3b686531978f1be8224b02fac2e78af 340c7e135aca4964cf3542da8cbb80c5e911a068cb0b47b700e257ebf678ab50
GET /3911692.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:50 GMT
content-type: application/javascript;charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://www.huntress.com
access-control-max-age: 3600
cf-bgj: minify
cf-polished: origSize=3043
last-modified: Tue, 07 May 2024 08:09:18 GMT
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-hubspot-correlation-id: a535b15a-53ab-4963-890e-980124fda081
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-pqqjf
x-evy-trace-virtual-host: all
x-request-id: a535b15a-53ab-4963-890e-980124fda081
cf-cache-status: HIT
age: 90
expires: Tue, 07 May 2024 08:15:20 GMT
cache-control: public, max-age=90
server: cloudflare
cf-ray: 87ffc0c45d85b4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/2.5.3.4.js | 151.101.129.91 | 200 OK | 22 kB |
URL GET HTTP/2client-registry.mutinycdn.com/mutiny-client/2.5.3.4.js IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (32121) Hash5f57bd67579ac324b2166b4130a8cc07 3e1ffee3e8f84fbacf09de556e9e461e5c0a7ff3 a452d07f0c98afcb2e862689e43aebfe63d8ed39628cd0db9d1a5bf2490f535c
GET /mutiny-client/2.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: zUV/nFsXY/kKWAMoFGZZMzQuy3PRdMam9YaRTkJah5W7ji/cH4GpnUDxGclwL5RZTHALngtwzNw=
x-amz-request-id: 2YT83ZEXX6435Q0Y
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "5f57bd67579ac324b2166b4130a8cc07"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: 6xUArQV8NAP2GNy6ZfEzSxp4ijhn301A
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:51 GMT
via: 1.1 varnish
age: 1143767
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 5609
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 22324
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/personalize/client_data/c9c27905c1e445d6.json | 151.101.129.91 | 200 OK | 2.4 kB |
URL GET HTTP/2client-registry.mutinycdn.com/personalize/client_data/c9c27905c1e445d6.json IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
Hash5ac77d7552f39e01e2afcc306e5c8927 02f0d91b034a7c5ebffe95f923c123ac9008c5fa a6b98cd7916e999160189031f3bf066ff406b1f517ef1166939a89886d64b840
GET /personalize/client_data/c9c27905c1e445d6.json HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HvN56E1vPqBEnjg2mPrT3L2A4ErbUt/qVNvH4Z97ztrg1+eqeBKJkY2OG+FO3LisqmoI/NSnUCM=
x-amz-request-id: EV8H5VVCSQ819FKT
last-modified: Tue, 30 Apr 2024 19:44:48 GMT
etag: "5ac77d7552f39e01e2afcc306e5c8927"
x-amz-server-side-encryption: AES256
cache-control: s-maxage=3600, max-age=0
x-amz-version-id: OcJil6LNSxyxyThW1iPlbFS6ySfmzcVB
content-type: application/javascript
server: AmazonS3
x-continent-code: EU
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
age: 2371
date: Tue, 07 May 2024 08:13:51 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 0
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 2445
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/1.5.3.4.js | 151.101.129.91 | 200 OK | 32 kB |
URL GET HTTP/2client-registry.mutinycdn.com/mutiny-client/1.5.3.4.js IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasheac830092663999c2be3f3efb0da7689 91c8dc54ded93e33a760383d788a6f52bb6846f6 6de536a2362cbe38a4f6e689f19e6727169ff98108d2a2bdaabe2a8a0fb3b358
GET /mutiny-client/1.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: xJOZ/gSfNkYAGvS2bUOsyBCFFbB7SHZFCpTIWt2RKWKF1eJpQmOcAHo9fjz7caWzT7KKNkz1P1k=
x-amz-request-id: 2YT2HKAK22ND4KKG
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "eac830092663999c2be3f3efb0da7689"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: T9Hgvtb5nzo0y0K1.atv2V3TnFSnvJ2i
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:51 GMT
via: 1.1 varnish
age: 1143766
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 5600
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 31660
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/6.5.3.4.js | 151.101.129.91 | 200 OK | 5.0 kB |
URL GET HTTP/2client-registry.mutinycdn.com/mutiny-client/6.5.3.4.js IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (15204), with no line terminators Hashd29de80cf4363fd641e6bb8c9576f803 72ec319bdbaaeb56e58341dc0859a7f4d86b43ff 870a0d4eda0b78ce739a6557840ab097d1a7464f0c5d3638cc2b862ead8505aa
GET /mutiny-client/6.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: R3iwNg3cHv4JWdaJbLOAxsV7I5nKs82EJWH+miB95+zPLxn+ay6O7385Mn+0HXASziwho1TqqyfnmVan0H2AWg==
x-amz-request-id: 2YTFJYE6M1KQHHCE
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "d29de80cf4363fd641e6bb8c9576f803"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: ZXS_McyJn9VwVOg8b425k3TP.SdGeNXn
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:51 GMT
via: 1.1 varnish
age: 1143767
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 5569
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 4994
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 | 143.204.55.45 | 200 OK | 19 kB |
URL GET HTTP/2assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 IP143.204.55.45:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 19348, version 1.0 Hasha0118c6d18835732ae0eb880babc7598 81d726606d57cbd2ad6db2f3e69fcebafef48723 7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 19348
date: Thu, 28 Dec 2023 15:56:57 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
etag: "a0118c6d18835732ae0eb880babc7598"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 1upZc36cdk27x7Arg8l9thaL3L34ome5
accept-ranges: bytes
server: AmazonS3
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 11290615
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nZAOM15qOTEfU8RZTTHsO-4y4pRrZXII4-fj9wwc5FsfJv7AGdX9KA==
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 | 143.204.55.45 | 200 OK | 18 kB |
URL GET HTTP/2assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 IP143.204.55.45:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 17728, version 1.0 Hashfd0185054945b2abe907dc7e524389c9 a4ff7f06142ecece5403a39d447323b784b00609 71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 17728
date: Fri, 29 Mar 2024 10:53:50 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
etag: "fd0185054945b2abe907dc7e524389c9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: At.YFBHJO4EQclecPPM23aBnfk3j2h1H
accept-ranges: bytes
server: AmazonS3
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 3360002
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OxTbEXb67tpDcJ5XYuDWQ07V9E9pSt_X0OesHly7_xl0S14FH88SeQ==
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 | 143.204.55.45 | | 18 kB |
URL assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 IP143.204.55.45:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 18204, version 1.0 Hash5aec097021a58170197314c745d296db 934a5302166092dc2d5532b914eb24fbc3bfdbe0 a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 18204
date: Fri, 29 Mar 2024 10:53:50 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
etag: "5aec097021a58170197314c745d296db"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 4JksoGDTlz479HpJYtobtrz0YXSwp3Rx
accept-ranges: bytes
server: AmazonS3
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 3360002
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: w8TjO4--QlkAtmCIfnOrtSAnPf2kvqK_cDCdyX0dVsMBYLTDKP6aGw==
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 | 143.204.55.45 | | 21 kB |
URL assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 IP143.204.55.45:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21280, version 1.0 Hash4be3159e8cb3fb66b8e847dd0bedb2ed 3fb4d28977d2ff710cc9a2ac8e9218cfe7772a1f 36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 21280
date: Thu, 28 Dec 2023 15:56:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
etag: "4be3159e8cb3fb66b8e847dd0bedb2ed"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 6cft5KdwVHtlIu77Lo8AxPLF1V_1aCGv
accept-ranges: bytes
server: AmazonS3
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 11290616
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dYA1-0OhBg8cb5q3XPS5RRRX_YP1S4tkfV3xIuh13AWzWkg5IykyIg==
X-Firefox-Spdy: h2
|
|
| hubspotonwebflow.com/assets/js/form-124.js | 76.76.21.61 | | 20 kB |
URL hubspotonwebflow.com/assets/js/form-124.js IP76.76.21.61:0
Hash392ca1f460caa2aa9439969a89f31c13 04ace83023f1701540a5f3684c0d76e09d745e85 10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939
GET /assets/js/form-124.js HTTP/1.1
Host: hubspotonwebflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
age: 1672096
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="form-124.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Tue, 07 May 2024 08:13:50 GMT
etag: W/"392ca1f460caa2aa9439969a89f31c13"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /assets/js/form-124.js
x-vercel-cache: HIT
x-vercel-id: arn1::c2s5w-1715069630156-394455a81d38
X-Firefox-Spdy: h2
|
|
| huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js | 104.26.1.173 | 200 OK | 114 kB |
URL GET HTTP/2huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js IP104.26.1.173:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthuntresscdn.com Fingerprint22:90:2E:56:80:49:0D:11:61:C0:98:0B:C3:6B:14:BC:C7:4E:FD:6E ValidityMon, 08 Apr 2024 23:13:58 GMT - Sun, 07 Jul 2024 23:13:57 GMT
File typeJavaScript source, ASCII text, with very long lines (64903) Size114 kB (113865 bytes) Hash5601f72e0dbb3fa292669d45d4166a82 16f8b5a472e992a7b3550a74b82afa32d172cb8b 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
GET /19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js HTTP/1.1
Host: huntresscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:51 GMT
content-length: 113865
cf-ray: 87ffc0cf993b7131-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 6925
cache-control: max-age=14400, maxage=14400
last-modified: Tue, 07 May 2024 06:18:26 GMT
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8Yi58O8S6L0KC69JftFtXDMHblSMOKf%2FFYSNNx92x1OfySXXAxvAwIEofhNgQ%2FtCsx9Coii5ZiA8IPay%2Fk1%2FhLbuMKN%2B3nH6pI0YCYml93W4ELFfkGvHzoeM2azwf05lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 | 142.250.74.168 | 200 OK | 106 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 IP142.250.74.168:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (48189) Size106 kB (105606 bytes) Hash327a6b18b895968fbf2a57b251e2f2f7 2ceefa0d5e23a8999604439be35177705f4e4bae d8f066922ed924dd699b32fa3d3029b7a6e1892d6516e3866bb1dde142eb254b
GET /gtm.js?id=GTM-TXRTDGW4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 08:13:51 GMT
expires: Tue, 07 May 2024 08:13:51 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105606
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/personalize/user_data/c9c27905c1e445d6.json?async=false&session_token=78f0abea-4b9c-4feb-938e-b8db9e7ae8cc&token=5737ea4b430c1742&visitor_token=84cd7e98-35aa-431b-bec7-3eeb9a5fb4cd | 151.101.129.91 | 200 OK | 281 B |
URL GET HTTP/2client-registry.mutinycdn.com/personalize/user_data/c9c27905c1e445d6.json?async=false&session_token=78f0abea-4b9c-4feb-938e-b8db9e7ae8cc&token=5737ea4b430c1742&visitor_token=84cd7e98-35aa-431b-bec7-3eeb9a5fb4cd IP151.101.129.91:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
Hashc9c30577fab2b228e8186014c8263809 b2358c5b878323d44cbffe14e15e45516965c6b5 114ee477db463164539505c0b14f7d7e40b6f1cd17fcb451bbec0b8ed3703e51
GET /personalize/user_data/c9c27905c1e445d6.json?async=false&session_token=78f0abea-4b9c-4feb-938e-b8db9e7ae8cc&token=5737ea4b430c1742&visitor_token=84cd7e98-35aa-431b-bec7-3eeb9a5fb4cd HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-expose-headers: x-cache, x-cache-hits, age
cache-control: no-store
content-encoding: gzip
server: Cowboy
x-async-user-data: false
x-visitor-token: 84cd7e98-35aa-431b-bec7-3eeb9a5fb4cd
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
accept-ranges: bytes
age: 0
date: Tue, 07 May 2024 08:13:52 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: MISS
x-cache-hits: 0
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 281
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg | 3.164.240.122 | 200 OK | 407 B |
URL GET HTTP/2assets-global.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash7b97da408ecd186da2775e85d3b5fc35 8b4f66f24205e57e80a40b6b47033d0d40a06b55 ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111
GET /655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 407
date: Fri, 05 Jan 2024 14:43:06 GMT
last-modified: Fri, 24 Nov 2023 10:23:48 GMT
etag: "7b97da408ecd186da2775e85d3b5fc35"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 10603846
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 9i9Ic-ZQMFon6ynfn9vM_Msw2PzIOUQ1qxKpejZ3J6JkKA8LDxaBuA==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296939/660d84628ab92ac79f396cbc_Huntress-Default-Thumbnail-365x274.webp | 3.164.240.122 | 200 OK | 57 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296939/660d84628ab92ac79f396cbc_Huntress-Default-Thumbnail-365x274.webp IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash90e325489bb7300b9b0e7450932f076c 37f45c12dc8732a7b6823911ffa8c4e2fbd431aa 3bc3d6398e060891881fe64a203deb25ab6bc564867ba441bced61f643bf41eb
GET /6579dd0b5f9a54376d296939/660d84628ab92ac79f396cbc_Huntress-Default-Thumbnail-365x274.webp HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 56712
date: Sat, 06 Apr 2024 06:10:57 GMT
last-modified: Wed, 03 Apr 2024 16:31:31 GMT
etag: "90e325489bb7300b9b0e7450932f076c"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: BtdXOnNCPiDzOP3e6wE5N5puIfbXkApz
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 2685776
