stpmvt.com/3TV2uzK
67.199.248.13302 Found 113 B IP 67.199.248.13:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 5d4d7bf098c0cb061daba0b1458574f3
830283f11a4f0ba973a11beda62c7322149ba177
8ba1ad6f3efcf85a6f1b7f72b52b366e407155e9830fa3f016d0fed8729c79ee
Analyzer Verdict Alert fortinet Phishing
GET /3TV2uzK HTTP/1.1
Host: stpmvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 08 Sep 2022 11:15:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 113
Location: https://stpmvt.com/3TV2uzK
Strict-Transport-Security: max-age=1209600
Via: 1.1 google
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5397
Expires: Thu, 08 Sep 2022 12:44:59 GMT
Date: Thu, 08 Sep 2022 11:15:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 11:05:16 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Bf3U_MuyqjAVilnRsyRE9YSzUY9NgnDwsy0LWqlV84ISuXGofKi4cw==
Age: 586
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NHwmJck1QTgdJjjWTyaMIlDCu9UsikU7PTCEZmGwTMja3xbj7lcS7g==
age: 26909
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4c55e1a20c4c6442e6010e3590ffe5f0
654948710c0e4082d4d161d9919361e8795b5cde
20876078273dc18b679124682421d99f07abbc80359550a72311e7e9765cbe3b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20876078273DC18B679124682421D99F07ABBC80359550A72311E7E9765CBE3B"
Last-Modified: Wed, 07 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19417
Expires: Thu, 08 Sep 2022 16:38:40 GMT
Date: Thu, 08 Sep 2022 11:15:03 GMT
Connection: keep-alive
stpmvt.com/3TV2uzK
67.199.248.13301 Moved Permanently 168 B IP 67.199.248.13:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash df26e9a85ad39f36dc0261170db0edbb
41b5e0febab592673af99d5fa15f24902738f4e1
f9bfe7b121e1893ddb2471f0e33c26b17dec35fcbf8ec7e15044386eca2540ce
Analyzer Verdict Alert fortinet Phishing
GET /3TV2uzK HTTP/1.1
Host: stpmvt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
cache-control: private, max-age=90
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Thu, 08 Sep 2022 11:15:03 GMT
location: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
referrer-policy: unsafe-url
server: nginx
set-cookie: _bit=m88bf3-c1f8ed2622e4f01e6c-00l; Domain=stpmvt.com; Expires=Tue, 07 Mar 2023 11:15:03 GMT
strict-transport-security: max-age=1209600
content-length: 168
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 10:38:18 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 11:19:11 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S_9o_G7znZzVQNeVx6eQQz9sKXalCJgH-4fx7xvDHZOi4w5dD7fdrA==
Age: 2205
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
45.60.64.106200 OK 556 B URL HTTP/2 www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
IP 45.60.64.106:0
File type ASCII text, with very long lines (1243), with no line terminators
Hash e6c5e14c2de97a1d1235a77293e5fcdc
0bf0860bb83ba7ac924ec9e961f4369b6e44b37c
d73c226fc1c318e9ff83b39bba6715053959721ac5d051744636ee4eaf6207ac
GET /hs/hsstatic/cos-i18n/static-1.53/bundles/project.js HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"61ca66de658cab9587e4636894680d5d"
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
content-type: application/javascript
content-length: 556
content-encoding: gzip
cache-control: max-age=21100132, public
expires: Wed, 10 May 2023 16:23:55 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 299) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
45.60.64.106200 OK 3.5 kB URL HTTP/2 www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
IP 45.60.64.106:0
File type ASCII text, with very long lines (9847)
Hash ea2f79543b56b2ca323838702545087f
490d34bdf135ca82a432010afd62602b7da5be38
785103c07bf576854a21daaef154b79bcf43f2ee2cb82dc9bc95b0ab20108e9d
GET /hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"0d86ec7be24f2dff2308b8edf54c2f32"
last-modified: Wed, 27 Jul 2022 14:35:54 GMT
content-type: application/javascript
content-length: 3502
content-encoding: gzip
cache-control: max-age=27921813, public
expires: Fri, 28 Jul 2023 15:18:36 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 302) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/__dam/fonts/ionicons.eot
45.60.64.106200 OK 69 kB URL HTTP/2 www.cybereason.com/hubfs/__dam/fonts/ionicons.eot
IP 45.60.64.106:0
File type Embedded OpenType (EOT), Ionicons family\012- OpenPGP Secret Key\012- data
Hash 6b9837da79bca0b540faaa6a61590df9
25eabf406eea7eaca1b609333f7e2aee811fca3f
fbbe6ca31d9decf3473f9023d35a16a26ccd3a8575a2d01fcfb7e2a2363a6a92
GET /hubfs/__dam/fonts/ionicons.eot HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"2c2ae068be3b089e0a5b59abb1831550"
last-modified: Fri, 25 Sep 2020 09:38:01 GMT
content-type: application/vnd.ms-fontobject
content-length: 68926
content-encoding: gzip
cache-control: max-age=934611, public
expires: Mon, 19 Sep 2022 06:51:54 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 308) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Regular.woff2
45.60.64.106200 OK 15 kB URL HTTP/2 www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Regular.woff2
IP 45.60.64.106:0
File type Web Open Font Format (Version 2), TrueType, length 14572, version 1.0\012- data
Hash 8c4e317165d35f99602a1c625d63a040
2266c1ef982de7c9fbc604167b06e200ff0ae3c2
fcba0ef5c17fd435aaa6cfac66375e7bfae52f5116b7a6e126c8b0f38b841613
GET /hubfs/dam/fonts/criteria/Criteria-CF-Regular.woff2 HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "8c4e317165d35f99602a1c625d63a040"
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
content-type: application/font-woff2
content-length: 14572
cache-control: max-age=932357, public
expires: Mon, 19 Sep 2022 06:14:20 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 310) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Medium.woff2
45.60.64.106200 OK 15 kB URL HTTP/2 www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Medium.woff2
IP 45.60.64.106:0
File type Web Open Font Format (Version 2), TrueType, length 14772, version 1.0\012- data
Hash 32457643e2ecf8bcf7fdba1110db901c
c346ab30c723e8862a66925778de4b7bdead8838
f24560f5b81158a42b8d38ffe5795d9959eb2308ee6780ea912a6594bb999d1e
GET /hubfs/dam/fonts/criteria/Criteria-CF-Medium.woff2 HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "32457643e2ecf8bcf7fdba1110db901c"
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
content-type: application/font-woff2
content-length: 14772
cache-control: max-age=934611, public
expires: Mon, 19 Sep 2022 06:51:54 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 311) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/fonts/peristyle/Peristyle-Black.woff2
45.60.64.106200 OK 14 kB URL HTTP/2 www.cybereason.com/hubfs/dam/fonts/peristyle/Peristyle-Black.woff2
IP 45.60.64.106:0
File type Web Open Font Format (Version 2), TrueType, length 14136, version 1.0\012- data
Hash a17b2e1c032fa4a5eea1eeb1416eb385
eba01aa1b5a9063a83ec5c770609b6f16a1a454b
9d943fe5fde08d5b742d383b625031f75e3e89035369f2cde2778f4c6cf5c119
GET /hubfs/dam/fonts/peristyle/Peristyle-Black.woff2 HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "a17b2e1c032fa4a5eea1eeb1416eb385"
last-modified: Fri, 15 Oct 2021 16:32:36 GMT
content-type: application/font-woff2
content-length: 14136
cache-control: max-age=934611, public
expires: Mon, 19 Sep 2022 06:51:54 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 312) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/plugins/marker-animation.js
45.60.64.106200 OK 2.3 kB URL HTTP/2 www.cybereason.com/hubfs/dam/plugins/marker-animation.js
IP 45.60.64.106:0
File type ASCII text, with very long lines (5874), with no line terminators
Hash 4f4a325750d43813bf2f5cc0135fb22b
447e6d24c93cbe0d02ef1c086cb1a419dcbe4ce3
9d5cb0ecea2e5a6db58615653a4b154ac7aa72e52769e0c2e0d7146a7914eafe
GET /hubfs/dam/plugins/marker-animation.js HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"c789451d244987df6815383a74c748e9"
last-modified: Tue, 27 Oct 2020 17:09:14 GMT
content-type: application/javascript
content-length: 2303
content-encoding: gzip
cache-control: max-age=1139225, public
expires: Wed, 21 Sep 2022 15:42:08 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 337) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-black.png
45.60.64.106200 OK 5.1 kB URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-black.png
IP 45.60.64.106:0
File type PNG image data, 492 x 100, 8-bit colormap, non-interlaced\012- data
Hash 7778b139066b79af8670c5a3936c4795
8a945e4741e18f301ebe4f6af1e181b0605350b5
fd6c0f5026c29648ab8887658f23e6c57faedfe7f9d85e702823ae5dfcbdc8f0
GET /hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-black.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "0200a44af913040fda048d2ccd029463"
last-modified: Fri, 03 Dec 2021 18:08:59 GMT
content-type: image/png
content-length: 5084
cache-control: max-age=264983, public
expires: Sun, 11 Sep 2022 12:51:26 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 338) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-malicious-life-logo-v2.png
45.60.64.106200 OK 36 kB URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-malicious-life-logo-v2.png
IP 45.60.64.106:0
File type PNG image data, 2060 x 469, 8-bit colormap, non-interlaced\012- data
Hash e2ae40ec153d007f2b8bdc347b85bcb8
58371df5d90323a6567b4ebfe51d7aee4c25404e
1ef8b59b832109ecbec2f9ed52e8073e2ab73862fa5e6697e1fe05d1c8358a02
GET /hubfs/dam/images/images-web/logos/cr-brand/cr-malicious-life-logo-v2.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "4f8f695cfdda0e2a9e41271fd3ef4840"
last-modified: Wed, 15 Dec 2021 18:41:35 GMT
content-type: image/png
content-length: 35653
cache-control: max-age=1054016, public
expires: Tue, 20 Sep 2022 16:01:59 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 340) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
45.60.64.106200 OK 440 B URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
IP 45.60.64.106:0
File type PNG image data, 36 x 36, 8-bit colormap, non-interlaced\012- data
Hash 744c556b1cf3387a3c7608f0172259b0
2762dea9467baabdaf06b11c9493ac568acabebe
e90344957225c9e0caa52e2591fd6066740e0650bc100c422435762160fb2e33
GET /hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "5285e68f20ece59da650da19c81751e2"
last-modified: Wed, 03 Mar 2021 03:19:57 GMT
content-type: image/png
content-length: 440
cache-control: max-age=1054016, public
expires: Tue, 20 Sep 2022 16:01:59 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 342) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
45.60.64.106200 OK 433 B URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
IP 45.60.64.106:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (749), with no line terminators
Hash 12c308a1363ddb563fd43f6e9aec5578
3d8a267c4805cbfa67b15169bbf3e01419b90d03
56d5a012c135c6b584d6b9b359f928f9c3f83b03266f89ae39daf6b7d8adc2b1
GET /hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"5c103d0cd978b3a8d7ccab6bff714599"
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
content-type: image/svg+xml
content-length: 433
content-encoding: gzip
cache-control: max-age=893984, public
expires: Sun, 18 Sep 2022 19:34:47 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 344) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
45.60.64.106200 OK 299 B URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
IP 45.60.64.106:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (372), with no line terminators
Hash 823636edb4c820703981299f45ae2054
ce28a3ab8fdb989b0f0931b278ed0f66856c69e5
101f428ead38cf66b08147e981ae6e2028c05f2d6f75095986f2156affd383ea
GET /hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"8c22d0d78005c386bf29edacfdd2360d"
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
content-type: image/svg+xml
content-length: 299
content-encoding: gzip
cache-control: max-age=936090, public
expires: Mon, 19 Sep 2022 07:16:33 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 345) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
45.60.64.106200 OK 630 B URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
IP 45.60.64.106:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (607)
Hash 49900017bc49350250205e995d395d1d
756f49ea44fc1c469a8864855431e2e33e330a91
84053f9a53cbcd3abca20320e6aa65505f813ababd0530d918d36512559b86cf
GET /hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"446340b1a8e73ee28b1a47837a13fdf3"
last-modified: Wed, 07 Apr 2021 01:13:30 GMT
content-type: image/svg+xml
content-length: 630
content-encoding: gzip
cache-control: max-age=936091, public
expires: Mon, 19 Sep 2022 07:16:34 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 346) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/Capture-4.png
45.60.64.106200 OK 25 kB URL HTTP/2 www.cybereason.com/hubfs/Capture-4.png
IP 45.60.64.106:0
File type PNG image data, 509 x 509, 8-bit grayscale, non-interlaced\012- data
Hash 93e7b94eb1d90169838e1d210dd2f1e7