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: 0iLCDdovRbRLbiQbPYAfwamLnqc5bpcAbECon5gAwEkltQ-l0Xy9nA==
X-Firefox-Spdy: h2
|
|
| tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js | 76.76.21.9 | 200 OK | 859 B |
URL GET HTTP/2tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js IP76.76.21.9:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecttools.refokus.com FingerprintF9:21:1F:50:32:C8:78:F8:26:F6:8B:B5:58:F9:5A:91:A8:4E:D2:54 ValiditySun, 21 Apr 2024 00:02:32 GMT - Sat, 20 Jul 2024 00:02:31 GMT
File typeJavaScript source, ASCII text, with very long lines (1681), with no line terminators Hashbfd9ff53d0c1baa43dbb0f44751f23e9 adae49e91e0e5515f82bd9a5fa211f551518e607 a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec
GET /rich-text-enhancer/bundle.v1.0.0.js HTTP/1.1
Host: tools.refokus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
age: 1876526
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bundle.v1.0.0.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Tue, 07 May 2024 08:13:50 GMT
etag: W/"bfd9ff53d0c1baa43dbb0f44751f23e9"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: arn1::td9kd-1715069630151-1e8a0f4cbd5f
X-Firefox-Spdy: h2
|
|
| js.hsleadflows.net/leadflows.js | 104.18.140.17 | 200 OK | 89 kB |
URL GET HTTP/2js.hsleadflows.net/leadflows.js IP104.18.140.17:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthsleadflows.net Fingerprint2A:AE:F1:03:2C:4F:72:27:B3:89:5D:9B:C9:B1:AC:12:FE:A9:CA:8E ValidityFri, 05 Apr 2024 00:07:39 GMT - Thu, 04 Jul 2024 00:07:38 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd252299cef5b9176cf0435e72e0baeeb 968a62d85c0d2e1322c27631422dfd196a427865 efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a
GET /leadflows.js HTTP/1.1
Host: js.hsleadflows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Wed, 03 Apr 2024 09:27:53 UTC
etag: W/"d252299cef5b9176cf0435e72e0baeeb"
x-amz-server-side-encryption: AES256
x-amz-version-id: FzXUOelq5PzvbDhLOc3Au0ThiCBuXHAc
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 3f95374273631adbfd8e0d0a9f6d7b64.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P1
x-amz-cf-id: asxIQsb9eURxd7ebv7CqufV8fy6NWtcc2WydJVoo5lWoXHLHtEvoMA==
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js&cfRay=87c7739ebe8809a9-ARN
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js
x-content-type-options: nosniff
x-hs-cache-status: MISS
x-envoy-upstream-service-time: 32
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 7b0d015c-4138-43de-ad92-614aea83245d
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-z4v48
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7b0d015c-4138-43de-ad92-614aea83245d
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
cf-cache-status: HIT
age: 53995
server: cloudflare
cf-ray: 87ffc0d039470b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ipv6.6sc.co/ | 23.36.79.19 | 200 OK | 4 B |
IP23.36.79.19:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeASCII text, with no line terminators Hash37a6259cc0c1dae299a7866489dff0bd 2be88ca4242c76e8253ac62474851065032d6833 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
GET / HTTP/1.1
Host: ipv6.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 4
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:52 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715069632240_388255503_133349385_17_650_4_21_21";dur=1
6si-ipv6: null
access-control-allow-origin: https://www.huntress.com
vary: Origin
X-Firefox-Spdy: h2
|
|
| js.hscollectedforms.net/collectedforms.js | 104.16.109.254 | | 25 kB |
URL js.hscollectedforms.net/collectedforms.js IP104.16.109.254:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65392), with no line terminators Hash020909a609cf986b4a8a88cfb577a8db b433b99760f44c8a494a5c13a07aa1a9933d0179 5c76dd89a767afd512ce6c6370424f39a632ebb736c16ac37952fbfd97575448
GET /collectedforms.js HTTP/1.1
Host: js.hscollectedforms.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Wed, 10 Apr 2024 18:06:23 UTC
x-amz-server-side-encryption: AES256
x-amz-version-id: _rd02ux3UWoVQsATQDf.p_LxkLPJ6umh
etag: W/"020909a609cf986b4a8a88cfb577a8db"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: RefreshHit from cloudfront
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: dE-wvownKHvjrATS36ztN0Nm6avhkZMzhr2vRvasq79aoQ2XeIz8yQ==
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.491/bundles/project.js&cfRay=87c9385268e7d906-ARN
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.491/bundles/project.js
x-content-type-options: nosniff
x-hs-cache-status: MISS
x-envoy-upstream-service-time: 54
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6c587d62-5999-4d4c-b720-6fdb444ee4e1
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6c587d62-5999-4d4c-b720-6fdb444ee4e1
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
cf-cache-status: HIT
age: 91
server: cloudflare
cf-ray: 87ffc0d0191356a4-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f020a0-2b"
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:52 GMT
X-Firefox-Spdy: h2
|
|
| js.hs-banner.com/cookie-banner-public/v1/activity/view | 104.18.34.229 | | 0 B |
URL js.hs-banner.com/cookie-banner-public/v1/activity/view IP104.18.34.229:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /cookie-banner-public/v1/activity/view HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: https://www.huntress.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: d6fa3106-021e-4e90-9a73-dbb9fee52348
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: d6fa3106-021e-4e90-9a73-dbb9fee52348
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0d1a926568e-OSL
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 109 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (16362) Size109 kB (109114 bytes) Hash51a0cc148c57672669570f2b988e58dc c1359f77b8d687e7cd99adef75a7521387958100 241937498fc871398b3a053286dfb2b260cd628ecbf94f1eb5caeea67ad9e5c8
GET /gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 08:13:52 GMT
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 109114
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c | 142.250.74.168 | | 89 kB |
URL www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c IP142.250.74.168:0
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash45a091d668bb7bbb032c21efb1464cf0 3a2e54ec1e698d30e367df695e74d9efa2e74814 883de3f902f579344839e517be4d07f11f358a06d2225470d8b1934e372cc26e
GET /gtag/destination?id=AW-429191348&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 08:13:52 GMT
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88876
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| js.hs-banner.com/cookie-banner-public/v1/activity/view | 104.18.34.229 | | 0 B |
URL js.hs-banner.com/cookie-banner-public/v1/activity/view IP104.18.34.229:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cookie-banner-public/v1/activity/view HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Content-Type: application/json
Content-Length: 136
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Tue, 07 May 2024 08:13:52 GMT
access-control-allow-origin: https://www.huntress.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 16
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: df3c3aa9-daa1-4a0e-b14a-7450aab61d56
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-mnr7x
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: df3c3aa9-daa1-4a0e-b14a-7450aab61d56
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0d2aaf7568e-OSL
X-Firefox-Spdy: h2
|
|
| www.redditstatic.com/ads/pixel.js | 151.101.1.140 | 200 OK | 11 kB |
URL GET HTTP/2www.redditstatic.com/ads/pixel.js IP151.101.1.140:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerDigiCert Inc Subjectwww.redditstatic.com Fingerprint2F:CB:EB:6E:79:ED:BE:34:24:FF:A9:C2:0C:D1:07:8D:56:7F:2F:16 ValidityMon, 08 Jan 2024 00:00:00 GMT - Sat, 06 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (39242) Hashb1de5a83f25d164f24b470c022d2a356 56b8a2b55612b3b4b8dbb4b550f1cd4e72d930dd 57bd3463acfad02c222f7beac208f69df5507f7de42fa38b18a1e1e48df2a44a
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Wed, 24 Apr 2024 17:35:49 GMT
etag: "c4d61fbb6e730a840c7f140cbb9bcd06"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:52 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 11214
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/9.5.3.4.js | 151.101.129.91 | | 11 kB |
URL client-registry.mutinycdn.com/mutiny-client/9.5.3.4.js IP151.101.129.91:0
CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (36996), with no line terminators Hash0f8515955a6446b73e42aae4ae97ae31 7e0bace557616aa54bead52ed670e96026dd2fc3 3c7a5808685fa3403acaf87c5dcda0bc93aa9c78680cdade5a4c646f987d5d6f
GET /mutiny-client/9.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Hj0E55XHcEIu7SAkRxLundbIhL5313/9vFdLSLVhin1+b2+VrZCuIC7wWT3vC0QMKmBAljjgD1I=
x-amz-request-id: F38Y96AADB6R0BQX
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "0f8515955a6446b73e42aae4ae97ae31"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: 1u4mGCGXw_mWJ6lWa.B8TLQqgopkFO_q
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:52 GMT
via: 1.1 varnish
age: 1143766
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 3351
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 10858
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/7.5.3.4.js | 151.101.129.91 | | 2.8 kB |
URL client-registry.mutinycdn.com/mutiny-client/7.5.3.4.js IP151.101.129.91:0
CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (9203), with no line terminators Hash1cfc2f45f6b89c401b92e14faf2ef01a e6f789986829fcef1221683e1812ee7440971a96 b770b98513581b8a54e633d0021e3bcd3935f08d8e7b8fe6e56401891c7f73f8
GET /mutiny-client/7.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 4MvcCg7yjUDMZ9YdZ4O92cLr860mj71IFxEpO02gvPuJQQ3eoYC6jnclAjRcTJlH9/0uGdruEmI=
x-amz-request-id: F38KSJJPPWQ1FF1R
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "1cfc2f45f6b89c401b92e14faf2ef01a"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: Rt1BtuBkVe05.Nvj6tgzb0Pey2ZaErvL
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:52 GMT
via: 1.1 varnish
age: 1143766
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 2676
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 2781
X-Firefox-Spdy: h2
|
|
| client-registry.mutinycdn.com/mutiny-client/10.5.3.4.js | 151.101.129.91 | | 2.6 kB |
URL client-registry.mutinycdn.com/mutiny-client/10.5.3.4.js IP151.101.129.91:0
CertificateIssuerGlobalSign nv-sa Subjectclient-registry.mutinycdn.com FingerprintBE:CC:E4:53:CC:9D:DB:E2:58:80:16:06:86:DD:09:06:92:66:F8:9C ValidityWed, 06 Mar 2024 21:56:19 GMT - Mon, 07 Apr 2025 21:56:18 GMT
File typeJavaScript source, ASCII text, with very long lines (7397), with no line terminators Hashbddf673724f89eb17c70ebd53a364b80 6afcc24c0f65a3fafedaa9f16c83b4dc6e25d54a 904b9d920e3433f48ebf530b9588f34c066d1ec02b97a6e1f42a9abbd189df7b
GET /mutiny-client/10.5.3.4.js HTTP/1.1
Host: client-registry.mutinycdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Sd1DXtLy/jBAv8hEqkeQbE3w+8b1+zCwadVKHAPmfmagtZB7108O0ZwDGscx8JI2ZcqUnjR+AMo=
x-amz-request-id: F38X49NEA19N4CWF
last-modified: Thu, 18 Apr 2024 14:44:59 GMT
etag: "bddf673724f89eb17c70ebd53a364b80"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: 1Jc6XLQ3DaHMkL225ESCW263GDmQhGoK
content-type: application/javascript
server: AmazonS3
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 3000
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:52 GMT
via: 1.1 varnish
age: 1143766
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 2666
vary: X-Continent-Code, Accept-Encoding
x-connection-speed: broadband
x-continent-code: EU
x-country-code: NO
x-edge-datacenter: HEL
x-edge-region: EU-East
content-length: 2550
X-Firefox-Spdy: h2
|
|
| epsilon.6sense.com/v3/company/details | 13.248.142.121 | 200 OK | 382 B |
URL GET HTTP/2epsilon.6sense.com/v3/company/details IP13.248.142.121:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.6sense.com Fingerprint1F:E9:D1:17:91:2F:85:0D:F6:B2:5A:FD:91:F5:B1:71:B2:0B:33:B2 ValiditySun, 31 Mar 2024 00:00:00 GMT - Tue, 29 Apr 2025 23:59:59 GMT
Hashc236df1ce34fb7a30c4e2ebfd21cafca 7c8a54e044e69ccd7eb6efecbc0c816543e54749 65723fd6a499fc6b72da5add4db94796ba3d3e1304cafa6bef10a882111c78cc
GET /v3/company/details HTTP/1.1
Host: epsilon.6sense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Authorization: Token c081b6bcc07a45b013b81ff3441b82387640805c
X-6s-CustomID: WebTag 8769192b-20ba-4df2-8d62-2740a805c3e8
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/json
content-length: 382
server: nginx
x-trace-id: 8216554096661450288
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
access-control-expose-headers: X-6si-Region
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware | 52.2.7.148 | | 43 B |
URL q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware IP52.2.7.148:0
File typeGIF image data, version 89a, 1 x 1 Hashdf3e567d6f16d040326c7a0ea29a4f41 ea7df583983133b62712b5e73bffbcd45cc53736 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware HTTP/1.1
Host: q.quora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 07 May 2024 08:13:52 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,2d8908f15be58c3171ad9c22eeb26982,10.0.0.156,59140,91.90.42.154,,365336227258,1,1715069632.828,0.002,,.,0,0,0.000,0.004,-,0,0,203,185,92,10,26847,,,,,,-,
Content-Length: 43
Connection: keep-alive
|
|
| j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js | 95.101.10.131 | | 438 B |
URL j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js IP95.101.10.131:0 ASN#20940 Akamai International B.V.
CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeASCII text, with very long lines (837), with no line terminators Hash29df5bb770be8e518fe2206581f712a6 2547b72c28d11642cb98341593af4d6d4d98754a 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
GET /j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 18 Aug 2023 17:22:32 GMT
etag: "29df5bb770be8e518fe2206581f712a6"
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
x-amz-version-id: iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: erR_GAfYT1eWa_ExjlIMlbgANs4_ArGAsYFMjm8tTDyMaWNWz4aOWA==
vary: Accept-Encoding
content-encoding: gzip
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:52 GMT
content-length: 438
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry | 151.101.1.140 | 200 OK | 98 B |
URL GET HTTP/2www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry IP151.101.1.140:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerDigiCert Inc Subjectwww.redditstatic.com Fingerprint2F:CB:EB:6E:79:ED:BE:34:24:FF:A9:C2:0C:D1:07:8D:56:7F:2F:16 ValidityMon, 08 Jan 2024 00:00:00 GMT - Sat, 06 Jul 2024 23:59:59 GMT
Hash5143820daeb644938735d6b28c0059e7 22316bb57b4fa755662fd6f5fb7f749b21ac32a1 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
GET /ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=300
content-type: application/json
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 May 2024 08:13:52 GMT
via: 1.1 varnish
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 98
X-Firefox-Spdy: h2
|
|
| js.driftt.com/include/1715069700000/5d3cypit2iz8.js | 54.230.111.73 | 200 OK | 61 kB |
URL GET HTTP/2js.driftt.com/include/1715069700000/5d3cypit2iz8.js IP54.230.111.73:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com Fingerprint8D:87:63:40:81:FD:69:E6:E5:7B:1B:D8:C5:49:BB:2A:A5:0B:A2:EE ValidityTue, 15 Aug 2023 00:00:00 GMT - Wed, 11 Sep 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hasha63ac29d58c13d9e04e5ab33eca1d156 7314eeff343095b33be765d881713ec7025f9cdd c6dc99732fc680cf5055b9f607d0c277bd7b5ea62098ecf01af350612cc66658
GET /include/1715069700000/5d3cypit2iz8.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: istio-envoy
last-modified: Mon, 21 Aug 2023 14:57:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
access-control-allow-credentials: true,true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 46
via: 1.1 412b51478c24c00d9c9185312b00ffd0.cloudfront.net (CloudFront), 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: max-age=10
etag: W/"576cdc1c0941a520c47b54aef3b463f7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: IAD61-P3, OSL50-P1
x-amz-cf-id: FQBV_riklfP6zScsm565GYuxkss-Z4sgxk1LU-LdIh4KI12vU5AeBQ==
X-Firefox-Spdy: h2
|
|
| j.6sc.co/6si.min.js | 95.101.10.131 | 200 OK | 18 kB |
IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeJavaScript source, ASCII text, with very long lines (31995) Hashbf231eb780489fffea00aef444500b14 f0d4603fa4441a3cf3773efffbda309001c579b0 95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb
GET /6si.min.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "662ae46d-10585"
last-modified: Thu, 25 Apr 2024 23:17:01 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cache-control: private, no-cache, proxy-revalidate
expires: Tue, 07 May 2024 08:13:53 GMT
date: Tue, 07 May 2024 08:13:53 GMT
content-length: 17942
X-Firefox-Spdy: h2
|
|
| forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3 | 104.19.175.188 | | 35 B |
URL forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3 IP104.19.175.188:0
File typeGIF image data, version 89a, 1 x 1 Hashc2196de8ba412c60c22ab491af7b1409 5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3 HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 08:13:53 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store
Vary: origin
Access-Control-Allow-Credentials: false
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-Origin-Hublet
X-Robots-Tag: none
x-envoy-upstream-service-time: 2
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
X-HubSpot-Correlation-Id: 185b2de3-d6fa-4601-92ab-6f5f5e4231df
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lrtkq
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 185b2de3-d6fa-4601-92ab-6f5f5e4231df
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Set-Cookie: __cf_bm=tSBhQgar6Oz_CGtYvd2vm7jj2br4DH7e6JQvSwud4oQ-1715069633-1.0.1.1-ehGcqQ4r7nl5XG72krXqV.1pdWAKDFPbIfDFqvHqxk9lOztVc4xXaxTQ3qikiZgRTJD93B2FN9D2.oocItcYrA; path=/; expires=Tue, 07-May-24 08:43:53 GMT; domain=.hsforms.com; HttpOnly; Secure; SameSite=None
_cfuvid=xbke9AJTN2tw3tRdOHWELU8JcCqcNEjYJ1X6.7zrdWo-1715069633139-0.0.1.1-604800000; path=/; domain=.hsforms.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 87ffc0d65abab4ff-OSL
alt-svc: h3=":443"; ma=86400
|
|
| c.6sc.co/ | 23.36.79.9 | 200 OK | 7 B |
IP23.36.79.9:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeASCII text, with no line terminators Hashd97623d172f087d9640da9acd38830ff 515bd358bb7d990930f0e2b3de399db1787a2567 fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
GET / HTTP/1.1
Host: c.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 7
Date: Tue, 07 May 2024 08:13:53 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://www.huntress.com
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
|
|
| ipv6.6sc.co/ | 23.36.79.19 | 200 OK | 4 B |
IP23.36.79.19:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeASCII text, with no line terminators Hash37a6259cc0c1dae299a7866489dff0bd 2be88ca4242c76e8253ac62474851065032d6833 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
GET / HTTP/1.1
Host: ipv6.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715069633173_388255503_133353948_27_764_3_0_21";dur=1
6si-ipv6: null
access-control-allow-origin: https://www.huntress.com
vary: Origin
X-Firefox-Spdy: h2
|
|
| ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 | 34.111.208.231 | 200 OK | 0 B |
URL OPTIONS HTTP/2ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 IP34.111.208.231:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectibc-flow.techtarget.com Fingerprint4D:70:79:2A:68:8A:26:EF:2A:6D:9D:70:D6:50:DD:61:17:13:66:5A ValidityMon, 06 May 2024 19:08:47 GMT - Sun, 04 Aug 2024 20:03:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 HTTP/1.1
Host: ibc-flow.techtarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: ibc_rate_tier
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.2
date: Tue, 07 May 2024 08:13:53 GMT
content-type: text/html; charset=UTF-8
content-length: 0
vary: Origin
x-guploader-uploadid: ABPtcPqsAfNJq4vnhhan8pPVtqfMMqzehrWyKvG-PclZd4qTrOzdF34Af-yWvPFpYWz5cDKOGRY-OkgLJQ
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: private, max-age=0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22950%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22950%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22950%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22952%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22952%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22952%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22951%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22951%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22951%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "60bb2e15-2b"
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 | 143.204.42.99 | 200 OK | 30 kB |
URL GET HTTP/2d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 IP143.204.42.99:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 HTTP/1.1
Host: d3e54v103j8qbb.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
content-encoding: br
date: Tue, 07 May 2024 04:24:25 GMT
cache-control: max-age=84600, must-revalidate
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
age: 13778
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YSNYH511HP5aU6DMIqjxAfvlK-3aKANjtYO2cKTcYxpbpifbEt1azg==
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22957%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22957%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22957%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22958%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22958%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22958%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f020a0-2b"
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22962%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22962%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22962%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22953%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22953%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22953%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22955%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22955%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22955%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22963%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22963%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22963%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%2C%22timeSpent%22%3A%221039%22%2C%22totalTimeSpent%22%3A%221039%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%2C%22timeSpent%22%3A%221039%22%2C%22totalTimeSpent%22%3A%221039%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%2C%22timeSpent%22%3A%221039%22%2C%22totalTimeSpent%22%3A%221039%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f020a0-2b"
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 | 34.111.208.231 | 200 OK | 43 B |
URL OPTIONS HTTP/2ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 IP34.111.208.231:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectibc-flow.techtarget.com Fingerprint4D:70:79:2A:68:8A:26:EF:2A:6D:9D:70:D6:50:DD:61:17:13:66:5A ValidityMon, 06 May 2024 19:08:47 GMT - Sun, 04 Aug 2024 20:03:01 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /a/gif.gif?actTypeId=31&cid=17715818&r=1715069632777&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&version=2.4 HTTP/1.1
Host: ibc-flow.techtarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
ibc_rate_tier: 17715818
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.2
date: Tue, 07 May 2024 08:13:53 GMT
content-type: image/gif
content-length: 43
expires: Tue, 07 May 2024 09:13:53 GMT
cache-control: public, max-age=3600
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
x-goog-generation: 1670534369365034
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
x-goog-storage-class: STANDARD
accept-ranges: bytes
vary: Origin
x-guploader-uploadid: ABPtcPqZFFast7oUqslZoYxBKjXiwGthswaE_Oe3sxJHpIuPRLfn6yxGIruHzc2rfgd6zMsUsTU7cpP6IA
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22960%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22960%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22960%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "60bb2e15-2b"
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6603101ade570b07f0fb6625_android-chrome-256x256.png | 3.164.240.122 | 200 OK | 24 kB |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6603101ade570b07f0fb6625_android-chrome-256x256.png IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced Hashbe212a5e042601dc68e0f32a847200c6 d7ab3eb4cd34979e0730d186bd2f6438a8ef2d3a 9eb6a22abd66a8d40bd2dbfe0b61c9118c47536a261c09c0b41bc0e23afd7835
GET /6579dd0b5f9a54376d296915/6603101ade570b07f0fb6625_android-chrome-256x256.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 23799
date: Wed, 27 Mar 2024 20:08:04 GMT
last-modified: Tue, 26 Mar 2024 18:12:44 GMT
etag: "be212a5e042601dc68e0f32a847200c6"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: pg2ITmulUFtSq7BILLtMnJCMACcJ5rTM
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 3499550
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: Z7jHSY4PefyO46Mm9WO3UdT3cF54YvFMLEITA0dBQ0_O9En2FhgNlw==
X-Firefox-Spdy: h2
|
|
| google.com/pagead/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 | 142.250.74.142 | 200 OK | 0 B |
URL POST HTTP/2google.com/pagead/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 IP142.250.74.142:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pagead/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 07 May 2024 08:13:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png | 3.164.240.122 | | 1.3 kB |
URL assets-global.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png IP3.164.240.122:0
CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash966e794cd99e0b0b48cd4df13cdc04a5 e9991ef20a57050b15de683d873bd7490876369a c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b
GET /6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1294
date: Wed, 27 Mar 2024 20:08:04 GMT
last-modified: Tue, 26 Mar 2024 17:46:53 GMT
etag: "966e794cd99e0b0b48cd4df13cdc04a5"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: zgVWaHGriVUpkEY2ghAZ8_qygV1PEHYb
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 3499550
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: Qa1XSavLiiRe0IbEKlEvJZfO4UmqN6ORYo7Km2NHUVsZ6ZNvNCI84A==
X-Firefox-Spdy: h2
|
|
| google.com/ccm/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 | 142.250.74.142 | 204 No Content | 0 B |
URL POST HTTP/2google.com/ccm/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 IP142.250.74.142:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ccm/form-data/429191348?gtm=45be4510v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=929865009.1715069632&ec_mode=a&em=tv.1 HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.huntress.com
date: Tue, 07 May 2024 08:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS>m=45je4560h2v9122196611z89171248136za200&_p=1715069631445&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=373740736.1715069633&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715069632&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&dt=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3507 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS>m=45je4560h2v9122196611z89171248136za200&_p=1715069631445&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=373740736.1715069633&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715069632&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&dt=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3507 IP216.239.32.36:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-GCTMBVFESS>m=45je4560h2v9122196611z89171248136za200&_p=1715069631445&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=373740736.1715069633&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1715069632&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&dt=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3507 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.huntress.com
date: Tue, 07 May 2024 08:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bat.bing.com/bat.js | 204.79.197.237 | 200 OK | 13 kB |
IP204.79.197.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (46429), with no line terminators Hash72bca04fd669eb89fc65d59052d0fc00 27e60aef86f0cb1b2f6b6ed9df9a4e3ba88efd21 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13261
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ranges: bytes
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EEF0B7D8C482458499DAC072FF9A387E Ref B: OSL30EDGE0111 Ref C: 2024-05-07T08:13:53Z
date: Tue, 07 May 2024 08:13:52 GMT
X-Firefox-Spdy: h2
|
|
| epsilon.6sense.com/v3/company/details | 13.248.142.121 | 200 OK | 24 B |
URL GET HTTP/2epsilon.6sense.com/v3/company/details IP13.248.142.121:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.6sense.com Fingerprint1F:E9:D1:17:91:2F:85:0D:F6:B2:5A:FD:91:F5:B1:71:B2:0B:33:B2 ValiditySun, 31 Mar 2024 00:00:00 GMT - Tue, 29 Apr 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash0c5dad92482d9a7c7c253510f5082465 534b458f99b4d0bb90c2cf2c4bb3703ef44a52bf 5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
OPTIONS /v3/company/details HTTP/1.1
Host: epsilon.6sense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-6s-customid
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
server: nginx
x-trace-id: 2768863816447745214
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
access-control-expose-headers: X-6si-Region
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization,x-6s-customid
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js | 143.204.55.14 | | 22 kB |
URL rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js IP143.204.55.14:0
File typegzip compressed data, from Unix Hash484f444c41e25481d20de82b4193c791 62c213a0795642e47000872e3d82a74af7432ae5 caa272acfa2c3b87c21268389fe3ec8ce83a6ef0a07ffbb6a540d36ce5f91bec
GET /core/assets/js/runtime~main.23dacaf3.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:52 GMT
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
etag: W/"7bebf8444c728503329344c5817cc4e6"
x-amz-server-side-encryption: AES256
x-amz-version-id: pIvWjpmnkFEOPFn4Wb5jKsJCJYLlBZpR
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 45
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nYw_vIEng68ZL9R84TgCCHPNqg2uBLfYAAOf4zxqdFUR0JCOMagjIw==
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.163 | 200 OK | 206 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 06:36:16 GMT
expires: Wed, 07 May 2025 06:36:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 5857
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=373740736.1715069633>m=45je4560h2v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1746904562 | 142.250.74.163 | | 42 B |
URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=373740736.1715069633>m=45je4560h2v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1746904562 IP142.250.74.163:0
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=373740736.1715069633>m=45je4560h2v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1746904562 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 08:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/19.6f85b843.chunk.js | 143.204.55.14 | | 5.4 kB |
URL rc-widget-frame.js.driftt.com/core/assets/js/19.6f85b843.chunk.js IP143.204.55.14:0
File typegzip compressed data, from Unix Hash02319115fa1182a8a0a3950be6d774fb b42b46cfbbbf3729dca0fd3270464d5f6ccecb80 dc751d09eaff4f09bdd30dee317d82369d72de96c017f0c16ebb1a82d2761d13
GET /core/assets/js/19.6f85b843.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:04 GMT
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
x-amz-server-side-encryption: AES256
x-amz-version-id: oPn0z7U5uG2uIz4eC8eptCfl0SS6jCFv
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 20
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tvbEgUq30A93qmAoikvy-HqZIJl43ysSNgI4lNVGZCWP8k4-NCzKug==
X-Firefox-Spdy: h2
|
|
| cdn.neverbounce.com/widget/dist/NeverBounce.js | 54.230.111.89 | 200 OK | 49 kB |
URL GET HTTP/2cdn.neverbounce.com/widget/dist/NeverBounce.js IP54.230.111.89:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectneverbounce.com FingerprintAA:14:38:26:16:0D:C2:06:23:FA:67:31:6D:06:B4:73:35:3A:18:67 ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 25 Feb 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators Hash0b97937e5330c729bc253b8e1029b125 2dbc072b6d7c9f74b40635a44378287a66349a77 6f3a0f414871ec7e892077618750d081ca665f9a02fcd609a5f9c7a557c77fa3
GET /widget/dist/NeverBounce.js HTTP/1.1
Host: cdn.neverbounce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 02 Mar 2020 18:37:33 GMT
server: AmazonS3
content-encoding: gzip
date: Tue, 07 May 2024 03:18:59 GMT
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EeDlBb9ZUmdt43yxeVIMbNwSjI41ZiZzqKdO93tgQxRMAziYHSMBAg==
age: 17694
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22timeSpent%22%3A%221031%22%2C%22totalTimeSpent%22%3A%222070%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22timeSpent%22%3A%221031%22%2C%22totalTimeSpent%22%3A%222070%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A53%20GMT%22%2C%22timeSpent%22%3A%221031%22%2C%22totalTimeSpent%22%3A%222070%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "5e502810-2b"