fce48dd1ea9e380acef1bce26f0beff4d2d2d0ea
f6992602860083443a6e36d8a4189d2ab5275d43eb4f8a8728589b9bfd992da7
GET /hubfs/Capture-4.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "5b545f45436a98fee1835196019248fa"
last-modified: Thu, 09 Sep 2021 17:50:40 GMT
content-type: image/png
content-length: 24923
cache-control: max-age=1058195, public
expires: Tue, 20 Sep 2022 17:11:38 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 347) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/blog-post-text%20-%202022-09-07T090944.782.png
45.60.64.106200 OK 564 kB URL HTTP/2 www.cybereason.com/hubfs/blog-post-text%20-%202022-09-07T090944.782.png
IP 45.60.64.106:0
File type PNG image data, 1200 x 628, 8-bit/color RGB, non-interlaced\012- data
Size 564 kB (563733 bytes)
Hash 20a9a475e1bd2e2a7e9b115c7af12595
dac279736f8f843d239e763d769690623c4b185d
b25137f4508b2f455baa08a9e40650bf771c194b45f8fb91bfd3a9e97551ef3e
GET /hubfs/blog-post-text%20-%202022-09-07T090944.782.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "bba5600287f8e92668eaaa3163e4c43d"
last-modified: Wed, 07 Sep 2022 16:12:16 GMT
content-type: image/png
content-length: 563733
cache-control: max-age=1745835, public
expires: Wed, 28 Sep 2022 16:12:18 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-13620789 2CNN RT(1662635703373 343) q(0 0 0 -1) r(0 0) U18
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-white.png
45.60.64.106200 OK 5.0 kB URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-white.png
IP 45.60.64.106:0
File type PNG image data, 492 x 100, 8-bit colormap, non-interlaced\012- data
Hash 2c0bec9b75e9ec264e13a3d445d2463a
0e220d5537100a1daf5bd1a2ad003ad35ff685fd
8f657cd3617d00d51bbc4dee693b71bde939c80310034a8d82641804d4eb7e16
GET /hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-white.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "9fa007f86be3dd9a921a2d00bf86f36e"
last-modified: Fri, 03 Dec 2021 18:09:12 GMT
content-type: image/png
content-length: 4953
cache-control: max-age=1058807, public
expires: Tue, 20 Sep 2022 17:21:50 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 356) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/lior-blog-post-May-23-2022-12-08-48-13-PM.png
45.60.64.106200 OK 253 kB URL HTTP/2 www.cybereason.com/hubfs/lior-blog-post-May-23-2022-12-08-48-13-PM.png
IP 45.60.64.106:0
File type PNG image data, 1200 x 628, 8-bit/color RGB, non-interlaced\012- data
Size 253 kB (253183 bytes)
Hash 8fd8a8f45cda430e6922ffa11f3b6091
32270dd150a7653320e892ffcd62cb92c181db22
89f2c0c3f337120cffabbad513474acd34ce323fce4613619a9677a09730784b
GET /hubfs/lior-blog-post-May-23-2022-12-08-48-13-PM.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "d8a386be5b89dc2806781a994ab04371"
last-modified: Mon, 23 May 2022 12:08:49 GMT
content-type: image/png
content-length: 253183
cache-control: max-age=1138878, public
expires: Wed, 21 Sep 2022 15:36:21 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 355) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1679731118
45.60.64.106200 OK 19 kB URL HTTP/2 www.cybereason.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1679731118
IP 45.60.64.106:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 012688c04d4118ca3b1bddeee9a40ea5
026ae4f52267ee7807e580c6df4d530e3718040c
7429184d1eea7f749b16124da3a76464239c4337744da32b7c01be9507fea8a0
GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1679731118 HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/javascript
content-encoding: gzip
x-robots-tag: noindex
content-length: 19188
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1580
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Last-Modified: Thu, 08 Sep 2022 10:48:43 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cd3ef1f5897c7c5c6ad334f0dc820e2
a118d0e2b4c059827bd8bafe7c9549d423022d93
e0bcff2f7ab86e5c2b6cae8155bf9e069bd76cefe9e04f199ffd3045ea7561e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1638
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Last-Modified: Thu, 08 Sep 2022 10:47:45 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cd3ef1f5897c7c5c6ad334f0dc820e2
a118d0e2b4c059827bd8bafe7c9549d423022d93
e0bcff2f7ab86e5c2b6cae8155bf9e069bd76cefe9e04f199ffd3045ea7561e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4568
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Last-Modified: Thu, 08 Sep 2022 09:58:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cd3ef1f5897c7c5c6ad334f0dc820e2
a118d0e2b4c059827bd8bafe7c9549d423022d93
e0bcff2f7ab86e5c2b6cae8155bf9e069bd76cefe9e04f199ffd3045ea7561e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3135
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Last-Modified: Thu, 08 Sep 2022 10:22:48 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.16.148.64200 OK 7.2 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (21747)
Hash ec12a4ed6414d59f440cc6667f54fa56
dc045fd45a736db97db94c22d5b4d3a29aa10ea6
1a4fd42ea4ea00d7762d0a273e6094ac7967db784c736280fe77328025427373
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: 7BKk7WQU1Z9EDMZmf1T6Vg==
last-modified: Thu, 08 Sep 2022 06:34:46 GMT
etag: 0x8DA916439418414
x-ms-request-id: e946677d-f01e-000c-4151-c33617000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 542
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7477439d7d6cb4fd-OSL
X-Firefox-Spdy: h2
use.typekit.net/vyv2ljd.js
23.36.76.122200 OK 6.9 kB URL HTTP/2 use.typekit.net/vyv2ljd.js
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (3012)
Hash 38f42986e1b2ab1a42fd42ca50d867ae
9ba5269715647088bd60d31fe28b1fdea9ee3df4
3c107c4a7fc27ccc666b63441cf17db7c710ac5dc7ea68acef5256598d7e9ee1
GET /vyv2ljd.js HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/javascript;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 6894
date: Thu, 08 Sep 2022 11:15:03 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8cd3ef1f5897c7c5c6ad334f0dc820e2
a118d0e2b4c059827bd8bafe7c9549d423022d93
e0bcff2f7ab86e5c2b6cae8155bf9e069bd76cefe9e04f199ffd3045ea7561e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1638
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Last-Modified: Thu, 08 Sep 2022 10:47:45 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db433121f8c8215d44bcd26aff290172
f96b386796e3589437cd57fac6782842c17ce746
455323a3f807014a498118929131b6aad4ec5283f95be23108b2afd329576098
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/OtAutoBlock.js
104.16.148.64200 OK 8.7 kB URL HTTP/2 cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/OtAutoBlock.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (52996)
Hash 7cd70085c5f4ef17d6ccf53aa800de4b
2d03af757a70487a749f7b2b255a1505dba45c65
05cb79e378340985ef779c61ab707ccea88030d9cffc95e51445c16f8e77de76
GET /consent/26b02624-42c7-456d-82c2-9669db762671/OtAutoBlock.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/x-javascript
content-length: 8687
cache-control: public, max-age=14400
content-encoding: gzip
content-md5: fNcAhcX07xfWzPU6qADeSw==
last-modified: Wed, 03 Aug 2022 14:59:26 GMT
etag: 0x8DA7560C2533650
x-ms-request-id: 70f2ef45-901e-0131-3149-a7c564000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 2671
expires: Thu, 08 Sep 2022 15:15:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7477439d7d7cb4fd-OSL
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 462260
expires: Tue, 29 Aug 2023 11:15:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVH1vla%2FzZMbistqpAkMFwi9wjuYFQuv6HaXUePVzm1q6a3HQENoQa56c99UFWoaif8zCU%2BLNVkH2U9SuVsIDKfGvU6ggjQmC833x9Ot0iaQim2zBSIbP1IVA0h7UIYxzcfUh7Sa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7477439d7a660b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
142.250.74.74200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 13:30:59 GMT
expires: Fri, 01 Sep 2023 13:30:59 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 596644
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cybereason.com/hs/scriptloader/3354902.js
45.60.64.106200 OK 520 B URL HTTP/2 www.cybereason.com/hs/scriptloader/3354902.js
IP 45.60.64.106:0
File type ASCII text, with very long lines (1412), with no line terminators
Hash 91e280a0e1e11964d24730682f55b596
d6a9450e1769ede3bbac2d15ae32e26b85db68bc
fe6fbd2197bd861700d52721d8b7d513407c94a9135a8123b736d2124db8436e
GET /hs/scriptloader/3354902.js HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "9f48003f"
last-modified: Thu, 08 Sep 2022 11:13:11 GMT
content-type: application/javascript;charset=utf-8
content-length: 520
content-encoding: gzip
cache-control: max-age=11, public
expires: Thu, 08 Sep 2022 11:15:14 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-13620789 3CNN RT(1662635703373 371) q(0 0 0 -1) r(2 2)
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db433121f8c8215d44bcd26aff290172
f96b386796e3589437cd57fac6782842c17ce746
455323a3f807014a498118929131b6aad4ec5283f95be23108b2afd329576098
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.212.13.96101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.13.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Utn7RBKvAZMPavykmods0w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: p58Pyh/qn1Qu93qnV9Q1OX71tDI=
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/26b02624-42c7-456d-82c2-9669db762671.json
104.16.148.64200 OK 1.6 kB URL HTTP/2 cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/26b02624-42c7-456d-82c2-9669db762671.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (4496), with no line terminators
Hash 5bce08f8465649affc4e9ffea863969d
d12541f42a79f187f61734c63207331241b98c14
fb019620f47d4f94e7aa9d07ab6d28566ae1be02bf481062a1a340bb6e4ef43c
GET /consent/26b02624-42c7-456d-82c2-9669db762671/26b02624-42c7-456d-82c2-9669db762671.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: application/x-javascript
content-length: 1648
cache-control: public, max-age=14400
content-encoding: gzip
content-md5: W84I+EZWSa/8Tp/+qGOWnQ==
last-modified: Wed, 03 Aug 2022 14:59:26 GMT
etag: 0x8DA7560C2409B40
x-ms-request-id: 978994f0-301e-0137-3749-a7321c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 2672
expires: Thu, 08 Sep 2022 15:15:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7477439e4e99b4fd-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
IP 142.250.74.10:0
Hash efd44b9a0edb718b37a013f845afee5d
790391646ff99d1fda925aea773f53873ae5dcf1
07ce6256d1ecc5ea31994c1a8daa8f856da536b02ed92709f48681427d05b376
GET /css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 11:15:03 GMT
date: Thu, 08 Sep 2022 11:15:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP 142.250.74.10:0
Hash 185e8c9695af65c3b30cd8c57e5823a2
59e009ba84b38baeb257588b3b9694874a3c661a
72d57abc17b3086d74f9619936604606952ffccbd9a3ffdd1575dae2d9f98aa1
GET /css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 11:15:04 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
142.250.74.72200 OK 95 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
IP 142.250.74.72:0
File type ASCII text, with very long lines (62852)
Hash 23bfc76ed27a253f92b2596f8ed1da0a
0caca3fa4e24e8d07056b3ae2e45b9fc45e0e664
27ef46a165b51e867e952ed37df2afe6e4e4206ac653f7ffa8c70d8bf69b50c1
GET /gtm.js?id=GTM-TJVVB7C HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Sep 2022 11:15:04 GMT
expires: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94899
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
45.60.64.106200 OK 476 kB URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
IP 45.60.64.106:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 476 kB (475630 bytes)
Hash 3ad1e4ef7d5d6e0bc35413faf49fefb8
a51a6f3f6cc839e73dc56e15ef0d41817f538157
51443fc1aa325f301b39d89ffeae8f8a7833ed59491b89419902b32ef30b3b39
GET /hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "cd208635457bf65f33aa7c8849efcf21"
last-modified: Fri, 19 Feb 2021 04:27:31 GMT
content-type: image/webp
content-length: 475630
cache-control: max-age=1067741, public
expires: Tue, 20 Sep 2022 19:50:45 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 743) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/images/images-web/backgrounds/cr-ml-sidebar-subscribe-bg.jpg
45.60.64.106200 OK 34 kB URL HTTP/2 www.cybereason.com/hubfs/dam/images/images-web/backgrounds/cr-ml-sidebar-subscribe-bg.jpg
IP 45.60.64.106:0
File type JPEG image data, baseline, precision 8, 450x200, components 3\012- data
Hash fc1b0afbba0ecc4d6a05b31a6fc94473
832d359cef4c5df7a9e9a1d21f61582f54bd1a8c
9967a27efc89a8cefe9665100ec51cded3a8c89f95cdca1285bfce207666cd11
GET /hubfs/dam/images/images-web/backgrounds/cr-ml-sidebar-subscribe-bg.jpg HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "c2444af5dedceb18b268a01a640beb72"
last-modified: Thu, 31 Mar 2022 18:30:54 GMT
content-type: image/jpeg
content-length: 34358
cache-control: max-age=1054015, public