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:54 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:54 GMT
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/28.e29661b2.chunk.css | 143.204.55.14 | 200 OK | 561 B |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/28.e29661b2.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (561), with no line terminators Hash5847d5731c3141aa511411d6c66a193c 3512b4c00cdca627ce16257b360fffeff2ea9a83 d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39
GET /core/assets/css/28.e29661b2.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 561
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
etag: "5847d5731c3141aa511411d6c66a193c"
x-amz-server-side-encryption: AES256
x-amz-version-id: yOY99EI9PDEu6PYQSPkvCce7eoR8ev5W
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 30
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wh9nKRqmrVkRiZQt-BK9U-eOL3ch4et55WSDXGuERSo0OOgIihR-zw==
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css | 142.250.74.163 | 200 OK | 25 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeASCII text, with very long lines (56412), with no line terminators Hash2c00b9f417b688224937053cd0c284a5 17b4c18ebc129055dd25f214c3f11e03e9df2d82 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 15:37:51 GMT
expires: Tue, 06 May 2025 15:37:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 59763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/49.f7274268.chunk.js | 143.204.55.14 | 200 OK | 247 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/49.f7274268.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size247 kB (247426 bytes) Hash6b73924fb4f6ac476c1f48024223a355 e401c8b1c9b6b2c428d06423dab012f703a962d5 c60ace8da4d3a63d55d67a48b4309f61b19ff0cecdee4062db4ae586727d0a31
GET /core/assets/js/49.f7274268.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Tue, 19 Mar 2024 17:28:54 GMT
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
x-amz-server-side-encryption: AES256
x-amz-version-id: 2WNnvzoyjRNX5AbsVjt1SGOXrEQcQ1Da
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 23
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xrwtTnCw9KoKJIaaBpZDDUqrJe3mOjaNiXORWC7I2IvLR9V1OV0Vvg==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/4.07aa08a5.chunk.css | 143.204.55.14 | 200 OK | 208 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/4.07aa08a5.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7569) Size208 kB (207653 bytes) Hash87590c4073287d5ad77177cfcdec3b9d 77883bade9712d06821f96c361fc7613eea7f9a6 0ce0dc2a5b52f6840fb6dd8b577c471692029071208be353a1ee185a23a0a651
GET /core/assets/css/4.07aa08a5.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Tue, 05 Mar 2024 20:17:48 GMT
etag: W/"189aeffd571884559dababa22c66d75a"
x-amz-server-side-encryption: AES256
x-amz-version-id: nX2nlMvVeK4ZVkz8fnS9kpSVjFagwqZ5
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
x-envoy-upstream-service-time: 17
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TUiYLz_VePWsnJNLdg1AaifJEolzdYgukLuAdD0tcWqCiGXLrkPSJg==
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:04 GMT
expires: Sat, 03 May 2025 16:31:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 315770
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js | 143.204.55.14 | | 24 kB |
URL rc-widget-frame.js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js IP143.204.55.14:0
File typegzip compressed data, from Unix Hash0ceadece94249dcae6a01ab2a2f188a5 a71edaf4b242f6134d4aa3fa582e4db84f0a12b3 d9f0b7f39ac58f7526764db3e96790ef9bade5ac1070bf04878a170458fc4e73
GET /core/assets/js/33.ae4de0a0.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"db0cd5b66c52523e10b87a0c8a2db182"
x-amz-server-side-encryption: AES256
x-amz-version-id: PUG2tPuHbg6UXU15H37d6Lifu.5b8Act
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bKl0JE-cuyjoYNij2if7w9HalZ2Z4MY3OKnK9V-u6pfLFhTZjLEDtA==
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/api2/logo_48.png | 142.250.74.163 | 200 OK | 2.2 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/api2/logo_48.png IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hashef9941290c50cd3866e2ba6b793f010d 4736508c795667dcea21f8d864233031223b7832 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 00:37:29 GMT
expires: Fri, 10 May 2024 00:37:29 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 372985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/22.6b9a301a.chunk.js | 143.204.55.14 | 200 OK | 10 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/22.6b9a301a.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hashf609e371af5a1ff0693d633162807eeb 530586970a5c3945b29d982ec6375b0f52fe8716 dabdb4460f6efc6bb8cfa4048407fa317dd31783c44e08803b954c67dd62bc87
GET /core/assets/js/22.6b9a301a.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:04 GMT
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
x-amz-server-side-encryption: AES256
x-amz-version-id: 3HD5h0_dxshKSgLaoxolAx3HXOCoWagz
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 21
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V9do87UMGaeVY9KH25fttjKlM1tyCkxJg_zxGQ6JESBukGgdLLFcsw==
X-Firefox-Spdy: h2
|
|
| bootstrap.api.drift.com/widget_bootstrap/ping/v2 | 3.94.218.138 | 200 OK | 208 B |
URL POST HTTP/2bootstrap.api.drift.com/widget_bootstrap/ping/v2 IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash45ff0a7146f0e5c3afd17c31c28beeb8 cf4d727bc773dfc82c5e49ec38811c362cb518d7 facf8de270be69de3d2a6fc877d6bbf24baacdeb6f8c5b39a4ac4853bcc096bb
POST /widget_bootstrap/ping/v2 HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 162
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:55 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 1867e2bcc597c54c
vary: Accept-Encoding
content-length: 208
x-envoy-upstream-service-time: 2
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css | 142.250.74.163 | 200 OK | 25 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeASCII text, with very long lines (56412), with no line terminators Hash2c00b9f417b688224937053cd0c284a5 17b4c18ebc129055dd25f214c3f11e03e9df2d82 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 15:37:51 GMT
expires: Tue, 06 May 2025 15:37:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 59764
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css | 143.204.55.14 | 200 OK | 234 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typegzip compressed data, from Unix Size234 kB (233486 bytes) Hash8bfb31fde1c21350aa3898956bd625db 3b0f58841b8c2687bf82b3452279f6f408cfcfd3 7059d9c4f0dba4fe9187ab1ecb80a35fdb8f7a370daa6437b7038b44d539fc7b
GET /core/assets/css/8.98b34517.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
etag: W/"82429fd1682dcb60e14996ad58a35a4f"
x-amz-server-side-encryption: AES256
x-amz-version-id: iNKtCZtb69S5Xg2ti_W3KaKTIlBxoqLp
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: soPi9QSaN_oLrV-56rgJKQaLwAJRh91T2PP19qUE83umL0U0MkN35Q==
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m | 142.250.74.132 | 200 OK | 110 B |
URL GET HTTP/3www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m IP142.250.74.132:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hash284b36421a1cf446f32cb8f7987b1091 eb14d6298c9da3fb26d75b54c087ea2df9f3f05f 94ab2be973685680d0be9c08d4e1a7465f3c09053cf631126bd33f49cc2f939b
GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 07 May 2024 08:13:54 GMT
date: Tue, 07 May 2024 08:13:54 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| metrics.api.drift.com/monitoring/metrics/widget/init/v3 | 3.94.218.138 | 200 OK | 25 B |
URL POST HTTP/2metrics.api.drift.com/monitoring/metrics/widget/init/v3 IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash61228f8f544358e9ea1f463f01b5853c 582766f30c82dc2df6938c8e16455fa5e329afb1 f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
POST /monitoring/metrics/widget/init/v3 HTTP/1.1
Host: metrics.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 549
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:55 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 3a939f74c16dea36
vary: Accept-Encoding
content-length: 25
x-envoy-upstream-service-time: 13
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224074%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224074%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224074%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:56 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:56 GMT
X-Firefox-Spdy: h2
|
|
| 5092804-4.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 | 107.22.248.170 | | 0 B |
URL 5092804-4.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 IP107.22.248.170:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 HTTP/1.1
Host: 5092804-4.chat.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rc-widget-frame.js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nGTVdGVcyhIg6zAazQTp4A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 07 May 2024 08:13:56 GMT
Connection: upgrade
cache-control: max-age=0, private, must-revalidate
sec-websocket-accept: 05UdUFI1Sva34QPfGDt9T5ltiNA=
server: Cowboy
upgrade: websocket
|
|
| event.api.drift.com/track | 3.94.218.138 | 200 OK | 13 B |
URL OPTIONS HTTP/2event.api.drift.com/track IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash1424eb76249899d757e4d168341a50dc 42101e71440abd46c8112a96d4d5c0dd445120ce 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /track HTTP/1.1
Host: event.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://rc-widget-frame.js.driftt.com/
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:56 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift4abf2fb47218f69d1545afa3c47
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| event.api.drift.com/track | 3.94.218.138 | 200 OK | 583 B |
URL OPTIONS HTTP/2event.api.drift.com/track IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash7c5e7bbd4b87afa63c841087c7944507 08e78274ad019498e65961f49be3a5969c8bd8b8 5b8deb1c2c21cfc02711e1e3026741f4b6cd6facf8678f6d480389bd427a148a
POST /track HTTP/1.1
Host: event.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTgzNDYxNzk3OCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjUwOTI4MDQiLCJleHAiOjE3NDY2MDU2MzUsImlhdCI6MTcxNTA2OTYzNX0.HBi7_tQWvmGSIg9srF8bwLpLk1K5D9n_niSgyJI7fz1xPTotnY4mq4uvO9zLWO2DTFWeNKyyb87PMgOE42vy-g
Content-Length: 428
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:56 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 7154c1cc3193b718
content-length: 583
x-envoy-upstream-service-time: 1
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225075%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225075%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225075%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:57 GMT
X-Firefox-Spdy: h2
|
|
| presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 | 54.85.240.191 | | 0 B |
URL presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 IP54.85.240.191:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 HTTP/1.1
Host: presence.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rc-widget-frame.js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mWANSt102yUyjbbRA+Dqkw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
cache-control: max-age=0, private, must-revalidate
connection: Upgrade
date: Tue, 07 May 2024 08:13:56 GMT
sec-websocket-accept: r8C+wEirI07tfZ8m5LlbkS8GH6I=
server: Cowboy
upgrade: websocket
|
|
| js.driftt.com/deploy/assets/static/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 54.230.111.73 | 200 OK | 11 kB |
URL GET HTTP/2js.driftt.com/deploy/assets/static/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP54.230.111.73:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com Fingerprint8D:87:63:40:81:FD:69:E6:E5:7B:1B:D8:C5:49:BB:2A:A5:0B:A2:EE ValidityTue, 15 Aug 2023 00:00:00 GMT - Wed, 11 Sep 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11028, version 1.0 Hash1f6d3cf6d38f25d83d95f5a800b8cac3 279f300ca2cbbdf9f5036ef2f438607fbf377daa 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
GET /deploy/assets/static/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: binary/octet-stream,font/woff2
content-length: 11028
server: istio-envoy
date: Sun, 31 Mar 2024 17:38:25 GMT
last-modified: Fri, 03 Mar 2023 19:55:17 GMT
etag: "1f6d3cf6d38f25d83d95f5a800b8cac3"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
cache-control: max-age=31536000
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 52
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KIswpFh8_3Of-3DUK9Wurd-yDiqrhofqhX6l9og5mHXewm-ZKHzFjg==
age: 3162932
X-Firefox-Spdy: h2
|
|
| js.driftt.com/deploy/assets/static/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 | 54.230.111.73 | | 11 kB |
URL js.driftt.com/deploy/assets/static/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 IP54.230.111.73:0
CertificateIssuerAmazon Subjectdrift.com Fingerprint8D:87:63:40:81:FD:69:E6:E5:7B:1B:D8:C5:49:BB:2A:A5:0B:A2:EE ValidityTue, 15 Aug 2023 00:00:00 GMT - Wed, 11 Sep 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11040, version 1.0 Hash5e22a46c04d947a36ea0cad07afcc9e1 6091d981c2a4ee975c7f6b56186ee698040bb804 0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
GET /deploy/assets/static/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: binary/octet-stream,font/woff2
content-length: 11040
server: istio-envoy
date: Thu, 25 Apr 2024 01:42:17 GMT
last-modified: Fri, 03 Mar 2023 14:31:39 GMT
etag: "5e22a46c04d947a36ea0cad07afcc9e1"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
cache-control: max-age=31536000
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 52
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AALEH-dFY-3G35Wnov5acEzY_NI6Avxz8UAQEVCXvW9r2S1obyCttQ==
age: 1060300
X-Firefox-Spdy: h2
|
|
| metrics.api.drift.com/monitoring/metrics/event3/bulk | 3.94.218.138 | 200 OK | 25 B |
URL POST HTTP/2metrics.api.drift.com/monitoring/metrics/event3/bulk IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash61228f8f544358e9ea1f463f01b5853c 582766f30c82dc2df6938c8e16455fa5e329afb1 f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
POST /monitoring/metrics/event3/bulk HTTP/1.1
Host: metrics.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 996
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:57 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: fdc27fa8f44a92f1
vary: Accept-Encoding
content-length: 25
x-envoy-upstream-service-time: 12
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226076%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226076%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226076%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "5e502810-2b"
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:58 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%227080%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%227080%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A58%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%227080%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "615ccf10-2b"
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:59 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%228083%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%228083%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A59%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%228083%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:00 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:00 GMT
X-Firefox-Spdy: h2
|
|
| metrics.api.drift.com/monitoring/metrics/add/bulk/v2 | 3.94.218.138 | 200 OK | 25 B |
URL POST HTTP/2metrics.api.drift.com/monitoring/metrics/add/bulk/v2 IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash61228f8f544358e9ea1f463f01b5853c 582766f30c82dc2df6938c8e16455fa5e329afb1 f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
POST /monitoring/metrics/add/bulk/v2 HTTP/1.1
Host: metrics.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 869
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 08:14:00 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 27a331ab008dee27
vary: Accept-Encoding
content-length: 25
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%229086%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%229086%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A00%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%229086%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f020a0-2b"
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:01 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:01 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%2210088%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%2210088%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%2210088%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "5e502810-2b"
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:02 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:02 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2213091%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2213091%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A02%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2213091%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "5e502810-2b"
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:05 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:05 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2216093%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2216093%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A05%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2216093%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:08 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:08 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2219096%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2219096%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A08%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2219096%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "60bb2e15-2b"
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:11 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2222099%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2222099%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A11%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2222099%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "60bb2e15-2b"
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:14 GMT
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2225102%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2225102%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A14%20GMT%22%2C%22timeSpent%22%3A%223003%22%2C%22totalTimeSpent%22%3A%2225102%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "615ccf10-2b"
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:17 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:17 GMT
X-Firefox-Spdy: h2
|
|
| location.services.mozilla.com/v1/country?key=no-mozilla-api-key | 44.240.56.209 | | 48 B |
URL location.services.mozilla.com/v1/country?key=no-mozilla-api-key IP44.240.56.209:0
Hash94bc553225a6cddab963f4053273b388 57ffc8bd333dfe0bf3a05a5945ee15f9c15b0672 977bc9f6239939e6e0a2682325098f1bf0109e1450f040536670acf0f8798cb6
GET /v1/country?key=no-mozilla-api-key HTTP/1.1
Host: location.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none'; report-uri /__cspreport__
Content-Type: application/json
Date: Tue, 07 May 2024 08:14:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Length: 48
Connection: keep-alive
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2228104%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | | 43 B |
URL b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2228104%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:0 ASN#20940 Akamai International B.V.
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A14%3A17%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2228104%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "615ccf10-2b"
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:14:20 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:14:20 GMT
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/24.24e43c3b.chunk.js | 143.204.55.14 | 200 OK | 51 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/24.24e43c3b.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (51340), with no line terminators Hash390d4b78f4c738295b7974aca941d031 9d5fc5e50d9c16cc2223acefeaba36df18aab90a eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367
GET /core/assets/js/24.24e43c3b.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"390d4b78f4c738295b7974aca941d031"
x-amz-server-side-encryption: AES256
x-amz-version-id: J3Ynz_VL_Xe.kEj4VqPxsio5dIqXBI10
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 20
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x721bAG4d3vT9_85QJTzur9m-g_VHeigzlW11NprviyScSHvlv2nmw==
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e666a54d-ff29-48f9-9baa-2be6ac05412e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22959%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e666a54d-ff29-48f9-9baa-2be6ac05412e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22959%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=s_update&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e666a54d-ff29-48f9-9baa-2be6ac05412e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%22959%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "5e502810-2b"
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/14.e24a6190.chunk.js | 143.204.55.14 | 200 OK | 93 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/14.e24a6190.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash16d7ae86e21434a32157d3226ac9bb77 6eaa4577efa2568aa7752b00aa42523bda14ca95 6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
GET /core/assets/js/14.e24a6190.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:03 GMT
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
x-amz-server-side-encryption: AES256
x-amz-version-id: MSOO4CzPmDMXrMMjXgn_wCL8w0zwR918
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 22
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KkOETlabwOla4b0TpesDBd88dNhENBp1113DfkGEwfR6wphOtaj-Ww==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/3.bbe0e1fa.chunk.js | 143.204.55.14 | 200 OK | 24 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/3.bbe0e1fa.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (24548), with no line terminators Hashb394f9cf6fe473cdb6852b332234aa52 0fbb71e9d746bfe0f3edf4329231e8b2573e664c ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0
GET /core/assets/js/3.bbe0e1fa.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"b394f9cf6fe473cdb6852b332234aa52"
x-amz-server-side-encryption: AES256
x-amz-version-id: pHxDHN0IINa0RNuxMPvQ8pBn4Eg1GWSc
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fHwxzHqLIGU-tM4unn0iZiOjV1WxyyjocdGFDwHLaFebEzNUb-aHcw==
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223072%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223072%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A54%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223072%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&an_uid=-1&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f02dad-2b"
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:55 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:55 GMT
X-Firefox-Spdy: h2
|
|
| hubspotonwebflow.com/api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9 | 76.76.21.61 | 200 OK | 47 B |
URL GET HTTP/2hubspotonwebflow.com/api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9 IP76.76.21.61:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthubspotonwebflow.com Fingerprint38:B7:60:3C:B5:3B:2D:6B:25:E2:90:D9:F1:41:B8:F8:2F:AF:6A:BE ValidityMon, 06 May 2024 22:48:06 GMT - Sun, 04 Aug 2024 22:48:05 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash92b0ac52eb3a4a3a7aa65224abcf9105 559923772a67b0808357cbafad1c4b85f1fbb637 8d57e2de20c17fd1d44666ee75ea22ba15abd3c5127812b84e8179911bb52261
GET /api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9 HTTP/1.1
Host: hubspotonwebflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: application/json
date: Tue, 07 May 2024 08:13:55 GMT
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
x-vercel-execution-region: iad1
x-vercel-id: arn1::iad1::s8zjv-1715069634943-2f72f54dfcd9
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve | 142.250.74.132 | 200 OK | 45 kB |
URL GET HTTP/3www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve IP142.250.74.132:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (36644) Hash9a9c9ef8f8b8c321760190955c64075d 24bc0e18ddc777001714686d5f7c467153554d7b 328a2113509e590510b73dd2f4c5395bd4d9eb7fbebe540b857a28fa8ea6ac6c
GET /recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 08:13:54 GMT
content-security-policy: script-src 'nonce-SoUiSceimqFLqmFdH9O2CQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware | 143.204.55.14 | 200 OK | 1.5 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware IP143.204.55.14:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1636), with no line terminators Hash7b235b5a3e624982a6048e922a32f706 39598a436aa9eec7600833e7de8622c3044ffe79 4f5950cbfc2168a841ac08a4d8d1d49dade51645b594ccc254c8b2029e9cf24a
GET /core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
server: istio-envoy
last-modified: Mon, 21 Aug 2023 14:57:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-envoy-upstream-service-time: 22
date: Tue, 07 May 2024 08:13:52 GMT
cache-control: no-cache
etag: W/"6a5cea74d414ec151635bd2880abb1c3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XVeyfe3L_cXBpzZly_kb0vmrjP2SDwT_0RWWHhN678DvfozuowppmQ==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/25.915ff314.chunk.js | 143.204.55.14 | 200 OK | 48 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/25.915ff314.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (48053), with no line terminators Hash12bceaba2da6c30ab2a0aacbde681b0c 4460ae72fb30b1319ed6b37880b4a42ac80ce819 e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c
GET /core/assets/js/25.915ff314.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"12bceaba2da6c30ab2a0aacbde681b0c"
x-amz-server-side-encryption: AES256
x-amz-version-id: qod1m4nnLfUgaMaxljkZuFfY2SywXHfx
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 16
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KJHVne08srUSt5i5XCvtIcBNriVqld3O98dbPLG1Z53UyupdATN-oQ==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/16.890a0911.chunk.js | 143.204.55.14 | 200 OK | 94 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/16.890a0911.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash52b055a08e59141b8f7b7947c7d7ab69 d7b5044f24cb8297e8369206024f747484a6c2a2 860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2
GET /core/assets/js/16.890a0911.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"52b055a08e59141b8f7b7947c7d7ab69"
x-amz-server-side-encryption: AES256
x-amz-version-id: 2cJi_0AtsucvWstmkbj3mO1t8SiuDMru
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 19
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: siGLJ3yNRp_HsJiDuijIISqhgT6i6MdCJIvmrvw9a2y69cRAWF3g9A==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/17.413337a8.chunk.js | 143.204.55.14 | 200 OK | 41 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/17.413337a8.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (41159), with no line terminators Hash4aea30e551ee7f04a564c0408c291306 8a11672b20991e181c119bcf712fd8337cb8358c 10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508
GET /core/assets/js/17.413337a8.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"4aea30e551ee7f04a564c0408c291306"
x-amz-server-side-encryption: AES256
x-amz-version-id: Ud1ylpzTdwt3qfnkRXUYob2T_ovQMI1N
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 20
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q5kCXQ3IWLbqYWFmVYOFRVSpRJmhWN84ebWJXbJH2Rji6nd8OmcG0w==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg | 3.164.240.122 | 200 OK | 17 kB |
URL GET HTTP/2assets-global.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash1b58a7f9d25209475f7150623a7b9993 3ace170a8e9949577fe3f7c37f6b54b2c0038b7f 3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db
GET /655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
date: Mon, 15 Jan 2024 08:44:23 GMT
last-modified: Wed, 22 Nov 2023 10:49:38 GMT
etag: W/"1b58a7f9d25209475f7150623a7b9993"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: ll9DT5jxvCo6dqqJTOhzWIKk94gBwQHc
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 9761370
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: Q9oRDCI4GxwUTHtNnT5tKBFBrG7CwksQMcssd0TNZKHLM2cGXrIwlg==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/35.3cdf48ae.chunk.css | 143.204.55.14 | 200 OK | 16 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/35.3cdf48ae.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (16509), with no line terminators Hashac16e52f547ce8f3de32d9d7d591c2c0 68cfe24a85b3c242e200879bc57b17ce972af3bd 1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85
GET /core/assets/css/35.3cdf48ae.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
etag: W/"ac16e52f547ce8f3de32d9d7d591c2c0"
x-amz-server-side-encryption: AES256
x-amz-version-id: V1yopT2bXZUj.CNczvGqS7_vfWAIiP2A
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
x-envoy-upstream-service-time: 19
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2DkjbQiDTlzrVIYTXVfsMPTggpHdRRfV4lchOfOZLXyvFWaSg9JpaA==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/9.4a3e9801.chunk.js | 143.204.55.14 | 200 OK | 36 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/9.4a3e9801.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (35552), with no line terminators Hashc6f58dd3d60f07462254b842dd4f9ca1 62c507fc6cc05f9732bcd5c593f3d8d0e0a3d7e2 2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
GET /core/assets/js/9.4a3e9801.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:05 GMT
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
x-amz-server-side-encryption: AES256
x-amz-version-id: o_HxdNhY.AuRUWdVl_PNLVH4Bm_dc6QU
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 15
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CXHca-NO_T6xmWFoNC8WnZlR3sY1QFQ_2yZKLsqR92ECTIUthymrDw==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/20.8c21ea18.chunk.js | 143.204.55.14 | 200 OK | 76 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/20.8c21ea18.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash6d77a76055d81227033363af2f18caf8 b1b94517954f8f8889a0822886dea6f5ad7c931f 19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
GET /core/assets/js/20.8c21ea18.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:04 GMT
etag: W/"6d77a76055d81227033363af2f18caf8"
x-amz-server-side-encryption: AES256
x-amz-version-id: a1FK3UiYz4Hx_bwhsLGFppeiYk6BxYHJ
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 25
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aAF92Af3TWpOztZm1tGVY8fiLGL3FrwCM-LgKQ8a2r19WQgrId9DIw==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js | 143.204.55.14 | 200 OK | 64 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (63529), with no line terminators Hash02f09379c544befa413d22eb57ed41de 156ff3fbf28d890eb0f79754e436ac3a66b3de24 e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
GET /core/assets/js/18.9c1bd1fb.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:04 GMT
etag: W/"02f09379c544befa413d22eb57ed41de"
x-amz-server-side-encryption: AES256
x-amz-version-id: 7sz9cdggYq7jKF7xTKydG4KJquVrsP5m
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 59M3JGe-8wv0uFeAxDtEaoeH6Ydg0cakhUlGeEUUaBuJaCzL51u9IA==
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 | 143.204.55.45 | 200 OK | 18 kB |
URL GET HTTP/2assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 IP143.204.55.45:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 18124, version 1.0 Hashb62b51b8a8a1c83c200a484a4149c151 a044fab160a6a50634bd7bcf12843eac7fcfb821 ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 18124
date: Mon, 12 Feb 2024 22:57:28 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
etag: "b62b51b8a8a1c83c200a484a4149c151"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: SgNlIeK2CMt3IfgkJzcYPm6BQJFO8VdG