expires: Tue, 20 Sep 2022 16:01:59 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 753) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/animatedModal.min.js
104.17.240.204200 OK 39 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/animatedModal.min.js
IP 104.17.240.204:0
File type ASCII text, with very long lines (2257)
Hash 3b22aef6178bdeadf7b5e1b592392d45
e4f4161a71150b86c8436560ec28e0db51bc25b3
08b4a2e1f819dfa9bea040bd4d684d504a7bdd572230048b1e356d9fd56556fd
GET /hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/animatedModal.min.js HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7477439d4b441c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"690ad93d1d2a9fc11f9df295692413fe"
last-modified: Wed, 09 Feb 2022 21:00:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1644440411792
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNeVKCwTHSwFW0mZEqAAU%2BHBX%2BfAsvhjwffrzLI%2F44zaka%2BQqDpbmNxP7iVo94FIeqxdO7008tmO3Q3eccx8pQRAWVFkEF9PxTNr%2FLnDruQIKoIZ3voXo5T4GMo3Q5P7pgk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Bold.woff2
45.60.64.106200 OK 14 kB URL HTTP/2 www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Bold.woff2
IP 45.60.64.106:0
File type Web Open Font Format (Version 2), TrueType, length 14332, version 1.0\012- data
Hash ba487b98622054117d0be2f92f3f45b2
15d23eee08606db99dea03b0f1bc2b3b0e880ffe
17a31aae550a664382ab9d8085efc03a10a4548985f33ac4e5a533d5ab5e9339
GET /hubfs/dam/fonts/criteria/Criteria-CF-Bold.woff2 HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1659112319800/__CR_Web_Platform/CSS/cr-master__main.min.css
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "ba487b98622054117d0be2f92f3f45b2"
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
content-type: application/font-woff2
content-length: 14332
cache-control: max-age=932356, public
expires: Mon, 19 Sep 2022 06:14:20 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 767) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
104.17.240.204200 OK 15 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
IP 104.17.240.204:0
File type ASCII text, with very long lines (374), with no line terminators
Hash 4c21e75304e9d93882f3d0ab073f9089
c1499bce277b856c64af3a27ab75f6da97bea086
dd787284dacfc054d0179b1608b4b12591f6df5f165d78e75000c202377f6afb
GET /hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7477439d5b4c1c12-OSL
access-control-allow-origin: *
age: 1482386
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"1d7f81aaf24568ea5d90a82b829960fd"
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1644941386128
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2WHRvoRcN8ZvFOQXL%2BruI9C7v4Xj3MBbDkD8UCALawNEOnpebr8kn2E2c95eWLRdz0hXlkxcg%2FcEV7v8AHE0B3p%2BHc1f8UXGnpGelIlxthRrmx6zEhsl%2BOZ2ull9glhk%2FSs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/__dam/fonts/ionicons.ttf
45.60.64.106200 OK 110 kB URL HTTP/2 www.cybereason.com/hubfs/__dam/fonts/ionicons.ttf
IP 45.60.64.106:0
File type TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh\012- data
Size 110 kB (109844 bytes)
Hash 74fcc0eab7a68b1d369c8d673e578202
fbeb46fdae0b1704eb68d67cfefef3bd59777677
13447c3ac3a0e291f4b1a501206c7766a39d2b580d4d1cbe7f8a4e6ef541b47f
GET /hubfs/__dam/fonts/ionicons.ttf HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: W/"24712f6c47821394fba7942fbb52c3b2"
last-modified: Fri, 25 Sep 2020 09:38:00 GMT
content-type: font/ttf
content-length: 109844
content-encoding: gzip
cache-control: max-age=932357, public
expires: Mon, 19 Sep 2022 06:14:21 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 812) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de50d39318f58f490483c86aecd38e4c
f92177f493cb7bab9c5ce67f6b41f9214920907d
8bca037d0d46ddd72b4c1bbfc2829f96bc9e7bfb28724af3010f1441d14b7180
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
104.17.240.204200 OK 8.6 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
IP 104.17.240.204:0
File type Unicode text, UTF-8 text, with very long lines (51279), with no line terminators
Hash 3dcfe4dd4ae268e90647b301ed394169
134f4d6a6868bfd2fe7cdec7a710ecbe56486801
04e8130627aefe9a64ee3d2f0901f7fc5947e39dc654868debf9a6af5eddbf30
GET /hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b3a1c12-OSL
access-control-allow-origin: *
age: 356077
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"71c8c946791f3411c42a4cb1e9cdb5ed"
last-modified: Thu, 13 Jan 2022 17:50:59 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P2
x-amz-meta-created-unix-time-millis: 1642096258332
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvlALqjbCtqUGEEOI8lHW1M6Q38mwU5K%2BHoHHtnvxX4dTupAtSnO%2FUJLQNtONpHmbcFrCR76ibb5l%2BNzT4dCd9t40Pf2zi84HOAzF4kYCKNE7Q2tJp0%2BxS2aArRJXayEWU8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/animate.min.css
104.17.240.204200 OK 4.5 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/animate.min.css
IP 104.17.240.204:0
File type ASCII text, with very long lines (53270)
Hash ef0c7495bf74e730bed32add39021215
a4eafa94de5d8a695cf952c8aaa15d5014b78ea3
e617f33d2c4c1eb53324cff4100971b55dfc6858b8efe7da60bbfddcd7eb7345
GET /hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/animate.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b401c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"55009d64191e6f9e712a841773ee6611"
last-modified: Wed, 03 Nov 2021 16:39:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1635957557027
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t7ZknRHBqofEJR8JC9gsl%2Bm8PUGCyAHLmorKqfqoDCP%2F1zjP8MIMTzz6d5bVq6brsDiL%2BJMQVmRdo5jQDN0q4cW1l3%2BozkgbwlCs9vTagIPyOV2VT%2FLfchfR%2BlzwElqWM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
172.64.146.158200 OK 622 B URL HTTP/2 geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP 172.64.146.158:0
Hash 77ef4dc88ab881ad4fae72531e44dca0
1c1d7fa5a9b0c71344024fe976f93a8ee8aef9a9
44b841427151207a5c857b43f6076cae175cc7de4cdeda2451041a8ee8646ee1
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7477439e8f4bb529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1659112319800/__CR_Web_Platform/CSS/cr-master__main.min.css
104.17.240.204200 OK 9.7 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1659112319800/__CR_Web_Platform/CSS/cr-master__main.min.css
IP 104.17.240.204:0
File type Unicode text, UTF-8 text, with very long lines (31540)
Hash b548b7c2ba622c64a9a95d78f18ab825
7f9b25373712c1d09062597e889ff6cea04354dd
54fe15fee5867ad67b38f0fb9144f1085d351523873a37d8ecc7d24face1e213
GET /hub/3354902/hub_generated/template_assets/34470477360/1659112319800/__CR_Web_Platform/CSS/cr-master__main.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d7b6c1c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"5835a0f464a471745b91560a4431b16b"
last-modified: Fri, 29 Jul 2022 16:32:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1659112321498
x-amz-replication-status: PENDING
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NRRRYXNACP1mhpFkQJosyltudo8j6T%2BSjT0EIeKRnWlBGZUM8tzXtkI6p9bfvzXxId7oAq6DbZ%2FrPgYoMFkY%2BRUM5BBYNvgEkuRCddVfDhsT2FwDaC377znJA%2BN8CmZyws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP 142.250.74.163:0
Hash 78b56ce635ffacf856680ecf00a8ce14
575a23bc61fe455efb540c3fc31275e453cd70b0
5e250c54e7fccc89277267cb009efe53dae4a155be4289e4ba40519847775f67
GET /s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:36:55 GMT
expires: Wed, 06 Sep 2023 22:36:55 GMT
cache-control: public, max-age=31536000
age: 131889
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js
104.17.240.204200 OK 21 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js
IP 104.17.240.204:0
File type ASCII text, with very long lines (401), with no line terminators
Hash 266b0e688bf6c8200e3b65f8219b66c5
4b84848d3eb634076a21b7ced057f88cfeb5b3d3
b9a899e0352251d508345bf726aca7c0a77dbd9dad3d62b71b801aaccba00087
GET /hub/3354902/hub_generated/module_assets/43300360745/1649424828285/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7477439d5b521c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"c559951fe9a2b257ae98f9aeb1c4d6a2"
last-modified: Fri, 08 Apr 2022 13:33:49 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1649424828285
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SS4hzRg55QEspukG4AzW8Dvg9t9rgrSV4EZTmfHefMvsXd8BbQoJ8sJqog2EU8hFJN%2Bnp2MiSbEZ0REQ9Y3ndGy%2Fk8DAVDa7aSQgEI3GzZp3IYsBh1VpdppAqn9yIPvmPs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21796, version 1.0\012- data
Hash 8074c760fbdd366fc1c33ce702911abf
b68cdebfb413c4ad60fa131dc29e36da4b3ce45c
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
GET /s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:37:05 GMT
expires: Wed, 06 Sep 2023 22:37:05 GMT
cache-control: public, max-age=31536000
age: 131879
last-modified: Tue, 19 Apr 2022 19:35:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
104.17.240.204200 OK 20 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
IP 104.17.240.204:0
File type ASCII text, with very long lines (305), with no line terminators
Hash 104cebb1d54e8f096c59984b420a11ff
5e29e9c22b56f42c61c896963d295fc4f1ffa991
3f7dabfed3e9478ee1f96668c73e69306c6b58fb7f93801f9c1289dedb32d07f
GET /hub/3354902/hub_generated/module_assets/41682410610/1644941443113/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7477439d5b511c12-OSL
access-control-allow-origin: *
age: 443076
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"86f1ecf1077302d6bd359676a0142438"
last-modified: Tue, 15 Feb 2022 16:10:44 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1644941443113
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeWdVJAcyrscr8nlPsV7kQwdtu9zCEhyfQTBdL2W%2B66PfkTw%2B31rBxdBBrCRqsbKPZkMY0HCw1XsuUTJwiUcREbI71YL4vEBl6yLHlWwUNbt87U0TBUw9SUN0i8ns0%2FOCzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
142.250.74.163200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 18:59:14 GMT
expires: Tue, 05 Sep 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 231350
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
23.36.76.122200 OK 16 kB URL HTTP/2 use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 16112, version 1.0\012- data
Hash 4e9df0a47b54e897000e9bfbfa7a7dc2
194efbcd1c786091bf70790e9786622840b22424
599dd661a1d9e0af96d614fab0ea7396bf06de4265029166a265c2b10cc1a1b0
GET /af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 16112
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
23.36.76.122200 OK 23 kB URL HTTP/2 use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 23244, version 1.0\012- data
Hash 1c6d468d8c18149a27e28c6e073aa808
4ec33b47ba6a755725d598399358940e0aef861c
875f8e591b4fbc6567e2b33553bea9ca2d0e18593bd857783a569fe7bf4ba097
GET /af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 23244
etag: "122498e3424e674610da39fb441d661549879239"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1645325324081/module_34473990280_CR_-_Footer_Full__en_US.min.css
104.17.240.204200 OK 16 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1645325324081/module_34473990280_CR_-_Footer_Full__en_US.min.css
IP 104.17.240.204:0
File type ASCII text, with very long lines (3003), with no line terminators
Hash 630cc71adfa9970ceda9ce7600c82be8
4b8e50766305972feccc345caef20e66e379f367
b2fc4da0b6ffdb36c4301d4509d2515821367a21372cfb3d88e652efe70d727e
GET /hub/3354902/hub_generated/module_assets/34473990280/1645325324081/module_34473990280_CR_-_Footer_Full__en_US.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b381c12-OSL
access-control-allow-origin: *
age: 969932
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"5e970d579e1eb0f2b04f3bb72f88b645"
last-modified: Sun, 20 Feb 2022 02:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1645325324081
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSgRlDeXYEKljcpjK5R7F0DHpSpoLlA4Y4O35fMSF5lMEh9zNfBXb%2BO3oI2Ax%2FafU3Fq2LTt90CN1okZ1mE6FcBxpZdqWaBifWvmMzRIYAzgNwFyMNEC7VEcU0OxpkU0rs0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
23.36.76.122200 OK 16 kB URL HTTP/2 use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 16256, version 1.0\012- data
Hash 44c2b2eefc75af08917ca8bd28cf7eb3
f175cc8d2f00c76a732eb344ec321c251a572b29
f3f2822ba3d24c1f7f53bff8959801c644b2c1c556eb8c15ca36a86717f1ae7d
GET /af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 16256
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
104.17.240.204200 OK 16 kB URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
IP 104.17.240.204:0
File type ASCII text, with very long lines (2727), with no line terminators
Hash 508f306a9a9562c50bf1702a627ec294
8fe420a4c792f73f8bc1daf7a4570a60ae550242
ef14514255d15eced692657959c20b34a085d3fe4d8114e97a081da8075b6013
GET /hub/3354902/hub_generated/module_assets/41681847227/1644941386203/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d5b531c12-OSL
access-control-allow-origin: *
age: 950765
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"38a0b2ad68cbd188720dcc11cc435ad6"
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1644941386203
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gta4BmlKalHXmJ%2FsPyXaEGFnxpAIK%2FVlqbyWFKJ7xT54%2BVnUmcAMLLssXrKdpH4iQAACh5AmqOeNRDavvTH8t5AhcLllNDPfauATOiCRUWpWLoWGTJe%2Fiyj1V8WG4F%2FQ0Zo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
23.36.76.122200 OK 17 kB URL HTTP/2 use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 17152, version 1.0\012- data
Hash 7c8bfd0b5c5c5e7eea7c039b91fd6b2e
c3ab34c3b1281d89f3aef7136aeb84413e8aacdc
5c8d63abd4075c4ebd692fbd02e35fb72950f214a6486607c1819d4279ad526f
GET /af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 17152
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
23.36.76.122200 OK 16 kB URL HTTP/2 use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 16464, version 1.0\012- data
Hash afff29e7c541e1f60f84f3c4fdef112f
64a16ec658a00182703b40d1a0a9699cdb9d6f2b
dd8ce52adc4b0ab60f82c29ba12f25e2f6446245fc8c0b5f4bd6dab3146f9ef7
GET /af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 16464
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
23.36.76.122200 OK 17 kB URL HTTP/2 use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 16660, version 1.0\012- data
Hash 1e62ccdd8b8d2dae4a44a975635a04c2
df46ab763761eafadbde269db059833dbd49f48b
72493a3f42ed0260f03b6ffd3ea131be38a1070845bfae24927f643a3fcf3255
GET /af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 16660
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
www.cybereason.com/hubfs/cr-favicon-1.png
45.60.64.106200 OK 3.2 kB URL HTTP/2 www.cybereason.com/hubfs/cr-favicon-1.png
IP 45.60.64.106:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c5a55d5583255c7879c5a5fdae6ce7f
1f83403cb7f18495ec549d6f7e3e56c0927e89ed
33ff6b6486bdc5883c2c63e8278e8a547ca86b1f6026667f7733fec6b52a1303
GET /hubfs/cr-favicon-1.png HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "191c614ca975bba9737fcf4fc024f8e7"
last-modified: Fri, 10 Dec 2021 18:39:27 GMT
content-type: image/png
content-length: 3186
cache-control: max-age=264888, public
expires: Sun, 11 Sep 2022 12:49:52 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
x-cdn: Imperva
x-iinfo: 11-13621149-0 0CNN RT(1662635703373 1053) q(0 -1 -1 -1) r(0 -1)
X-Firefox-Spdy: h2
p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.21.0&app=typekit&e=js&_=1662635696906
23.36.76.122200 OK 35 B URL HTTP/2 p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.21.0&app=typekit&e=js&_=1662635696906
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 81144d75b3e69e9aa2fa3e9d83a64d03
f0fbc60b50edf5b2a0b76e0aa0537b76bf346ffc
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
GET /p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.21.0&app=typekit&e=js&_=1662635696906 HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: image/gif
cross-origin-resource-policy: cross-origin
etag: "61c32ad2-23"
last-modified: Wed, 22 Dec 2021 13:40:34 GMT
server: nginx
content-length: 35
unused62: 8096267
date: Thu, 08 Sep 2022 11:15:04 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4410b7b84c93f14f74d8fef364b840d
37303eaf19049d2ceb48581b9c990da5882dc7ff
d5276336c0a032fe9dfb73c1faff240132cbf073d621981b57c9c2a77d553afd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=41220
date: Thu, 08 Sep 2022 11:15:04 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 08 Sep 2022 11:15:04 GMT
expires: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.ads-twitter.com/uwt.js
151.101.84.157200 OK 15 kB URL HTTP/2 static.ads-twitter.com/uwt.js
IP 151.101.84.157:0
File type ASCII text, with very long lines (57443), with no line terminators
Hash 1e9c4d503a9e162d8b549dc3d9c040e2
1fa99d7d7e878cdd45567af4b0c3c65542036c1d
f936c0124c595fe5d0c7858277f3a5f3bd104de39d36ac92557501fa1dec8563
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 30 Aug 2022 20:19:10 GMT
cache-control: no-cache
content-type: application/javascript; charset=utf-8
content-encoding: gzip
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
accept-ranges: bytes
date: Thu, 08 Sep 2022 11:15:04 GMT
x-served-by: cache-iad-kjyo7100130-IAD, cache-bma1675-BMA
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15317
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js
104.16.148.64200 OK 90 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (65455)
Hash 8f3f79d0cf195bb45a90f3f6ce52c765
0dbd651547da8916062b874fd671a005d4d4c876
5df755e7d1f1fad81564342c72ea8226bf3ce12aa5892556f37cab01998ce045
GET /scripttemplates/6.38.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: application/javascript
content-length: 89624
content-encoding: gzip
content-md5: jz950M8ZW7RakPP2zlLHZQ==
last-modified: Thu, 21 Jul 2022 06:31:17 GMT
etag: 0x8DA6AE29E465D1D
x-ms-request-id: 7e08b95c-701e-0174-68d7-9c18f5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 11428
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a23c57b4fd-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 721eb245d022db7af3e30ad4e6b94226
4a53b4e9ad119295498594089826bddea4d0b9a6
6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
143.204.55.20200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
IP 143.204.55.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Hash f6a9ca04b0687ea3c0d98e8430c8c77b
35503b2deb23091a9a9c6c68d4020dbdf879588e
8e4328ecb6b395499567369e3c227231dbdaf361f43ce315934d7a2a3abbed41
GET /box-69edcc3187336f9b0a3fbb4c73be9fe6.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Wed, 07 Sep 2022 09:17:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified: Wed, 07 Sep 2022 09:16:57 GMT
strict-transport-security: max-age=604800; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1omlORLJ--9UVETQLpTBJU0axi_TYU3u9PZkIfSn56-3xR6ceGYRmw==
age: 93477
X-Firefox-Spdy: h2
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/a5309542-3a95-4b7d-92f9-5bea83600764/en.json
104.16.148.64200 OK 22 kB URL HTTP/2 cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/a5309542-3a95-4b7d-92f9-5bea83600764/en.json
IP 104.16.148.64:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65519), with no line terminators
Hash fd20dd6a03e956e7f872ce98fd95cddd
6503a1a5cc5eabdd4a8a55c6a81a50910b6ad4f3
62bb6e2408630fdc9d41d506d8f72c1ecb9d3b09990f39f8bb95fcec7e0f5e47
GET /consent/26b02624-42c7-456d-82c2-9669db762671/a5309542-3a95-4b7d-92f9-5bea83600764/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: application/x-javascript
content-length: 21762
cache-control: public, max-age=14400
content-encoding: gzip
content-md5: /SDdagPpVuf4cs6Y/ZXN3Q==
last-modified: Wed, 03 Aug 2022 14:59:34 GMT
etag: 0x8DA7560C76B21F0
x-ms-request-id: a2d34210-801e-0047-2849-a7078d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 2672
expires: Thu, 08 Sep 2022 15:15:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a3ae92b4fd-OSL
X-Firefox-Spdy: h2
script.hotjar.com/modules.448392d04fd1e15c100a.js
143.204.55.96200 OK 66 kB URL HTTP/2 script.hotjar.com/modules.448392d04fd1e15c100a.js
IP 143.204.55.96:0
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash dda0289b22368ab84a40f8dab68ddb9e
bef03b9e4930e3fddeee2dbd16f79fb04a78e11d
114cd1432d8d08eb7625146120b27b7046f5c3f841c25ff7889bd56ab1cd19ff
GET /modules.448392d04fd1e15c100a.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 65486
date: Wed, 07 Sep 2022 10:58:07 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "dda0289b22368ab84a40f8dab68ddb9e"
last-modified: Wed, 07 Sep 2022 10:57:54 GMT
strict-transport-security: max-age=604800; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -vXf1RNF4qAHHcfiHdT2ZhZ0zIR65y5BuTaRs0qZDyeiVZK9M-0PbQ==
age: 87417
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 6a37a1633dbc9b4fcecd3e21d7ae1005
47e72b2922e7d73e0874f9745b84300b06984e95
26c8a98af2a2890fa5833f12d59e172ed7754c0fe9361b19789ead099969535b
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Sep 2022 11:15:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Sep 2022 00:39:09 GMT
Expires: Fri, 09 Sep 2022 00:39:09 GMT
ETag: "47e72b2922e7d73e0874f9745b84300b06984e95"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fast.wistia.com/assets/external/E-v1.js
151.101.86.110200 OK 1.1 kB URL HTTP/2 fast.wistia.com/assets/external/E-v1.js
IP 151.101.86.110:0
Hash bee862714237066c7f936ea743df69f4
d7974014f7d4bfa4fb86431eba535e762edc1ec7
f57c643c26e84f13fd5e00335a748745385277d6e09b6e545b26354bc57290fe
GET /assets/external/E-v1.js HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: br
content-type: application/javascript
etag: "6317a9d3-1c58d"
last-modified: Tue, 06 Sep 2022 20:13:07 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 08 Sep 2022 11:15:04 GMT
age: 1479
x-served-by: cache-iad-kcgs7200118-IAD, cache-bma1671-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 118
x-timer: S1662635705.660540,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 96
content-length: 116109
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/?random=1662635697078&cv=9&fst=1662635697078&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.211.2200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/?random=1662635697078&cv=9&fst=1662635697078&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.211.2:0
File type ASCII text, with very long lines (2380), with no line terminators
Hash 0e181135f45a5a626707e56029684aa5
82c04b474be2d4a95e2a40f84d826f89995aa2c9
7b149c06bd6b6cdcd50f310efa958002190aa50e689a91ee02da0d55ed9d0104
GET /pagead/viewthroughconversion/561371164/?random=1662635697078&cv=9&fst=1662635697078&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 11:15:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1075
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Sep-2022 11:30:05 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&fmt=3&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&ct_cookie_present=1&async=1
216.58.211.2200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&fmt=3&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&ct_cookie_present=1&async=1
IP 216.58.211.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&fmt=3&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&ct_cookie_present=1&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 11:15:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Sep-2022 11:30:05 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lltrck.com/lt-v2.min.js
52.54.58.209200 OK 936 B IP 52.54.58.209:0
File type ASCII text, with very long lines (936), with no line terminators
Hash f53f4282503c0eab17ac9b0783e8aca3
e33b40a62ceffe49851b7dc561f08e4acd2232f0
5860771fcd971f0550e445042c677ee63ad53bd617e271ec7dd3fb0f8a5698d8
GET /lt-v2.min.js HTTP/1.1
Host: lltrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: application/javascript
content-length: 936
server: Kestrel
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
last-modified: Fri, 17 Jun 2022 11:17:37 GMT
accept-ranges: bytes
etag: "1d8823bd96e5d28"
strict-transport-security: max-age=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c35a376c0e9620e600bbab87a4b93b86
d25ae8da4874fbe7d074f9e00a63ba4c0c637ef0
e214919ef42b09adfc38db575c0b2682ce0ed83b63763863884f1c369fadf14a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.3200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.3:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/401574070/?random=1662635697081&cv=9&fst=1662635697081&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&auid=105109161.1662635697&hn=www.google.com&bttype=purchase&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 11:15:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697061&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697061&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697061&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697061%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLN5bRXDsNf_gAAAYMcz4LWKKnPHtbZdWxBTmRx_9o5Z7iYMw9KKYsyeCf7tLiAg0LX4tYd7C5YHw; Max-Age=2592000; Expires=Sat, 08 Oct 2022 11:15:05 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQLpAfm_W0VQ1QAAAYMcz4LWRNLMnDKxp1_IKi8F2Xv1c9WDie-H945l1g5qZP27wDfYQm1d4yYfp_MZqqwSiQ; Max-Age=2592000; Expires=Sat, 08 Oct 2022 11:15:05 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&47ec1c72-b4d1-428f-8204-fb62fb6594d0"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 11:15:05 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662635705:t=1662722105:v=2:sig=AQHWvTpRS9rXRlgk0rO7CWCA81ybRUi3"; Expires=Fri, 09 Sep 2022 11:15:05 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoKIqW4WGgLZiV6oZlWw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 3601D8AA3B9E4C108028F3ADA869F893 Ref B: OSL30EDGE0311 Ref C: 2022-09-08T11:15:04Z
date: Thu, 08 Sep 2022 11:15:05 GMT
content-length: 0