accept-ranges: bytes
server: AmazonS3
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 7290984
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: i8Fb2tIWS4lKG8yuCE7P4AamfSJ60_RmerC-_UhJml2HsNOIBDdhiQ==
X-Firefox-Spdy: h2
|
|
| assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf | 143.204.55.45 | 200 OK | 56 kB |
URL GET HTTP/2assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf IP143.204.55.45:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeTrueType Font data, 16 tables, 1st "GDEF", 44 names, Microsoft, language 0x409 Hash541d84af93ed55a92a75644198c26ca5 882e215b190437942dfeb921d8e693c0715bb255 0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf HTTP/1.1
Host: assets.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-font-ttf
date: Thu, 28 Dec 2023 15:55:33 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: W/"541d84af93ed55a92a75644198c26ca5"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: quM.7z1k_e9xiPUszqLumStS9j4JLmMp
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
age: 11290699
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ExIJe-A3p3xv9CmTDWUNvCYlhH0aCyzjgVusSsskNi10f0GbNPoElQ==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/8.5fdda827.chunk.js | 143.204.55.14 | 200 OK | 83 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/8.5fdda827.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashf78079aaffe016efb8ec35b9fbb9f42f 4317f808cbf21ce975a0006c6590f5df07ea4d97 e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430
GET /core/assets/js/8.5fdda827.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:26 GMT
etag: W/"f78079aaffe016efb8ec35b9fbb9f42f"
x-amz-server-side-encryption: AES256
x-amz-version-id: s5Gs7OuwDj2F26kpSyydH_032jxZE3YX
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 22
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: r0-TqQxBp4YDlQL82ySCHCz-bzqO5ljLUL9hDU4u5Zs5l3W16u9QQA==
X-Firefox-Spdy: h2
|
|
| tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware&e= | 104.18.43.31 | 200 OK | 958 B |
URL GET HTTP/2tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware&e= IP104.18.43.31:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint58:6C:CC:72:DD:68:AC:24:54:39:71:63:4C:44:B9:50:83:2C:0E:9B ValidityMon, 24 Jul 2023 00:00:00 GMT - Tue, 23 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (990), with no line terminators Hash2c6668ad3525679b40234eba8fab38e7 f85edd65af630995a4c56ab0c5df3aca5bd3e4a9 94893152c509bc4224e3c7940fa4ac3da8b0251d3c320a1f5e7867399bb9897c
GET /attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware&e= HTTP/1.1
Host: tracking.g2crowd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
etag: W/"14c59924cdca7796d9578872e6933998"
x-request-id: 71e63c34-0123-4377-b2dc-30be12a3d67d
x-runtime: 0.007090
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
vary: Origin
cf-cache-status: DYNAMIC
set-cookie: _session_id=2e340e290a6a0f042ebc8b91412de44d; path=/; expires=Tue, 21 May 2024 08:13:52 GMT; HttpOnly; secure; SameSite=None
__cf_bm=86mLMFaguq6H9BH1QDH1pkDLfbNaHhD6fGM3SW7c9zU-1715069632-1.0.1.1-rpOe_Ozh_on3sd2iyCpb_1FEfMEVv1GFFvFAFO411tvLiLWXCwz_LrB9vJdU11kPjJJlzNAl4dYAXtu50usMoA; path=/; expires=Tue, 07-May-24 08:43:52 GMT; domain=.g2crowd.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87ffc0d39b63b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/27.3951aad8.chunk.js | 143.204.55.14 | 200 OK | 68 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/27.3951aad8.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash5b2b6d0508fe18c3efb6bcd6249fd4e1 90c9faf7b629842a0f3a7633bc5713d741c46578 e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
GET /core/assets/js/27.3951aad8.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Sat, 02 Sep 2023 21:37:07 GMT
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
x-amz-server-side-encryption: AES256
x-amz-version-id: PLRwkxTy0W_1o8rwzVQG6XR9UyxAvjNh
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Hzqq8ybT0nXeG1asPs1xGOxJ_8zs0ZduJFAayZile4d-WiXzYd2MSA==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/21.b8c41db9.chunk.js | 143.204.55.14 | 200 OK | 17 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/21.b8c41db9.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (17003), with no line terminators Hash65e5c965272e021ae33ff8bc39565ef5 c5a2c0cdf9c821b6ee43a1eeb52680ffeea15557 b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
GET /core/assets/js/21.b8c41db9.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:04 GMT
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
x-amz-server-side-encryption: AES256
x-amz-version-id: ji17FJEqDE74ztAsEDdWlZiRc9r_AyZJ
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 22
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rbF17DpiBlHy74TixDTb9vCnp1HQ4S0ns45U0pXN5V5EcJtjvY4oWw==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js | 143.204.55.14 | 200 OK | 12 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (11808), with no line terminators Hashb0793fa46e8c0ae1846b7be8a833da35 5c97555ff1e0b97829e7f1d054b44f6c55b5ae97 bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
GET /core/assets/js/40.31ef8dbf.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Tue, 19 Mar 2024 17:28:54 GMT
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
x-amz-server-side-encryption: AES256
x-amz-version-id: 2x2HYHfsdFgLd3j1V3M6isFgLxEJGAUP
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 20
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sUXuL-omfAaQrtHNYp481o4XIEr7k24mTG4lrq1nitVZTiW5yWJvZQ==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css | 143.204.55.14 | 200 OK | 11 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (11317), with no line terminators Hash0842e637a23acc114afbb6195c984564 8a773893138ff633092829a20a0b03806370f482 0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf
GET /core/assets/css/26.5208cc6b.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
etag: W/"0842e637a23acc114afbb6195c984564"
x-amz-server-side-encryption: AES256
x-amz-version-id: SrCjVsE3413g5wEL9F8CX8IFIQaqzFVz
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9SICClNcUklt2oInpiBbia4kfUgiLSFj3I0kNnSeab6X9wuuqwgDAQ==
X-Firefox-Spdy: h2
|
|
| api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_133060 | 44.218.103.148 | 200 OK | 62 B |
URL GET HTTP/2api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_133060 IP44.218.103.148:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectneverbounce.com FingerprintAA:14:38:26:16:0D:C2:06:23:FA:67:31:6D:06:B4:73:35:3A:18:67 ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 25 Feb 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hashb22d8bc630e282b3cb3dee9627f5d617 5b300b824a1f934316812e49dcd0f176b17072e1 a378be8236c99567bae4454df49d328bb2a3c2b2e1b0d3c1663f9aacb8ed9212
GET /v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_133060 HTTP/1.1
Host: api.neverbounce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:53 GMT
content-type: application/javascript
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
x-ua-compatible: IE=Edge
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/26.69219246.chunk.js | 143.204.55.14 | 200 OK | 16 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/26.69219246.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (16190), with no line terminators Hashc41c7243f45ea540e99a3256f4942432 4a6ca42e84579ccf2be93cdf1f695cab9e845789 d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44
GET /core/assets/js/26.69219246.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"c41c7243f45ea540e99a3256f4942432"
x-amz-server-side-encryption: AES256
x-amz-version-id: xHgUeRJlJNXFuOCOFJ6VHVB_xDcgAWBV
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 17
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: g9Wb0dKWf_mErYVokZii2LUeYPGj3vR4zlYMfKfuqt43ozywOtLR3Q==
X-Firefox-Spdy: h2
|
|
| 5092804-4.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 | 107.22.248.170 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.15092804-4.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 IP107.22.248.170:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectwschat.api.drift.com Fingerprint92:80:84:E9:D1:51:EC:08:3C:05:7D:7B:E6:2A:F5:75:C2:A9:0C:A8 ValidityFri, 15 Dec 2023 00:00:00 GMT - Sun, 12 Jan 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTA5MjgwNC0yMTgzNDYxNzk3OC00ZAAGb3JnX2lkbQAAAAc1MDkyODA0ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMjE4MzQ2MTc5NzhkAAl1c2VyX3R5cGVkAARsZWFkbgYAAM0dUo8BYgABUYA.c8cmKfodbMUqdtAt1XfF7detoHisMe6lvLtqkEMt_oA&remote_ip=18.232.245.220&vsn=2.0.0 HTTP/1.1
Host: 5092804-4.chat.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rc-widget-frame.js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nGTVdGVcyhIg6zAazQTp4A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 07 May 2024 08:13:56 GMT
Connection: upgrade
cache-control: max-age=0, private, must-revalidate
sec-websocket-accept: 05UdUFI1Sva34QPfGDt9T5ltiNA=
server: Cowboy
upgrade: websocket
|
|
| trk.techtarget.com/tracking.js | 104.18.36.196 | 200 OK | 2.9 kB |
URL GET HTTP/2trk.techtarget.com/tracking.js IP104.18.36.196:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintA5:AE:9E:D5:DF:67:36:BA:09:0D:7C:69:24:DB:25:06:70:06:84:D7 ValiditySun, 25 Jun 2023 00:00:00 GMT - Mon, 24 Jun 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3040), with no line terminators Hash141a883094e82499dba46240f81dbff9 9110c7f228e3e6570c7f3d8af15709f8a12e040c 54e6e06df886143006a0fcf227a96e59c5f4b397d12454fcd405066b17584886
GET /tracking.js HTTP/1.1
Host: trk.techtarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: text/javascript
cf-bgj: minify
cache-control: public, max-age=1200
expires: Tue, 07 May 2024 08:33:52 GMT
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
via: 1.1 google
cf-cache-status: HIT
age: 57247
set-cookie: __cf_bm=vRMMpCpglV1vOUiQgfY3lYJHjVO3uC4eBYcIlm9sL8k-1715069632-1.0.1.1-uCUREnv6R0SWO2p.GW1Sg5mnHTPwMAE8B6NNgM2g9L.FLoREeskw0BDUOzaBUJejOSuVlUVWwZKrkFVV0sC6iw; path=/; expires=Tue, 07-May-24 08:43:52 GMT; domain=.techtarget.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
server: cloudflare
cf-ray: 87ffc0d3ddf40b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/57.28dde8ce.chunk.js | 143.204.55.14 | 200 OK | 19 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/57.28dde8ce.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (18944), with no line terminators Hash3c4cd13822c0069a68e9f9c8240f5ba9 7028af5e8a39579afd06e0b945389608e5adc042 594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
GET /core/assets/js/57.28dde8ce.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:56 GMT
last-modified: Tue, 19 Mar 2024 17:28:54 GMT
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
x-amz-server-side-encryption: AES256
x-amz-version-id: 4nZRLAAKNY.hdxpRwDtafk_xxCFkq8l7
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 20
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NNn48Xr81kBO6qhFRjhtunFwrArx1ZsG5Fnlr7aNtpxcm6mD48aNOg==
X-Firefox-Spdy: h2
|
|
| assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg | 3.164.240.122 | 200 OK | 654 B |
URL GET HTTP/2assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg IP3.164.240.122:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.website-files.com Fingerprint67:3F:4A:7A:30:BF:BC:29:1A:5A:41:A8:54:BB:F4:4A:E7:ED:D9:CF ValidityMon, 11 Sep 2023 00:00:00 GMT - Tue, 08 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash736a116c2af40eda2a423f77091eeac2 5ec0b3616704bd73c9c1e860d93928e05400f502 2d6b1e95636e99da230c823db6a101eafce149b388d9ecdbf7960bb941bf7aca
GET /6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg HTTP/1.1
Host: assets-global.website-files.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.c85951d37.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 654
date: Sun, 31 Dec 2023 23:47:15 GMT
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
etag: "166c01555262c9617db663ec8a38364b"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, must-revalidate
x-amz-version-id: ZAs7majvHYt8oLX63btjRfdozrskAdOe
accept-ranges: bytes
server: AmazonS3
via: 1.1 784f462b4ee4e847ccfe44db65f51a9c.cloudfront.net (CloudFront)
age: 11003196
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: ARN53-P2
x-amz-cf-id: DBUoANBv3p0slN-YHbnbMIRlX2WlqP9fvQNnsggl43WLPKWSkd-aiw==
X-Firefox-Spdy: h2
|
|
| b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 | 95.101.10.131 | 200 OK | 43 B |
URL GET HTTP/2b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 IP95.101.10.131:443 ASN#20940 Akamai International B.V.