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/561371164/?random=1662635697078&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=1911902320&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/561371164/?random=1662635697078&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=1911902320&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/561371164/?random=1662635697078&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=1911902320&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 11:15:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/934771702/?random=1662635697074&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=2156588898&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/934771702/?random=1662635697074&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=2156588898&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/934771702/?random=1662635697074&cv=9&fst=1662634800000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tiba=THREAT%20ANALYSIS%20REPORT%3A%20PlugX%20RAT%20Loader%20Evolution&async=1&fmt=3&is_vtc=1&random=2156588898&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 11:15:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697059%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLBclWskunF8QAAAYMcz4LsQJ8zttBUGvHdPJ0QTA-rpe1EW2ALBxznm1WrQsh5e-5bDAcbQ9fzrA; Max-Age=2592000; Expires=Sat, 08 Oct 2022 11:15:05 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQLzmwIlV7MizgAAAYMcz4LsjKcI54RllJo81-f55yNNkb1aPBV2mcElhUvzk471eKy9yc7xZbGw_SyXqwHfFw; Max-Age=2592000; Expires=Sat, 08 Oct 2022 11:15:05 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&f26769bd-d84a-4954-816f-5856cceb54ca"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 11:15:05 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662635705:t=1662722105:v=2:sig=AQHWvTpRS9rXRlgk0rO7CWCA81ybRUi3"; Expires=Fri, 09 Sep 2022 11:15:05 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoKIqXQOU8tlbCC1K3yw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 54AF3B00E1EC47CBA75B89F96AA96302 Ref B: OSL30EDGE0311 Ref C: 2022-09-08T11:15:04Z
date: Thu, 08 Sep 2022 11:15:05 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.38.0/assets/otFlat.json
104.16.148.64200 OK 3.0 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.38.0/assets/otFlat.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (11118)
Hash 97c4da15fa8405d6c6448b1ca04e4f2d
88e70aa9e86a4cac72efb899cc13f4b259b6c55c
79020e0f443e773974f1fdfdd30eed8a006d75c14c57afe620053cd427e48740
GET /scripttemplates/6.38.0/assets/otFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: application/json
content-length: 3007
content-encoding: gzip
content-md5: l8TaFfqEBdbGRIscoE5PLQ==
last-modified: Thu, 21 Jul 2022 06:31:09 GMT
etag: 0x8DA6AE29925C8FF
x-ms-request-id: 33d48dc3-a01e-003d-3d49-a76dc0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a548f9b4fd-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcCenter.json
104.16.148.64200 OK 13 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcCenter.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (51305)
Hash 26d0fbce3c7305efdaa502da0b009d6b
1188784d9c337fe95a863c8c7a872c791c32d83d
ecc34d7d6ed2ad2bf2f3d51f8653cf548f933d94d5cfa876f3376532009fcf07
GET /scripttemplates/6.38.0/assets/v2/otPcCenter.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: application/json
content-length: 13258
content-encoding: gzip
content-md5: JtD7zjxzBe/apQLaCwCdaw==
last-modified: Thu, 21 Jul 2022 06:31:11 GMT
etag: 0x8DA6AE29A87E4A6
x-ms-request-id: c63f872a-001e-00d5-7f49-a7903b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a55901b4fd-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCookieSettingsButton.json
104.16.148.64200 OK 1.8 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCookieSettingsButton.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (3079)
Hash 91e664f12a596601efc85c1d30586f85
7276bbec77b6116edf56e1ebdf640888f4fc9f1b
dfdd828343cf4910141852a92e9eb8e6ae9616fa0fbfa6a93fa8535a4b1a190b
GET /scripttemplates/6.38.0/assets/otCookieSettingsButton.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: application/json
content-length: 1767
content-encoding: gzip
content-md5: keZk8SpZZgHvyFwdMFhvhQ==
last-modified: Thu, 21 Jul 2022 06:31:10 GMT
etag: 0x8DA6AE29A3CDCC9
x-ms-request-id: bf5df8e4-801e-00a2-7d49-a7157a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a55903b4fd-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b544c4d2427305f830d70cd40f2e5263
f8d3fbf9d368742f894816ea71d8cc9016078d1f
6f5bb81b798a2bb4ba854703b03d71c3cb1b0c0adb437f6ff863f1f7774c3005
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 11:15:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lltrck.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&referer=&fp=&uuid=ls1eb775-744b-499f-9116-9dabfcccc83d&cl=0
52.54.58.209200 OK 43 B URL HTTP/2 lltrck.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&referer=&fp=&uuid=ls1eb775-744b-499f-9116-9dabfcccc83d&cl=0
IP 52.54.58.209:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&referer=&fp=&uuid=ls1eb775-744b-499f-9116-9dabfcccc83d&cl=0 HTTP/1.1
Host: lltrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: image/gif
content-length: 43
server: Kestrel
set-cookie: trackalyzer=ls1eb775-744b-499f-9116-9dabfcccc83d; expires=Fri, 08 Sep 2023 11:15:05 GMT; path=/; SameSite=None; secure
access-control-allow-origin: *
strict-transport-security: max-age=2592000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 52e55aa6b8401f56ac146d97df0103f3
efd0b9e8f4617f3aa33481f6cde399d36f12c195
01eee8cc964564ad745cca1bdc8e4d7367ff3498925eb01a34de131108b788bb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:05 GMT
Last-Modified: Thu, 08 Sep 2022 09:59:16 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Mo_OaQxplejfPYyyfhvO-Gd2o8X-DEnCKCZ5_P8zW7mpjj_fW-MhSA==
Age: 4549
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697061%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697061%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697061%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697061&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&a7579be2-5d62-4584-805a-49085093be0f"; Domain=.linkedin.com; Expires=Fri, 08-Sep-2023 11:15:05 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220908111505959c2335-cd84-4ba1-8afc-9ffc575db0d6AQFWwNgShRBG92wL_XC_s6tpKD-9Nxur"; Domain=.www.linkedin.com; Expires=Fri, 08-Sep-2023 11:15:05 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2MzU3MDU7MjswMjFACKYP0+GT+BiruEdMnaVwfE30yxtYTV7P+lO51lbXMQ==; Domain=.linkedin.com; Expires=Tue, 07 Mar 2023 11:15:05 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2378:u=1:x=1:i=1662635705:t=1662722105:v=2:sig=AQHNBMUjeUBNITL-G7O5gNDm24KUfbwh"; Expires=Fri, 09 Sep 2022 11:15:05 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXoKIqboVdFePFODNZu9Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4C3B0D7CDC374170AF68F35B7175267B Ref B: OSL30EDGE0311 Ref C: 2022-09-08T11:15:05Z
date: Thu, 08 Sep 2022 11:15:05 GMT
content-length: 0
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697059%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697059%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1662635697059%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-analysis-report-plugx-rat-loader-evolution%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&08e8cb30-70cd-4282-8fb3-0f9b952a2c57"; Domain=.linkedin.com; Expires=Fri, 08-Sep-2023 11:15:05 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220908111505cda635da-9411-4990-81e0-f530bebd4991AQH4uJ8plKqKsN2uMwxMyDMgLtowPb5W"; Domain=.www.linkedin.com; Expires=Fri, 08-Sep-2023 11:15:05 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjI2MzU3MDU7MjswMjGUCE0wA4gfIEOhHGGeTrHMF2sw9IN7y/2mWC+odlqiyA==; Domain=.linkedin.com; Expires=Tue, 07 Mar 2023 11:15:05 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662635705:t=1662722105:v=2:sig=AQHWvTpRS9rXRlgk0rO7CWCA81ybRUi3"; Expires=Fri, 09 Sep 2022 11:15:05 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoKIqcKv9htdbT80J9wA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 0D785E1EAD26494C90637C88E65921B7 Ref B: OSL30EDGE0311 Ref C: 2022-09-08T11:15:05Z
date: Thu, 08 Sep 2022 11:15:05 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
104.16.148.64200 OK 1.5 kB URL HTTP/2 cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
IP 104.16.148.64:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2998), with no line terminators
Hash e7fcdccb9d2a50dfa3c8ec4053f09d23
83d66edbca5457a40e2211b4ebfd663ba2b469bf
4f14bb961ffd676774869916ba5ab0ba156355b175ec1aca7c68161ae3992009
GET /logos/static/poweredBy_ot_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: image/svg+xml
content-md5: LpuayL42jB78xRllx0vkOw==
last-modified: Thu, 08 Sep 2022 06:34:54 GMT
x-ms-request-id: 75c8ecde-f01e-0121-4852-c3f382000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 5483
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a67aaeb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5767
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 11:15:05 GMT
Connection: keep-alive
js.driftt.com/include/1662635700000/zdcd6x8yhg85.js
54.230.111.119200 OK 61 kB URL HTTP/2 js.driftt.com/include/1662635700000/zdcd6x8yhg85.js
IP 54.230.111.119:0
Hash 8da56f4feff8f9546fdd5529996e59a1
d5569c4b595dff68bb61fc6648dca6dd58daf5de
c08a21e9375d5cbcbd7291784505d4cc4c5c4d1123b2a84e15e3ad560c3bd604
GET /include/1662635700000/zdcd6x8yhg85.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx
last-modified: Wed, 07 Sep 2022 14:05:44 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: wSGeSK4B2YWe14RX4Rv5znjlvfITN5JP
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: no-cache
etag: W/"8c1fe25e318d475c304aef9f7cf882b2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xbcVYEdXAt9nq2IH7Ixb_qwm1_B73YsSXZFJ96WQ4humt61nPpcGTg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5767
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 11:15:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5767
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 11:15:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5767
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 11:15:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd38a7ac-451e-4dae-8707-f68a3c27ee4e.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd38a7ac-451e-4dae-8707-f68a3c27ee4e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ccc1d45458086694a8221a8a6c6aa3b
b8f1359214f21be812390a6cca80b8e84c26a403
461503caa5ec14c1214bdc19795e47b8c1c3c5be1b21f0f29e923e5191e93846
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd38a7ac-451e-4dae-8707-f68a3c27ee4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8693
x-amzn-requestid: aae6e4f7-9b0a-49da-b2f1-58b625609942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgFokoAMFbwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-27854a575dea22e1035454e3;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PKD1-NMnB_gBWmi4tmCDLib4ROvVwI4hrOL7CHtoMXEEGgYNYiAsTw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "b8f1359214f21be812390a6cca80b8e84c26a403"
content-type: image/jpeg
age: 48390
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 786824349d0ac6933b5beb4a10ce9cc7
63e6e7d760e736c45ca4778111ea8e61eb13edd6
4aea707f67116f423b68bd19e946b167b48c920693663f2b7b270c86947bffdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7923
x-amzn-requestid: 657663ba-b3e9-4a84-9186-3f13ad230765
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VsGsQoAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f57-6fc934984bba83fe1b91056f;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: WSGEVR0aSN0fgOzZ7GRMqgQ7z8UqIJ72nRk4_T2-C7ViLZgDMIEcDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:28:23 GMT
age: 46002
etag: "63e6e7d760e736c45ca4778111ea8e61eb13edd6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f922505178de0cea92eedcfda85a9f67
50f1459de01174e594e03e7df4dfaa8eb1798672
981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 05:34:36 GMT
age: 20429
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 48390
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6df26b-97aa-461c-9f22-c5c9496b5701.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6df26b-97aa-461c-9f22-c5c9496b5701.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24e43bc53a0b047911cff00ad4b72320
f6ef30b5df0e634c3a3f607d751e738e55a276c9
7e1406b2101c912e72f37f0257128574079e618c1af83e360acb3f29b4d44d89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b6df26b-97aa-461c-9f22-c5c9496b5701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8705
x-amzn-requestid: ccc5b695-35b5-49fd-b938-296a88a78ab8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgFOiIAMFaXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-12e809c767cdbba61492187c;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iN3jcMCQ8paYD_O9gQLAswM-ITb0oY8CYmbnMDwpwS-7hPLis5TGSg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:03:47 GMT