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subject6sc.co Fingerprint3D:B1:54:9A:0B:3C:D9:6B:22:33:1C:58:78:E6:C1:AF:51:63:FF:E5 ValidityTue, 09 Apr 2024 11:47:27 GMT - Mon, 08 Jul 2024 11:47:26 GMT
File typeGIF image data, version 89a, 1 x 1 Hashf837aa60b6fe83458f790db60d529fc9 14af87ccec7f81bb28d53c84da2fd5a9d5925cda dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=067a8780-2e3e-47dd-8522-dbe728ebd677&session=ca548964-1314-40bb-8035-d14c2c63a59d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2007%20May%202024%2008%3A13%3A52%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Join%20us%20for%20a%20threat%20hunting%20adventure%20as%20we%20analyze%20a%20suspicious%20run%20key%20that%20leads%20us%20to%20Cobalt%20Strike%20malware%20hidden%20across%20nearly%20700%20registry%20values.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&pageViewId=ab2d0d03-41f0-444f-8776-33d4640d035a&webTagId=8769192b-20ba-4df2-8d62-2740a805c3e8&v=1.1.18 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
etag: "63f03226-2b"
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
expires: Tue, 07 May 2024 08:13:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 07 May 2024 08:13:52 GMT
X-Firefox-Spdy: h2
|
|
| js.zi-scripts.com/unified/v1/master/getSubscriptions | 172.64.150.44 | 204 No Content | 0 B |
URL OPTIONS HTTP/3js.zi-scripts.com/unified/v1/master/getSubscriptions IP172.64.150.44:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectzi-scripts.com FingerprintC0:86:5D:FE:C8:AD:96:F5:D9:46:55:72:6E:0F:17:8B:4A:AE:01:1D ValidityFri, 29 Mar 2024 13:10:20 GMT - Thu, 27 Jun 2024 13:10:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /unified/v1/master/getSubscriptions HTTP/1.1
Host: js.zi-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,visited_url
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
date: Tue, 07 May 2024 08:13:55 GMT
apigw-requestid: XZBeliLzPHcESbA=
x-powered-by: Express
vary: Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
access-control-max-age: 0
x-cache: Miss from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6mynIBvmxD7xl2tDk444u_SnOeLOsnfVypGt_47udEasaESfvbXt4w==
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0e31c12b4f7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk= | 104.16.109.254 | 200 OK | 115 B |
URL GET HTTP/2forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk= IP104.16.109.254:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthscollectedforms.net FingerprintEF:89:C2:30:37:FD:9F:8F:60:29:26:CC:C6:88:74:92:2B:ED:68:5C ValidityFri, 29 Mar 2024 03:19:03 GMT - Thu, 27 Jun 2024 03:19:02 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hasha3c3c225217d7fbacd060d70c261afa7 a6506d6cefac06e578ba270ecd338a578995bdc6 1801909cf22aa06082214caf2e7fa679a22c6cd4bdb54b7d43d0d286e9421884
GET /collected-forms/v1/config/json?portalId=3911692&utk= HTTP/1.1
Host: forms.hscollectedforms.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0
x-content-type-options: nosniff
x-robots-tag: none
access-control-allow-origin: https://www.huntress.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: *
access-control-max-age: 180
x-envoy-upstream-service-time: 3
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 85f7b3df-5e37-4bd3-9f3f-d985cbbef5be
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-rl62l
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 85f7b3df-5e37-4bd3-9f3f-d985cbbef5be
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0d3befb56a4-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/28.7257241a.chunk.js | 143.204.55.14 | 200 OK | 50 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/28.7257241a.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (50262), with no line terminators Hashe737f53b0791dac4c523770b4992131c b5481823dc0043f54142a2b68fadee0c4c6075e6 f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979
GET /core/assets/js/28.7257241a.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"e737f53b0791dac4c523770b4992131c"
x-amz-server-side-encryption: AES256
x-amz-version-id: Aw7E9DaiC.0zygWe8D.HQj28dALSaXA6
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 17
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hzixZ8ZUWlVJZqXS6bgNuEfqtNvjkKZ_dP8xf-wr7Gv6eFxUh2eBZQ==
X-Firefox-Spdy: h2
|
|
| www.google.com/js/bg/tKcPQSh2okjZHiZ2jIssRExVWo45mlVHOakavsOpwK4.js | 142.250.74.132 | 200 OK | 18 kB |
URL GET HTTP/3www.google.com/js/bg/tKcPQSh2okjZHiZ2jIssRExVWo45mlVHOakavsOpwK4.js IP142.250.74.132:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeJavaScript source, ASCII text, with very long lines (17650) Hash042afc8f6dd96d8a86aca2f6239682fa c2321f6ccc366638b53be030076f7ae3807f9d53 b4a70f412876a248d91e26768c8b2c444c555a8e399a554739a91abec3a9c0ae
GET /js/bg/tKcPQSh2okjZHiZ2jIssRExVWo45mlVHOakavsOpwK4.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=3ed4ifqylzve
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7420
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 21:15:36 GMT
expires: Fri, 02 May 2025 21:15:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Apr 2024 17:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 385098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| a.quora.com/qevents.js | 0.0.0.0 | | 0 B |
IP0.0.0.0:0
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjectquora.com FingerprintB0:EF:CB:8C:1F:11:42:62:F1:35:F2:63:13:E9:7A:70:16:ED:B0:1B ValiditySun, 31 Mar 2024 16:22:00 GMT - Sat, 29 Jun 2024 16:21:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qevents.js HTTP/1.1
Host: a.quora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: text/plain
x-amz-id-2: Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
x-amz-request-id: M04HPBTPY5GDBBF5
last-modified: Thu, 28 Mar 2024 17:33:19 GMT
etag: W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: md5:87b5ecaafd0e88097cbbb1bbb7695fe9
cache-control: public, max-age=14400
x-amz-version-id: jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
cf-cache-status: HIT
age: 561721
expires: Tue, 07 May 2024 12:13:52 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ffc0d3b938568b-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/1.9d9c8c3b.chunk.js | 143.204.55.14 | 200 OK | 55 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/1.9d9c8c3b.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (54843), with no line terminators Hashbc8dde7d353b792cb424661adcff29fb 392a67d13de4ec9028585fff40412ebaa1757e6c 5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735
GET /core/assets/js/1.9d9c8c3b.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:24 GMT
etag: W/"bc8dde7d353b792cb424661adcff29fb"
x-amz-server-side-encryption: AES256
x-amz-version-id: TN5uaySIype7BWdOQeU5pFJLqRV.3qiK
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 16
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BEB6M1NXsSn9V4MmNMtvO1q6JHxnpiaGl-66LwHR8GXYog22ksvWAA==
X-Firefox-Spdy: h2
|
|
| js.hsadspixel.net/fb.js | 104.17.223.152 | 200 OK | 6.3 kB |
IP104.17.223.152:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthsadspixel.net Fingerprint89:04:B6:FD:E6:3E:5E:C8:E4:39:2D:83:6E:38:CC:9C:BE:A2:08:4D ValidityTue, 16 Apr 2024 02:15:45 GMT - Mon, 15 Jul 2024 02:15:44 GMT
File typeJavaScript source, ASCII text, with very long lines (6486), with no line terminators Hash2fd5c110e164f9577dcfdca755747394 41898cc37b5a4e5360e1bdcd96f8b60f5a027fb6 6e02ea2b70a3a7f6c680fd5b3d5d59d76e772feae57b8671d16fc5c055bb1303
GET /fb.js HTTP/1.1
Host: js.hsadspixel.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 May 2024 13:51:07 UTC
x-amz-server-side-encryption: AES256
x-amz-version-id: .jnzEtgOd9S.y9u.IH0.Nidq3hy2M7RK
etag: W/"eeced445dd619f5fac08890cddee2915"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: OADnt8M0qh-SU1_QfD4N09M3Msan5WwW0tj0RHmqpTrMWfDDHoQT-A==
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.552/bundles/pixels-release.js&cfRay=87f980408ad1b4eb-ARN
cache-control: max-age=600
x-hs-target-asset: adsscriptloaderstatic/static-1.552/bundles/pixels-release.js
x-content-type-options: nosniff
x-hs-cache-status: HIT
x-envoy-upstream-service-time: 1
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 07ceeb45-1d25-4b3e-be43-cc2e437a6f0d
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 07ceeb45-1d25-4b3e-be43-cc2e437a6f0d
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
cf-cache-status: HIT
age: 32
server: cloudflare
cf-ray: 87ffc0d018f85689-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.132 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.132:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hashee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Tue, 07 May 2024 08:13:51 GMT
date: Tue, 07 May 2024 08:13:51 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| hubspotonwebflow.com/assets/js/blockedDomains.json | 76.76.21.61 | 200 OK | 100 kB |
URL GET HTTP/2hubspotonwebflow.com/assets/js/blockedDomains.json IP76.76.21.61:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthubspotonwebflow.com Fingerprint38:B7:60:3C:B5:3B:2D:6B:25:E2:90:D9:F1:41:B8:F8:2F:AF:6A:BE ValidityMon, 06 May 2024 22:48:06 GMT - Sun, 04 Aug 2024 22:48:05 GMT
Size100 kB (100261 bytes) Hash04708d47dd194d37b8231a65de7a66f1 dc9b4c5943db30130311340def56dc37e7da8c3f 944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c
GET /assets/js/blockedDomains.json HTTP/1.1
Host: hubspotonwebflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
age: 1657578
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="blockedDomains.json"
content-encoding: br
content-type: application/json; charset=utf-8
date: Tue, 07 May 2024 08:13:54 GMT
etag: W/"04708d47dd194d37b8231a65de7a66f1"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /assets/js/blockedDomains.json
x-vercel-cache: HIT
x-vercel-id: arn1::gchbk-1715069634938-f7b1183e499b
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/11.639238ba.chunk.js | 143.204.55.14 | 200 OK | 24 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/11.639238ba.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (23865), with no line terminators Hash4049f38c00add1738dc4806148ff8829 0a631d2ccde970a13f60e147a5b5aeacb6a1b2e0 c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
GET /core/assets/js/11.639238ba.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:03 GMT
etag: W/"4049f38c00add1738dc4806148ff8829"
x-amz-server-side-encryption: AES256
x-amz-version-id: smaqEJ6y78pINcBn6CQ9_uyEvwvE9ZvF
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 22
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: b4AFyRW0IXh-B99CrRj_VY1BADb1fi_epHG7Dn5wimEY_lpcz_CuuA==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js | 143.204.55.14 | 200 OK | 8.8 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8912), with no line terminators Hashe4b83ecb3264826482970c82325ce021 728b5c23bcd47b4ca79e00c1d22975c1a337d23f 967002b56a58f41a49dbebbf93955d8774d83319c9ec02db7c76e0769c7af439
GET /core/assets/js/0.0b2ebd4a.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Wed, 01 May 2024 17:00:03 GMT
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
x-amz-server-side-encryption: AES256
x-amz-version-id: vSM0HkOkvqgsTuJrFWNs8RjJoWUL6ULk
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 23
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eapf0M-QmaVo5NVZQmn5ORBqDygfPfHi3-Z6xErydnxmdcn8A0uilA==
X-Firefox-Spdy: h2
|
|
| hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62 | 76.76.21.61 | 200 OK | 47 B |
URL GET HTTP/2hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62 IP76.76.21.61:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecthubspotonwebflow.com Fingerprint38:B7:60:3C:B5:3B:2D:6B:25:E2:90:D9:F1:41:B8:F8:2F:AF:6A:BE ValidityMon, 06 May 2024 22:48:06 GMT - Sun, 04 Aug 2024 22:48:05 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash92b0ac52eb3a4a3a7aa65224abcf9105 559923772a67b0808357cbafad1c4b85f1fbb637 8d57e2de20c17fd1d44666ee75ea22ba15abd3c5127812b84e8179911bb52261
GET /api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62 HTTP/1.1
Host: hubspotonwebflow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: application/json
date: Tue, 07 May 2024 08:13:55 GMT
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
x-vercel-execution-region: iad1
x-vercel-id: arn1::iad1::b7hw5-1715069634944-12c5586f8609
X-Firefox-Spdy: h2
|
|
| bat.bing.com/p/action/187059084.js | 204.79.197.237 | 200 OK | 3.7 kB |
URL GET HTTP/2bat.bing.com/p/action/187059084.js IP204.79.197.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3889), with no line terminators Hash96f45925ca1c3d61e3d2cc6713e8fab7 4d4b1cfbe22acd8ab3d8ff3118f6344cc219c3fe 500e4bb83acfc35c869f12e14ef28d151f5f9c9414582e7a30a7320566c8c743
GET /p/action/187059084.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=60
content-type: application/javascript; charset=utf-8
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 286AEB9BE3A84DB99D9C7DD14F8EB997 Ref B: OSL30EDGE0111 Ref C: 2024-05-07T08:13:54Z
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 | 54.85.240.191 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 IP54.85.240.191:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com Fingerprint8D:87:63:40:81:FD:69:E6:E5:7B:1B:D8:C5:49:BB:2A:A5:0B:A2:EE ValidityTue, 15 Aug 2023 00:00:00 GMT - Wed, 11 Sep 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTUwOTI4MDQtMjE4MzQ2MTc5NzgtNGQABm9yZ19pZG0AAAAHNTA5MjgwNGQACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzIxODM0NjE3OTc4ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAAPNHVKPAQ.kg-kCpkRsACu5QiQ0ILq0oCKO9GFkCFlNEkEUq0O6aA&remote_ip=18.232.245.220&vsn=2.0.0 HTTP/1.1
Host: presence.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://rc-widget-frame.js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mWANSt102yUyjbbRA+Dqkw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