age: 47478
etag: "f6ef30b5df0e634c3a3f607d751e738e55a276c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a07d553b6441514870ed7e9e989a29a7
98c145b9326d1e6036fa9089d87a25232dd45b0b
373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6mfdlMHJozdykr4faiijvUuJPXVrJGU_n0MxJgCrZ-uWWdejGYfiAQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 45719
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1662635697059&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&tm=gtmv2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&66226b48-34bd-4608-8b59-6c567c409904"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Sep-2023 11:15:05 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2340:u=1:x=1:i=1662635705:t=1662722105:v=2:sig=AQHWvTpRS9rXRlgk0rO7CWCA81ybRUi3"; Expires=Fri, 09 Sep 2022 11:15:05 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXoKIqfTAAxv7Ag9h+mcQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5A17F21835CA4B31B2431607C146F5B4 Ref B: OSL30EDGE0311 Ref C: 2022-09-08T11:15:05Z
date: Thu, 08 Sep 2022 11:15:05 GMT
content-length: 0
X-Firefox-Spdy: h2
track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=3354902&pi=84230124556&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&cpi=84230124556&cgi=5272851739&lpi=84230124556&lvi=84230124556&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&t=THREAT+ANALYSIS+REPORT%3A+PlugX+RAT+Loader+Evolution&cts=1662635698148&vi=c9578ce68e2fe9ffad0124058fdeb9df&nc=true&ce=false&cc=0
104.19.155.83200 OK 45 B URL HTTP/2 track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=3354902&pi=84230124556&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&cpi=84230124556&cgi=5272851739&lpi=84230124556&lvi=84230124556&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&t=THREAT+ANALYSIS+REPORT%3A+PlugX+RAT+Loader+Evolution&cts=1662635698148&vi=c9578ce68e2fe9ffad0124058fdeb9df&nc=true&ce=false&cc=0
IP 104.19.155.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c8817d472077ebfc04593c1fa019d32d
e1e86f41c86c7b9cd2e8b76c6a925a1a3e7e3247
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=931822577&v=1.1&a=3354902&pi=84230124556&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&cpi=84230124556&cgi=5272851739&lpi=84230124556&lvi=84230124556&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&t=THREAT+ANALYSIS+REPORT%3A+PlugX+RAT+Loader+Evolution&cts=1662635698148&vi=c9578ce68e2fe9ffad0124058fdeb9df&nc=true&ce=false&cc=0 HTTP/1.1
Host: track.hubspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: image/gif
content-length: 45
cf-ray: 747743a90cb90b02-OSL
cache-control: no-cache, no-store, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-hubspot-correlation-id: b06548d7-d31b-4077-a98c-e1def0f246d9
x-robots-tag: none
set-cookie: __cf_bm=VKfZE2yIySP8xi039Ver9pNQL67b5TEyBJz5ixEOQYY-1662635705-0-AQpGHVpm7trc3LtjjlvDrojB62yWr6DD1RtPEPGRI5zuedhE4bI6lIFGWnlr7qbWE24IxTYebUM71MhTmcrB++Q=; path=/; expires=Thu, 08-Sep-22 11:45:05 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEyfulWB027V6B1MXWp3oXdAB80pvKxD25K8l1%2BVxNTRrsQWgt5%2FpEEfqIwS%2BI2uE8q3UKsnGkpWga7MpyxKs3xqUWfruMmuDg6AQtAUUX%2Bqvll1XtZNtpia7%2FpdRbnVjU4N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/main~493df0b3.7d8b6029.chunk.js
54.230.111.119200 OK 43 kB URL HTTP/2 js.driftt.com/core/assets/js/main~493df0b3.7d8b6029.chunk.js
IP 54.230.111.119:0
Hash 5a3063bf044db3c0bd33ad7a7193149c
222e6f88fbef5d07d5cf96e9455705d2c45f268a
20cf99250af873fed284a3e4b79e1a74b2e53640c2f863d9273519c1b51911ac
GET /core/assets/js/main~493df0b3.7d8b6029.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:21 GMT
etag: W/"d67b9f21a56510a527a7f7537b00473f"
x-amz-server-side-encryption: AES256
x-amz-version-id: Zuzu4zkNdNds.rM0TnlttVYiZf0bH2Nn
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: raS-ElS7p7tCybiphCVM8ken7KTspPIw1SdW3pJTuERsll63-IVQ6w==
age: 76180
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/19.c695453b.chunk.css
54.230.111.119200 OK 365 B URL HTTP/2 js.driftt.com/core/assets/css/19.c695453b.chunk.css
IP 54.230.111.119:0
File type ASCII text, with very long lines (365), with no line terminators
Hash 06b2963b029c0824382815165bfea73e
de23fb128e2589cf384603cfbb7f6b7bef969b05
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
GET /core/assets/css/19.c695453b.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 365
date: Sun, 03 Jul 2022 23:15:07 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:53 GMT
etag: "06b2963b029c0824382815165bfea73e"
x-amz-server-side-encryption: AES256
x-amz-version-id: _GKDVm7cwHRbprAEZ8WoHMzXEQGGTOt2
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3JwjHAjCJ_sQNbKPRgkPFRELW3oD-jpC9Uvh3upF1MKjffmLH70BPQ==
age: 5745599
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c94927c6f1d7c9aeef2fc78e2128714a
2c94e96f2f31a4187bca0f7cf3cf01f167661d8e
89406394e77a9ce6e652ec61f16e695fff134b41edc79ab1a963db885ac61be2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:06 GMT
Last-Modified: Thu, 08 Sep 2022 11:02:50 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -LAzXc6nW4kA-KQnDrEsDr0VkDtkakfNoY6KnyKNITlfFI0XGCo7oQ==
Age: 736
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c94927c6f1d7c9aeef2fc78e2128714a
2c94e96f2f31a4187bca0f7cf3cf01f167661d8e
89406394e77a9ce6e652ec61f16e695fff134b41edc79ab1a963db885ac61be2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:06 GMT
Last-Modified: Thu, 08 Sep 2022 09:25:14 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fk8LDAy09J5dPNS60m8Bnv46zIXwtUZaCPc8h9GHNXP76lG-s4ZwCg==
Age: 6592
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c94927c6f1d7c9aeef2fc78e2128714a
2c94e96f2f31a4187bca0f7cf3cf01f167661d8e
89406394e77a9ce6e652ec61f16e695fff134b41edc79ab1a963db885ac61be2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:06 GMT
Last-Modified: Thu, 08 Sep 2022 09:50:27 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7XffLqY3qcZWX0nqyElQewpKayGSTmOYPgbJLli5ktab7cOW22mgsQ==
Age: 5079
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c94927c6f1d7c9aeef2fc78e2128714a
2c94e96f2f31a4187bca0f7cf3cf01f167661d8e
89406394e77a9ce6e652ec61f16e695fff134b41edc79ab1a963db885ac61be2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:06 GMT
Last-Modified: Thu, 08 Sep 2022 10:01:06 GMT
Server: ECS (nyb/1DCD)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FOVSMaR1KKd6HAGTGl3lnBaRdVaiyOC7PTEXl5tNYStlqjkc-4GjMg==
Age: 4440
js.driftt.com/core/assets/js/25.8f107198.chunk.js
54.230.111.119200 OK 73 kB URL HTTP/2 js.driftt.com/core/assets/js/25.8f107198.chunk.js
IP 54.230.111.119:0
Hash 2c057bb9131a59df3ed3b391ce46c798
91a5511e024ff75ebf71c3bd36bca9bd14bb2b06
90146124074356a89e6a66cec43778a625028ce37b219738f8dfd22975f0de94
GET /core/assets/js/25.8f107198.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 03 Jul 2022 23:15:05 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
etag: W/"e2511c69e5bdc03467952abaccdb5383"
x-amz-server-side-encryption: AES256
x-amz-version-id: WcCqQoAG3H9hj_QsryoONfIqJXy6i_Vu
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7ApRSjiPSKtnNLwuZX94vIVhFJn8szRo8iJmNMUOZWSJAud76x6XPA==
age: 5745600
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/31.8eff0b2a.chunk.js
54.230.111.119200 OK 4.5 kB URL HTTP/2 js.driftt.com/core/assets/js/31.8eff0b2a.chunk.js
IP 54.230.111.119:0
Hash 3a4831c729430fb069c0809cf378b9a7
f1888c293fb38c3eb028b97276825e714b07b9c3
63e0ab1dbb95739aebea4e2a7913c645942f6529355aff0c1137d5aed9cfe0b2
GET /core/assets/js/31.8eff0b2a.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:26 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
etag: W/"38bc6d0cdcc9a5fb26105a0c1d5e3b6d"
x-amz-server-side-encryption: AES256
x-amz-version-id: eVBQ88bzD_3.ddOqKgz_yj4YXzdFljhq
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pzklW-iKWL-QkqXVjRS6vEvjr5ntjp5WHWNXvIGDs7hd828i4a5zwQ==
age: 76180
X-Firefox-Spdy: h2
bootstrap.api.drift.com/widget_bootstrap/ping
3.94.218.138200 OK 147 B URL HTTP/2 bootstrap.api.drift.com/widget_bootstrap/ping
IP 3.94.218.138:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 60e4ed5255af0e07493dd9173c29b855
c395e78687070242029975458f9f8f23cea05f8b
0f22cf2acf8146a0114391fa869da34a4c62183bce53e066d6605bf022b12ce1
POST /widget_bootstrap/ping HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 120
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:06 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: d929e0ff02cb9f2d
vary: Accept-Encoding
content-length: 147
x-envoy-upstream-service-time: 2
server: istio-envoy
X-Firefox-Spdy: h2
metrics.api.drift.com/monitoring/metrics/widget/init/v2
54.147.21.139200 OK 25 B URL HTTP/2 metrics.api.drift.com/monitoring/metrics/widget/init/v2
IP 54.147.21.139:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 61228f8f544358e9ea1f463f01b5853c
582766f30c82dc2df6938c8e16455fa5e329afb1
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
POST /monitoring/metrics/widget/init/v2 HTTP/1.1
Host: metrics.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization:
Content-Length: 138
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:06 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: b1998a95ed4a3588
vary: Accept-Encoding
content-length: 25
x-envoy-upstream-service-time: 13
server: istio-envoy
X-Firefox-Spdy: h2
customer.api.drift.com/integrations/hubspot/utk/v2
54.147.21.139200 OK 13 B URL HTTP/2 customer.api.drift.com/integrations/hubspot/utk/v2
IP 54.147.21.139:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /integrations/hubspot/utk/v2 HTTP/1.1
Host: customer.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://js.driftt.com/
Origin: https://js.driftt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:07 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drifted45cd8481480b3ac7cd90a27b6
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2
customer.api.drift.com/integrations/hubspot/utk/v2
54.147.21.139200 OK 2 B URL HTTP/2 customer.api.drift.com/integrations/hubspot/utk/v2
IP 54.147.21.139:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /integrations/hubspot/utk/v2 HTTP/1.1
Host: customer.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization:
Content-Length: 115
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:07 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 9d4cb93d6bf3649a
vary: Accept-Encoding
content-length: 2
x-envoy-upstream-service-time: 58
server: istio-envoy
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 330031d6e66e84f75205651f58175697
b11000ed6cf8ffc98f124b98efd0d445b932e9a9
a5eb71051edab49211d9663b038b97928d8f88f764e3074b3831c4f706688d82
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 11:15:07 GMT
Last-Modified: Thu, 08 Sep 2022 09:26:57 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JhbSFgiN9wmG_LQyg6sGisFmHnIdlO9zx_DQ-FDmS-PD8QChwYUerQ==
Age: 6490
1381277-27.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVMTM4MTI3Ny0xNTU1MjU2MzM2NS00ZAAGb3JnX2lkbQAAAAcxMzgxMjc3ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU1NTI1NjMzNjVkAAl1c2VyX3R5cGVkAARsZWFkbgYA8IzPHIMBYgABUYA.NpENZ5b9IShU-kM9e_TfJFrB_NueKtgi-tE7CkGahl0&remote_ip=52.205.21.197&vsn=2.0.0
52.22.105.146101 Switching Protocols 0 B URL HTTP/1.1 1381277-27.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVMTM4MTI3Ny0xNTU1MjU2MzM2NS00ZAAGb3JnX2lkbQAAAAcxMzgxMjc3ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU1NTI1NjMzNjVkAAl1c2VyX3R5cGVkAARsZWFkbgYA8IzPHIMBYgABUYA.NpENZ5b9IShU-kM9e_TfJFrB_NueKtgi-tE7CkGahl0&remote_ip=52.205.21.197&vsn=2.0.0
IP 52.22.105.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVMTM4MTI3Ny0xNTU1MjU2MzM2NS00ZAAGb3JnX2lkbQAAAAcxMzgxMjc3ZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU1NTI1NjMzNjVkAAl1c2VyX3R5cGVkAARsZWFkbgYA8IzPHIMBYgABUYA.NpENZ5b9IShU-kM9e_TfJFrB_NueKtgi-tE7CkGahl0&remote_ip=52.205.21.197&vsn=2.0.0 HTTP/1.1
Host: 1381277-27.chat.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Rbcm3TBTXMzyqxUDrDjf5w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 08 Sep 2022 11:15:08 GMT
Connection: upgrade
cache-control: max-age=0, private, must-revalidate
sec-websocket-accept: FcTYvNcHj8O1qVjVUYGcdU/CtG8=
server: Cowboy
upgrade: websocket
event.api.drift.com/track
54.147.21.139200 OK 13 B URL HTTP/2 event.api.drift.com/track
IP 54.147.21.139:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /track HTTP/1.1
Host: event.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://js.driftt.com/
Origin: https://js.driftt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:08 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftf8238ba44f48dc30a70ca54fc74
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy
X-Firefox-Spdy: h2
event.api.drift.com/track
54.147.21.139200 OK 585 B URL HTTP/2 event.api.drift.com/track
IP 54.147.21.139:0
File type JSON data\012- , ASCII text, with very long lines (585), with no line terminators
Hash ca576a2844bb2fc546ffdb62f033bc48
58e8fe92269f3b172a04e7ab212dce8fb6b34252
36ea0c494311d3df1c64deaea9885a5ca90748f5aa7cd581dd8251ce67f2d662
POST /track HTTP/1.1
Host: event.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNTU1MjU2MzM2NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE2OTQxNzE3MDcsImlhdCI6MTY2MjYzNTcwN30.UaaI3jC_ykc-yflIZUB3M3l089Sm4IIQyQgjgzu1DUO1gRa4Rie-ziTW1UGSCwqyRED9q_KqLHhlBn20ve7tJA
Content-Length: 430
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:08 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 80e88086d539751b
content-length: 585
x-envoy-upstream-service-time: 1
server: istio-envoy
X-Firefox-Spdy: h2
presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTEzODEyNzctMTU1NTI1NjMzNjUtNGQABm9yZ19pZG0AAAAHMTM4MTI3N2QACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzE1NTUyNTYzMzY1ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAPSMzxyDAQ.3gYRu_fEdbhMUCCGDIiowCBQtoHP1aqEVg5dXWo8lnk&remote_ip=52.205.21.197&vsn=2.0.0
35.174.210.7101 Switching Protocols 0 B URL HTTP/1.1 presence.api.drift.com/ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTEzODEyNzctMTU1NTI1NjMzNjUtNGQABm9yZ19pZG0AAAAHMTM4MTI3N2QACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzE1NTUyNTYzMzY1ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAPSMzxyDAQ.3gYRu_fEdbhMUCCGDIiowCBQtoHP1aqEVg5dXWo8lnk&remote_ip=52.205.21.197&vsn=2.0.0
IP 35.174.210.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g3QAAAACZAAEZGF0YXQAAAAFZAACaWRtAAAAFTEzODEyNzctMTU1NTI1NjMzNjUtNGQABm9yZ19pZG0AAAAHMTM4MTI3N2QACXNjb3BlX3NldG0AAAAEbGVhZGQAB3VzZXJfaWRtAAAACzE1NTUyNTYzMzY1ZAAJdXNlcl90eXBlZAAEbGVhZGQABnNpZ25lZG4GAPSMzxyDAQ.3gYRu_fEdbhMUCCGDIiowCBQtoHP1aqEVg5dXWo8lnk&remote_ip=52.205.21.197&vsn=2.0.0 HTTP/1.1
Host: presence.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TMHkqcyKJ30UaOSC9OBJOA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
cache-control: max-age=0, private, must-revalidate
connection: Upgrade
date: Thu, 08 Sep 2022 11:15:08 GMT
sec-websocket-accept: VP6Mx4o0mmo5RHjSdpUgzKZtW0Y=
server: Cowboy
upgrade: websocket
www.cybereason.com/_hcms/perf
45.60.64.106200 OK 35 B URL HTTP/2 www.cybereason.com/_hcms/perf
IP 45.60.64.106:0
Hash a19bf6ef41663ce6bf0e3286bda3eea8
6209b15d4b220e76988dd8fc05dd395e44d20419
edebdb61c0149e3c5871a4d73a713502d4a1e4acf4842f6be20fc536e1dced78
POST /_hcms/perf HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
Content-type: application/json
Content-Length: 778
Origin: https://www.cybereason.com
Connection: keep-alive
Cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; __cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==; _gcl_au=1.1.105109161.1662635697; _hjSessionUser_704918=eyJpZCI6IjRiMmIxOTQ2LTU1MzktNTVlNy05NzdlLTQzYTU1YWFkNTBjMiIsImNyZWF0ZWQiOjE2NjI2MzU2OTc0NzgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_704918=eyJpZCI6ImMwOTNjMzAxLWM4MGQtNGY4Mi1hMjE4LTY1NmI3NTQxMzI1YSIsImNyZWF0ZWQiOjE2NjI2MzU2OTc1NTEsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; OptanonConsent=isGpcEnabled=0&datestamp=Thu+Sep+08+2022+11%3A14%3A57+GMT%2B0000+(Coordinated+Universal+Time)&version=6.38.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-analysis-report-plugx-rat-loader-evolution&groups=C0001%3A1%2CC0004%3A0%2CC0002%3A0%2CC0003%3A0; drift_campaign_refresh=0378cc80-ea00-4d89-8f92-88db7aa82b1f; drift_aid=225c1795-fd54-44c4-b80e-e68cfcec888a; driftt_aid=225c1795-fd54-44c4-b80e-e68cfcec888a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:08 GMT
content-type: text/plain; charset=utf-8
cf-ray: 747743bb8cdc990f-ARN
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
x-hs-https-only: worker
x-hubspot-correlation-id: 8d94bfc3-9e6b-447d-98f0-f1a53efa2c63
x-robots-tag: none
x-trace: 2B63F3822324B2DD1B2C385F24DB88A169DF74E0A1000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sEoPclyTZQlehxZfeDBHmpb4ULEzsbtljt2CGSrNBy9Rc1DYXrmCcoPDWqGapIe0Hj9OBP0A8%2BgSNtYcKfmHhKqTAPveOMwOEAEsI504%2F7AnhSUQXFWqpg3a7mvByywpcTyKIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 11-13621149-13621152 PNYN RT(1662635703373 5316) q(0 0 0 -1) r(2 2) U6
X-Firefox-Spdy: h2
metrics.api.drift.com/monitoring/metrics/event2/bulk
54.147.21.139200 OK 25 B URL HTTP/2 metrics.api.drift.com/monitoring/metrics/event2/bulk
IP 54.147.21.139:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 61228f8f544358e9ea1f463f01b5853c
582766f30c82dc2df6938c8e16455fa5e329afb1
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
POST /monitoring/metrics/event2/bulk HTTP/1.1
Host: metrics.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNTU1MjU2MzM2NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE2OTQxNzE3MDcsImlhdCI6MTY2MjYzNTcwN30.UaaI3jC_ykc-yflIZUB3M3l089Sm4IIQyQgjgzu1DUO1gRa4Rie-ziTW1UGSCwqyRED9q_KqLHhlBn20ve7tJA
Content-Length: 699
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:09 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 4001c423647a383
vary: Accept-Encoding
content-length: 25
x-envoy-upstream-service-time: 11
server: istio-envoy
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/18.40ab7295.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/18.40ab7295.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/18.40ab7295.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"fafe5f62fc3aec49b7966fa154962db8"
x-amz-server-side-encryption: AES256
x-amz-version-id: 3ktfD2K4Jga.M1SWwwN9gtZLMJ_jJceE
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eAMyCAzYvROtFcPLl-kzc112j-mhkM_lumNb4QbkfMekJCAgD6YahA==
age: 76180
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/11.639238ba.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/11.639238ba.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/11.639238ba.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 03 Jul 2022 23:15:06 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:55 GMT
etag: W/"4049f38c00add1738dc4806148ff8829"
x-amz-server-side-encryption: AES256
x-amz-version-id: 7WrloWWSc22pVf.7ICrUs7406unnhgom
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: A9YI9BlQyh-Vlt5VAUo-MvWDSMDzbvbv4bHIrCwewX9f-jXNLGGN2g==
age: 5745599
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/26.2d4cdbd1.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 31 Aug 2022 18:23:27 GMT
server: nginx
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
etag: W/"c55d27c90bd5affbf7c7047151ac3b6a"
x-amz-server-side-encryption: AES256
x-amz-version-id: siv4sYmLp3BEOV5kWKjSS9V7tHMZAkGl
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PuL6XkW2hTkWqUTKSiV3Uo0os_l5QZnoZOwEeInq8BHPzF451BbQjw==
age: 665499
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1662571157634/hubspot/hubspot_default/shared/responsive/layout.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1662571157634/hubspot/hubspot_default/shared/responsive/layout.min.css
IP 104.17.240.204:0
GET /hub/7052064/hub_generated/template_assets/1662571157634/hubspot/hubspot_default/shared/responsive/layout.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b391c12-OSL
access-control-allow-origin: *
age: 64513
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
last-modified: Wed, 07 Sep 2022 17:19:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1662571158797
x-amz-replication-status: PENDING
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbyi6FJ1DBD9rZM3Np3uv8I5ZL19eJVypqw8A6EL64nNWarY0P%2F4GN3DntNIM68XiF4Zm8jsk1xb%2B9afxUoJb0CXCqC2ylZMQETMnblFQvifCJVkGsQh%2Btz8qaB5%2BOr1xaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
IP 54.230.111.119:0
GET /core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 07 Sep 2022 14:05:26 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: C4.p0Rt59W97gEfnItto7uRy4ZEdDGrA
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 08 Sep 2022 11:15:05 GMT
cache-control: no-cache
etag: W/"15d578ae91560e4e2d462a889ae22f43"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VEJyeNagjxcT7ZXPERkozsljADoFBlNzj0-KZnKeads-arR9qOmnpQ==
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/cr-master__cta.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/cr-master__cta.min.css
IP 104.17.240.204:0
GET /hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/cr-master__cta.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d7b6e1c12-OSL
access-control-allow-origin: *
age: 1482387
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"29d616ce2740000b02cc9cacae33a2db"
last-modified: Tue, 14 Jun 2022 18:48:39 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1655232518974
x-amz-replication-status: PENDING
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suS0z0wCAAyOeucFqyb1sb0hZUoHUZVMRsg0eLltqH8pg77FsUuk1IqKjsTBDfpFKnx6kcgM%2B8P45dIgf0iQ3zmBc83sm8ycfLwBtTZ1W0Nl0JGon0Znq9Tu6F1U%2Fp4y858%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css
104.16.148.64200 OK 0 B URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css
IP 104.16.148.64:0
GET /scripttemplates/6.38.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: text/css
content-md5: TLLtdkuMahUQRVIfmZNHNw==
last-modified: Thu, 21 Jul 2022 06:31:23 GMT
x-ms-request-id: 5a8540ca-801e-0107-5649-a76836000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 2672
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 747743a55904b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/48.36272856.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/48.36272856.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/48.36272856.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
etag: W/"11fc6ce0a6034588f5e23638e2b6c3f2"
x-amz-server-side-encryption: AES256
x-amz-version-id: k8.uxYl53iC1oeWvq0NE3PJ03yVM0lns
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kU5VPc9c-ruuGBIVIx_Ifd68tdcqAsRrT2ui4xJWgjd5SYHlvW4KwQ==
age: 76180
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/9.8a88aefc.chunk.css
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/9.8a88aefc.chunk.css
IP 54.230.111.119:0
GET /core/assets/css/9.8a88aefc.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:17 GMT
etag: W/"1994b7e76186a981c9d51dcbff101a32"
x-amz-server-side-encryption: AES256
x-amz-version-id: 3qIJZHu9lsyXW8bY1VqKa42prdH6YdyT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vWcyUy5V5UbH1eLvImf3jAoqCL_p3tu7sek-EnULnK7zWwJ4HmcHdQ==
age: 76180
X-Firefox-Spdy: h2
bootstrap.api.drift.com/widget_bootstrap
3.94.218.138200 OK 0 B URL HTTP/2 bootstrap.api.drift.com/widget_bootstrap
IP 3.94.218.138:0
POST /widget_bootstrap HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 653
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:07 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: dab0bc235a644845
vary: Accept-Encoding
content-encoding: gzip
x-envoy-upstream-service-time: 286
server: istio-envoy
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/21.b8c41db9.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 00:55:28 GMT
server: nginx
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
x-amz-server-side-encryption: AES256
x-amz-version-id: f.0PmvFwFO6wHvpJ0r6JG1gTthOACCRK
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 29nluiHkLUUgur25NLrkRaXTqsuflJBi93XSOsKcs33mR3YFCVVMsw==
age: 4184377
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/24.d9fc7b2b.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/24.d9fc7b2b.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/24.d9fc7b2b.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"ebda2236575cb846b9b84443117ec17c"
x-amz-server-side-encryption: AES256
x-amz-version-id: tdDq0JvAIFFCK1k9yTPM0blA_TCdZnZf
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Cj1rQdch7Mwh5i9Korf3RNJ4WGMFXMIXm9DYELEH-6sXXUF-2oqyIw==
age: 76180
X-Firefox-Spdy: h2
js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014
IP 54.230.111.119:0
GET /core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014 HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 07 Sep 2022 14:05:26 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: C4.p0Rt59W97gEfnItto7uRy4ZEdDGrA
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 08 Sep 2022 11:15:05 GMT
cache-control: no-cache
etag: W/"15d578ae91560e4e2d462a889ae22f43"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rDj7pnxxcWez16Up8ga6NEirbs3YLDB0jsg1E1knwh11a81WIfyv6w==
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css
IP 54.230.111.119:0
GET /core/assets/css/34.11d2b6a7.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Sat, 02 Jul 2022 23:19:59 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:54 GMT
etag: W/"87532c4db85f1429fa6d759bc3332f36"
x-amz-server-side-encryption: AES256
x-amz-version-id: _3ypchvV2Y1htZw1RZMu3A33yhTTURn1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MK6K2lxUKdmPrQZWAYyLn-Wf-xctl1HqGUJVS_roKvqEMVxf0ko1XQ==
age: 5831707