cache-control: max-age=0, private, must-revalidate
connection: Upgrade
date: Tue, 07 May 2024 08:13:56 GMT
sec-websocket-accept: r8C+wEirI07tfZ8m5LlbkS8GH6I=
server: Cowboy
upgrade: websocket
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js | 143.204.55.14 | 200 OK | 26 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (25600), with no line terminators Hasha2ace4f65aa7b34dedb884f6cfe9df8d 6cd6950446b7701a27180647e2dbb74bb90509d4 edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
GET /core/assets/js/41.b4fc4de2.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Tue, 19 Mar 2024 17:28:54 GMT
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
x-amz-server-side-encryption: AES256
x-amz-version-id: rA0DhPsJA4RdNVesvkvN4QjRny8lrPwc
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NlZUj5oxkhuyHOsf5J2EZgZiowZ0ZpKPqGtgIxGxFJJBtYhWuezwFw==
X-Firefox-Spdy: h2
|
|
| js.hs-banner.com/3911692.js | 104.18.34.229 | 200 OK | 63 kB |
URL GET HTTP/2js.hs-banner.com/3911692.js IP104.18.34.229:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerLet's Encrypt Subjecths-banner.com FingerprintFD:CD:8E:97:D4:7A:91:8A:CF:B0:8D:03:EF:EB:A1:49:9F:F6:62:40 ValidityMon, 01 Apr 2024 01:01:12 GMT - Sun, 30 Jun 2024 01:01:11 GMT
File typeJavaScript source, ASCII text, with very long lines (61243) Hash381b0631a0eece43d9975eebeac4018a c23697fb40287af31e1b9a0ed1159d1031cfdd26 0a7e62074b4311ed600655962e3217c9f2c33bd454457523a1d0fe36dfbb2207
GET /3911692.js HTTP/1.1
Host: js.hs-banner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:52 GMT
content-type: text/javascript; charset=UTF-8
x-amz-id-2: jPQgSktSiznXWH2qOajtnIAsqrLcQCrTdfVbq2Jg9VSw9kS8WGETsAkQ4W5RP0JkUtWGzoEgYU5aCVi1RW1/HcB4ZJnx7669
x-amz-request-id: RC5XAAR8DKEC0HAM
last-modified: Wed, 10 Apr 2024 21:07:09 GMT
etag: W/"381b0631a0eece43d9975eebeac4018a"
x-amz-server-side-encryption: AES256
cache-control: max-age=300,public
x-amz-version-id: RDrUrFX49NqTvtKL.PRguE6RUBzrS.gk
access-control-allow-origin: https://www.huntress.com
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
vary: origin, Accept-Encoding
expires: Tue, 07 May 2024 08:14:18 GMT
x-envoy-upstream-service-time: 24
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 694e4a9c-c1ad-443c-a04b-1c5adfc2ce45
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-snf7h
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-request-id: 694e4a9c-c1ad-443c-a04b-1c5adfc2ce45
cf-cache-status: HIT
age: 91
server: cloudflare
cf-ray: 87ffc0cffb44b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_88949 | 44.218.103.148 | 200 OK | 62 B |
URL GET HTTP/2api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_88949 IP44.218.103.148:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectneverbounce.com FingerprintAA:14:38:26:16:0D:C2:06:23:FA:67:31:6D:06:B4:73:35:3A:18:67 ValidityMon, 29 Jan 2024 00:00:00 GMT - Tue, 25 Feb 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash1afa8f2377a97322215922585d8d152d dec389d81da4a7eba6ac9ad83e1aeb42c0b530c3 5cea297a58bc083bc5be4c76ac800a8419ad679f9d0a8e85a427dc13040b79b7
GET /v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_88949 HTTP/1.1
Host: api.neverbounce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:53 GMT
content-type: application/javascript
server: nginx
vary: Accept-Encoding
cache-control: no-cache, private
x-ua-compatible: IE=Edge
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/16.22abfce0.chunk.css | 143.204.55.14 | 200 OK | 24 B |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/16.22abfce0.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash0c5dad92482d9a7c7c253510f5082465 534b458f99b4d0bb90c2cf2c4bb3703ef44a52bf 5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
GET /core/assets/css/16.22abfce0.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
content-length: 24
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Wed, 01 May 2024 17:00:01 GMT
etag: "0c5dad92482d9a7c7c253510f5082465"
x-amz-server-side-encryption: AES256
x-amz-version-id: EJDcVDn5CVMphTi7feP5kOEl5b7qqm3R
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 13
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UkE3Ox2w3IaU0m_ICsQak52yJfYFJlSZIZ5bA9Xy6jxayMAv_ViPCA==
X-Firefox-Spdy: h2
|
|
| js.zi-scripts.com/unified/v1/master/getSubscriptions | 172.64.150.44 | 200 OK | 146 B |
URL GET HTTP/3js.zi-scripts.com/unified/v1/master/getSubscriptions IP172.64.150.44:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectzi-scripts.com FingerprintC0:86:5D:FE:C8:AD:96:F5:D9:46:55:72:6E:0F:17:8B:4A:AE:01:1D ValidityFri, 29 Mar 2024 13:10:20 GMT - Thu, 27 Jun 2024 13:10:19 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6a1b7bf19ad57e5a1257b549ffaa1f78 ff2b64dc8fa5672a65ac60f13e15e71763d3d266 bfe085f3da2e3a764d08935d725cb24e2598e3f2fbb602e8871c65dacd2db38b
GET /unified/v1/master/getSubscriptions HTTP/1.1
Host: js.zi-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
Content-Type: application/json
Authorization: Bearer 5880e3e5891679926699
visited_url: https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware
Origin: https://www.huntress.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 07 May 2024 08:13:55 GMT
content-type: application/json; charset=utf-8
apigw-requestid: XZBeniFfvHcESVQ=
x-powered-by: Express
etag: W/"92-61bqz+uTKSWn4UefTlWhnvUDaaM"
access-control-allow-origin: *
access-control-expose-headers: *
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2-C1K3fZnCE-snEDR0P5862CbJ5hWigWxGVaGEz0D1jlHArc7fwdew==
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0e629eab4f7-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/main~493df0b3.91dc5a14.chunk.js | 143.204.55.14 | 200 OK | 7.2 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/main~493df0b3.91dc5a14.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7529), with no line terminators Hashb9603050b2ad285efe8952c41736639e 255046e26f27a91725ea75524178debd1b54f055 1f974cd530f4bdaba080960bca77427430b279128b833180a1d006fe1eeed177
GET /core/assets/js/main~493df0b3.91dc5a14.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:53 GMT
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
etag: W/"c11c9776fa434757756e10e6ded61c75"
x-amz-server-side-encryption: AES256
x-amz-version-id: aQ8O6UMWsN.2o5G5k1LSH1svCMcNLzIM
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 21
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IiT0GtegityiW5-EaGr5dufS6RWFk7szN8okNEIdcgDHW3powck4Zg==
X-Firefox-Spdy: h2
|
|
| js.zi-scripts.com/zi-tag.js | 172.64.150.44 | 200 OK | 9.5 kB |
URL GET HTTP/2js.zi-scripts.com/zi-tag.js IP172.64.150.44:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subjectzi-scripts.com FingerprintC0:86:5D:FE:C8:AD:96:F5:D9:46:55:72:6E:0F:17:8B:4A:AE:01:1D ValidityFri, 29 Mar 2024 13:10:20 GMT - Thu, 27 Jun 2024 13:10:19 GMT
File typeJavaScript source, ASCII text, with very long lines (9672), with no line terminators Hash5c9250f796bc689e1ac1ee1221b91a6d 93f29564742ef92037bfe44dfb0d7be8864136ab d77d28c1698722409baf461512fc2716045b404d4e4206f5ec8f9052013375a9
GET /zi-tag.js HTTP/1.1
Host: js.zi-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:54 GMT
content-type: application/javascript
last-modified: Thu, 02 May 2024 10:12:33 GMT
x-amz-version-id: El0g.RnAqJPwnFJdxj37HBOCbk.jq3Sb
etag: W/"8c204aa84fdf9cdf3edc033589ee81ca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Hn9nwixw2FqYPBGY0HrSXW-8VIBsMFsDMHtOzPsy5wk4ylw-18S8tw==
age: 17100
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87ffc0e29f631c06-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC | 142.250.74.132 | 200 OK | 7.4 kB |
URL GET HTTP/3www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC IP142.250.74.132:443
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (7672), with no line terminators Hash7e27b7432486e5f3666ca5d189653a4a fd555a1652d8cc57268650df8a435a16fc10acc4 7ca3030c52d2ecceacf70bb2f4571ea78a2624b973c2ba2a899334f3d9fbda8b
GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 08:13:55 GMT
content-security-policy: script-src 'nonce-SLVLLCxOhLlvHje3RXcohg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| rc-widget-frame.js.driftt.com/core/assets/css/25.7addeee7.chunk.css | 143.204.55.14 | 200 OK | 9.0 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/css/25.7addeee7.chunk.css IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (9040), with no line terminators Hashb9011653b355d04d18b2ff93e45e1ecd f5415e40e4f0368b065e54498b137f43965dedf5 a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff
GET /core/assets/css/25.7addeee7.chunk.css HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
etag: W/"b9011653b355d04d18b2ff93e45e1ecd"
x-amz-server-side-encryption: AES256
x-amz-version-id: EFJHE_lMh.tvaT0GqPW.1ROLceWNBRoz
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
x-envoy-upstream-service-time: 20
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MpKZvR0mNbFUSRZrP8BXZQMaj4ZYGrIEZHlNc67MZoC9XboWQH-GWw==
X-Firefox-Spdy: h2
|
|
| bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=5bd62046-e995-4aa4-8d5d-e337e6d5f6cc&sid=be7c53b00c4911ef9f882d4b3bb4ba09&vid=be7c61500c4911ef8177d1755aaa8281&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&r=<=2807&pt=1715069629217,,,,,50,52,52,52,128,89,128,194,206,512,2720,2797,2807,,,&pn=0,0&evt=pageLoad&sv=1&rn=690706 | 204.79.197.237 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=5bd62046-e995-4aa4-8d5d-e337e6d5f6cc&sid=be7c53b00c4911ef9f882d4b3bb4ba09&vid=be7c61500c4911ef8177d1755aaa8281&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&r=<=2807&pt=1715069629217,,,,,50,52,52,52,128,89,128,194,206,512,2720,2797,2807,,,&pn=0,0&evt=pageLoad&sv=1&rn=690706 IP204.79.197.237:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=187059084&tm=gtm002&Ver=2&mid=5bd62046-e995-4aa4-8d5d-e337e6d5f6cc&sid=be7c53b00c4911ef9f882d4b3bb4ba09&vid=be7c61500c4911ef8177d1755aaa8281&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Cobalt%20Strikes%20Again%3A%20An%20Analysis%20of%20Obfuscated%20Malware&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware&r=<=2807&pt=1715069629217,,,,,50,52,52,52,128,89,128,194,206,512,2720,2797,2807,,,&pn=0,0&evt=pageLoad&sv=1&rn=690706 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.huntress.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0853F8F8EF476868286FEC80EEB26958; domain=.bing.com; expires=Sun, 01-Jun-2025 08:13:54 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F086164554314842A8046C54C0D71239 Ref B: OSL30EDGE0111 Ref C: 2024-05-07T08:13:54Z
date: Tue, 07 May 2024 08:13:53 GMT
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/34.4924e4bf.chunk.js | 143.204.55.14 | 200 OK | 27 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/34.4924e4bf.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (27337), with no line terminators Hash2a9499a40949c70c9c00081b06639cb0 c30abc7c92ba97be5e84f4aa4b5cde054968cfce 15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65
GET /core/assets/js/34.4924e4bf.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"2a9499a40949c70c9c00081b06639cb0"
x-amz-server-side-encryption: AES256
x-amz-version-id: T7ywXmlgZ2pn_NjEp3YMDrKgM16OYgwy
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Hf83NcwBKP0ZrqkYRbJCatP2GRUV4YEJIq2bqFXOj7vz8Nl_NVX0vQ==
X-Firefox-Spdy: h2
|
|
| rc-widget-frame.js.driftt.com/core/assets/js/35.3969a3d7.chunk.js | 143.204.55.14 | 200 OK | 12 kB |
URL GET HTTP/2rc-widget-frame.js.driftt.com/core/assets/js/35.3969a3d7.chunk.js IP143.204.55.14:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subject*.drift.com Fingerprint9C:F6:BE:BA:59:6B:DE:CE:68:BD:2B:4F:DB:C5:B3:AF:A3:19:C6:56 ValidityMon, 03 Jul 2023 00:00:00 GMT - Wed, 31 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (11590), with no line terminators Hashdcd622adceee29d53432ca3f6e9eb777 03daf12e516e3d3ea54cf6d3b45ac10a5e72ff83 ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503
GET /core/assets/js/35.3969a3d7.chunk.js HTTP/1.1
Host: rc-widget-frame.js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
server: istio-envoy
date: Tue, 07 May 2024 08:13:54 GMT
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
etag: W/"dcd622adceee29d53432ca3f6e9eb777"
x-amz-server-side-encryption: AES256
x-amz-version-id: _L8fRFK5jC3YnnGaFitzP.KBJ4MXVS_2
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 23
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 08eGoX6f8sjjLxMcV7d51c_ekJukUtyuVgy3_o8GUhs6qHSW-iIKXg==
X-Firefox-Spdy: h2
|
|
| bootstrap.api.drift.com/widget_bootstrap | 3.94.218.138 | 200 OK | 11 kB |
URL POST HTTP/2bootstrap.api.drift.com/widget_bootstrap IP3.94.218.138:443
Requested byhttps://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5db9d812-9f99-492f-b86a-7584711e38bf&sessionStarted=1715069632.22&campaignRefreshToken=3ff4782d-aa36-4351-9ce0-0c58401534f6&pageLoadStartTime=1715069629423&mode=CHAT&driftEnableLog=false&loadStrategy=ON_INTERACTIVE&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcobalt-strike-analysis-of-obfuscated-malware CertificateIssuerAmazon Subjectdrift.com FingerprintB7:94:E7:F3:B7:5C:66:0B:09:DC:83:16:97:C6:C8:04:3A:B0:3B:D0 ValiditySun, 03 Mar 2024 00:00:00 GMT - Mon, 31 Mar 2025 23:59:59 GMT
Hash76729efc84bce1e02bccc45b2a2f0090 42ed5f25c7eda28a9cbcfd9194c4d1f9f9c33244 f90bb2e9be8052005249584773ba80260221e8d44fe100b0200a585d7c97b5c5
POST /widget_bootstrap HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 507
Origin: https://rc-widget-frame.js.driftt.com
DNT: 1
Connection: keep-alive
Referer: https://rc-widget-frame.js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 08:13:55 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 5fc20df9c84e38dd
vary: Accept-Encoding
content-encoding: gzip
x-envoy-upstream-service-time: 216
server: istio-envoy
X-Firefox-Spdy: h2
|
|