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-704918.js?sv=7
143.204.55.37200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-704918.js?sv=7
IP 143.204.55.37:0
GET /c/hotjar-704918.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Thu, 08 Sep 2022 11:14:15 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=604800; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
etag: W/b18251c128118b268c1571d47f0aa5fb
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mS3ndJCxiKWdISw25Y3_wwvtlMYquoq41oi-CTHQcHVioMRjoRS78A==
age: 49
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1654107482327/__CR_Web_Platform/CSS/cr-mln__build.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1654107482327/__CR_Web_Platform/CSS/cr-mln__build.min.css
IP 104.17.240.204:0
GET /hub/3354902/hub_generated/template_assets/42760289143/1654107482327/__CR_Web_Platform/CSS/cr-mln__build.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b3b1c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"f63856775f345cf13be72533fa213899"
last-modified: Wed, 01 Jun 2022 18:18:04 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1654107483525
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtNz0Txis5OHclmJtn6NmTCdXwHRW3GUNomoKJyLV3%2Bjz22ZHyCETsKjdiq2cTZbTPxWTljnzUqcv%2FJZZmyXEa3zEv%2FhvUy%2FNY%2FEeT%2B4fKFvHcRs5HP%2B0FiH1pXzrb7FbKQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css
IP 104.17.240.204:0
GET /hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b3d1c12-OSL
access-control-allow-origin: *
age: 443888
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"84c377016cc8d5f4c82d61754c144d63"
last-modified: Mon, 06 Jun 2022 16:07:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1654531652721
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VIQROZjxdHS4%2BYU2DYhJHbBNzIhvq%2BZ04av2cmJgwbeXSp6feau739qFm6VsO4vS4p%2FL4ns0Up6Wb5YDVekxsokNHety72wnGBzUnysp%2B429gdD4dl%2Brc53TnHqyFIAtxIk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/28.190877b8.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/28.190877b8.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/28.190877b8.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
x-amz-server-side-encryption: AES256
x-amz-version-id: G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5uuE29n4fYltGSAC9aviOtLktqcgxUxePE4gZ4zNi9-tfKOTpjNirA==
age: 76180
X-Firefox-Spdy: h2
platform.linkedin.com/in.js
23.36.76.210200 OK 0 B URL HTTP/2 platform.linkedin.com/in.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
GET /in.js HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Play
expires: Thu, 8 Sep 2022 11:23:56 GMT
cache-control: public, max-age=3600
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
content-length: 162497
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAXoJ9O1+syYI/25nW8Orw==
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 209
date: Thu, 08 Sep 2022 11:15:03 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/27.9bf46b67.chunk.css
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/27.9bf46b67.chunk.css
IP 54.230.111.119:0
GET /core/assets/css/27.9bf46b67.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Fri, 12 Aug 2022 18:08:02 GMT
server: nginx
last-modified: Fri, 12 Aug 2022 17:25:54 GMT
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
x-amz-server-side-encryption: AES256
x-amz-version-id: OwtYu1UfCDk9O65HArj6B6mV7fLBXaFN
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 09vYkcaRrXy8-iCNtvMEs0snvXeIkGIhPomsHskmsJ-yt28O5c7HdQ==
age: 2308024
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/8.611ead2e.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/8.611ead2e.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/8.611ead2e.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 09 Jun 2022 19:59:49 GMT
server: nginx
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
x-amz-server-side-encryption: AES256
x-amz-version-id: _RZ1GDjUm5KuW3ooz6jLFMyJffaKXq96
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zvtJeoIEjsTXvRl39taCBCLzOBIMW0ywRB9NQEplG72Xq2d7qDyh-w==
age: 7830916
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap
IP 142.250.74.10:0
GET /css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 11:15:04 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
45.60.64.106200 OK 0 B URL HTTP/2 www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
IP 45.60.64.106:0
GET /blog/threat-analysis-report-plugx-rat-loader-evolution HTTP/1.1
Host: www.cybereason.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/html; charset=UTF-8
cache-control: s-maxage=14400, max-age=0
etag: W/"7e9ee53bd9ec7d1c96ed0f87cc27516f"
last-modified: Thu, 08 Sep 2022 10:00:10 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>; rel=preload; as=script
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-84230124556,CG-3354902,CG-5272851739,P-3354902,L-42870461961,CW-34473990280,CW-41681847227,CW-41682410610,CW-42867014566,CW-43300360745,CW-44252461159,E-34470223313,E-34470224480,E-34470477360,E-35275979682,E-35291999472,E-42363645447,E-42507089303,E-42507091846,E-42760289143,PGS-ALL,SW-0,B-5272851739,GC-36042052587
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=14400, max-age=0
x-hs-cf-cache-status: HIT
x-hs-combine-css: Disabled
x-hs-content-campaign-id: 9d0f7a4c-be0b-46ea-b708-005916cbdaae
x-hs-content-id: 84230124556
x-hs-hub-id: 3354902
x-hs-prerendered: Thu, 08 Sep 2022 10:00:10 GMT
x-powered-by: HubSpot
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OeWvPhNEX9ZRP76qHvQnb9PM0pz2AoUG1xoCS83btWgFm6DkSXAeWIA0XziSECfepBtOJ9QlxgbdQ12LGL0qxa9biCFtVmDmxyxjTDbhYJnfDFKzbZy2pQLrfUM1iUgjZjk4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=PuYnDaOTFZGHhqt9D0YthR6XXpAfJaN8CS3ZLwTPIx8-1662635703-0-ASOR7l37iSDEtt3xf2n6MtSNe2QV9YhuBtN+Zev94BX/rvdNhirj2vJCz5+pOK61QzqvD/05Rryd8E+KFYkJVNM=; path=/; expires=Thu, 08-Sep-22 11:45:03 GMT; domain=.www.cybereason.com; HttpOnly; Secure; SameSite=None
__cfruid=0468be539456fe13b47fbe3d90ca89ee4b52a3a8-1662635703; path=/; domain=.www.cybereason.com; HttpOnly; Secure; SameSite=None
visid_incap_2710048=OQenmhiTRwKFbjmv9KyYBrfOGWMAAAAAQUIPAAAAAAAlRf6PuDk/RBeyLDMChhc1; expires=Thu, 07 Sep 2023 22:14:27 GMT; HttpOnly; path=/; Domain=.cybereason.com
nlbi_2710048=gPHuXQEPjlmUBTx92P/mMAAAAAC1IIrVU/jGwyCFyyAVmHP6; path=/; Domain=.cybereason.com
incap_ses_275_2710048=XQgqBD9enCl85UkWhP/QA7fOGWMAAAAA+ToWEuRjP77JxPLdRvIMlw==; path=/; Domain=.cybereason.com
server: cloudflare
cf-ray: 7477439a7ed3990f-ARN
content-encoding: gzip
x-cdn: Imperva
x-iinfo: 11-13621149-13621152 NNNN CT(1 6 0) RT(1662635703373 17) q(0 0 0 0) r(2 2) U12
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css
IP 104.17.240.204:0
GET /hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b3f1c12-OSL
access-control-allow-origin: *
age: 536666
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"a0b451fd96744fa455495e022542ab86"
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1635957556622
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r2SMuONDpo843g0B8zRniP6AXSFOdfbd0JyHvEJFNzs8YK%2FCWjfE2kD1ZamdDhLvVgOrzMLhqG5haqPCeAFnUZjH6i4sRvuGNDsmNjBN4NRk8SAt0iH7kaT55phvVSGa64w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/53.583306fb.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/53.583306fb.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/53.583306fb.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:27 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
etag: W/"a9de78010e6b0fa088457c00bd596fbc"
x-amz-server-side-encryption: AES256
x-amz-version-id: K8tgCc1oz8nV2fBxfcsQ0qqo033lXEJW
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mJSmd2z7E3dpfdgr-PdpVoB8saTcRG32OXoI7YIi96bh_G7FcPDZlw==
age: 76181
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/runtime~main.b250b86f.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/runtime~main.b250b86f.js
IP 54.230.111.119:0
GET /core/assets/js/runtime~main.b250b86f.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:22 GMT
etag: W/"22101a35b64377c5d4df6a5bfd9d3411"
x-amz-server-side-encryption: AES256
x-amz-version-id: V_mVP8KpfWhO.HBa58CB10XzmCqbIgzL
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UziWsdyZ4DX4VKugB4qp5aDHNeVZsvpVb5FTOnA6cpAo3B6Yq9hkpg==
age: 76180
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/31.a39c83a8.chunk.css
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/31.a39c83a8.chunk.css
IP 54.230.111.119:0
GET /core/assets/css/31.a39c83a8.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662635696014
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Wed, 07 Sep 2022 14:05:26 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:17 GMT
etag: W/"a5e166130ff052851935f17711177b8c"
x-amz-server-side-encryption: AES256
x-amz-version-id: N.Ib0fATmXRCYBlMgTjdb_Uo60hx8im4
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7eeC_yPf3OK0GJdkUfyOsLiwbje34rWJKo358Lp8dmpsNAYeNo3E0w==
age: 76180
X-Firefox-Spdy: h2
js.hs-scripts.com/3354902.js
104.17.213.204200 OK 0 B URL HTTP/2 js.hs-scripts.com/3354902.js
IP 104.17.213.204:0
GET /3354902.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2B822E432CFC6233BE93550A7714AB7BC96437D384000000000000000000
cache-control: public, max-age=60
vary: Accept-Encoding
x-hubspot-correlation-id: 31c7f432-9d7d-4759-b694-f108523a4a28
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-origin: https://www.cybereason.com
last-modified: Thu, 08 Sep 2022 11:11:34 GMT
cf-cache-status: EXPIRED
expires: Thu, 08 Sep 2022 11:16:04 GMT
server: cloudflare
cf-ray: 747743a1da14b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/cr-framework__bulma-columns.min.css
104.17.240.204200 OK 0 B URL HTTP/2 cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/cr-framework__bulma-columns.min.css
IP 104.17.240.204:0
GET /hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/cr-framework__bulma-columns.min.css HTTP/1.1
Host: cdn2.hubspot.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:03 GMT
content-type: text/css
cf-ray: 7477439d4b3c1c12-OSL
access-control-allow-origin: *
age: 1482387
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
etag: W/"636c18615b58fca9536b2e1c578c6db7"
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-methods: GET
x-amz-cf-pop: IAD89-P1
x-amz-meta-created-unix-time-millis: 1635957556893
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8h0mIwirwH%2FmPDK1tJwW4q1jnv7iR%2Bkb2X1QJk73eS6sHWoQhe%2FCuDnjGcxZw%2B7j3x9HSIYkYmu7%2FafLrUYLqZFJrKRW5RDxocRrz3UYNMd%2BnoOQWdaR3c14%2B5CS0AxIHGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP 142.250.74.10:0
GET /css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn2.hubspot.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 11:15:04 GMT
date: Thu, 08 Sep 2022 11:15:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.hs-analytics.net/analytics/1662635400000/3354902.js
104.17.68.176200 OK 0 B URL HTTP/2 js.hs-analytics.net/analytics/1662635400000/3354902.js
IP 104.17.68.176:0
GET /analytics/1662635400000/3354902.js HTTP/1.1
Host: js.hs-analytics.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:04 GMT
content-type: text/javascript
x-amz-id-2: rtskGXIfiOl4E4HBFgogalQebadT2EFjuikm3+lolBrv5D5fZkW5sQhrSN5VmhVW0nZ2+mqm7pM=
x-amz-request-id: 7AZECVQKZE3XG91N
last-modified: Fri, 02 Sep 2022 15:00:44 GMT
etag: W/"2a14ce33daa9a3e7e3eacb4c7a2bb703"
x-amz-server-side-encryption: AES256
cache-control: max-age=300, public
x-amz-version-id: null
access-control-allow-credentials: false
expires: Thu, 08 Sep 2022 11:16:34 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 747743a0d80b0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/704918/visit-data?sv=7
54.170.132.149200 OK 0 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/704918/visit-data?sv=7
IP 54.170.132.149:0
POST /api/v2/client/sites/704918/visit-data?sv=7 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 131
Origin: https://www.cybereason.com
Connection: keep-alive
Referer: https://www.cybereason.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Sep 2022 11:15:05 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/15.1e73b2a2.chunk.js
54.230.111.119200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/15.1e73b2a2.chunk.js
IP 54.230.111.119:0
GET /core/assets/js/15.1e73b2a2.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85®ion=US&forceShow=false&skipCampaigns=false&sessionId=e0d640b9-a52e-43a7-ab8c-f243fd894b3f&sessionStarted=1662635698.123&campaignRefreshToken=0378cc80-ea00-4d89-8f92-88db7aa82b1f&hideController=false&pageLoadStartTime=1662635696014&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"7e075432be3c755edf19b6bc94ca9dc0"
x-amz-server-side-encryption: AES256
x-amz-version-id: ti3HUwK2_s2JVs84wZdkVxX.8HfEuc1k
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x9VpKceKXG-YkXnfvf5v8Y-8eAs6twvOOWJGOzMymABg25hiRpQo9w==
age: 76180
X-Firefox-Spdy: h2