firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 18 Sep 2022 12:12:07 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NN2y7jx-UZg74W1I0jWYpkMEMhycqboVs9tKVASszG8lWoGXFRjlYA==
Age: 191
www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
301 Moved Permanently 155 B URL HTTP/1.1 www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 42c394b8f0152b372537ace9acc3f7bb
1219c55c4e3ea109c473aab65deb81f09a0fe0a6
6aaad3365c30c4f8d2504e569527e588d33eeae66dd7045bcfeef7413820db2a
Analyzer Verdict Alert fortinet Malware
GET /attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/ HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 18 Sep 2022 12:15:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
CF-Ray: 74ca019a2fc4b511-OSL
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Strict-Transport-Security: max-age=2592000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: MISS
Content-Security-Policy: : default-src *
Feature-Policy: geolocation none;
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Security-Policy: : default-src *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-WebKit-CSP: : default-src *
X-XSS-Protection: 1; mode=block
Server: cloudflare
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3248
Expires: Sun, 18 Sep 2022 13:09:26 GMT
Date: Sun, 18 Sep 2022 12:15:18 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 18 Sep 2022 03:30:43 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JSdTx6FM5y9giQmOPRxx2NiwvkrQIRiYNPjyzLeCOBXmK-XEuRt24w==
age: 31475
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/fonts/BRSonoma-Bold.woff2
200 OK 33 kB URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/fonts/BRSonoma-Bold.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 32720, version 1.0\012- data
Hash 5078d65a7087cbdce44bb90b9c577528
57829eb68930d2f3248546ea8c6ba3e44af2e253
21fe1567b88b69a13747ec43354352936dcc3705ff316abc8d62af9174bd6a6c
GET /wp-content/themes/cynet/assets/fonts/BRSonoma-Bold.woff2 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: font/woff2
content-length: 32720
cf-ray: 74ca019dfb89fac8-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 184523
cache-control: public, max-age=31536000
etag: "62574621-7fd0"
last-modified: Wed, 13 Apr 2022 21:52:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/fonts/BRSonoma-SemiBold.woff2
200 OK 33 kB URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/fonts/BRSonoma-SemiBold.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 32908, version 1.0\012- data
Hash 010800a24c3e4145a6d4f0ef7971b068
0e12f808869b7902ea40effa18e4691b93ce2f5d
b2a1c5d387302eda33d6c3b269d13efbace6bfa596c0a2a83087e9d083a9963f
GET /wp-content/themes/cynet/assets/fonts/BRSonoma-SemiBold.woff2 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: font/woff2
content-length: 32908
cf-ray: 74ca019dfb8cfac8-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 184523
cache-control: public, max-age=31536000
etag: "62574622-808c"
last-modified: Wed, 13 Apr 2022 21:52:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/main.css?ver=1662735644
200 OK 14 kB URL HTTP/2 www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/main.css?ver=1662735644
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash d350381e418aa72a6b41a8b536d03bfc
94bd2b22e7a42b382311145e62b9f626d41d6dde
179f4f7f4ccb036be24bcc7ff25222ef2075a75dc3a242e9e94aa087a48b3ac6
GET /wp-content/cache/min/1/wp-content/themes/cynet/assets/css/main.css?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: text/css
cf-ray: 74ca019dfb88fac8-OSL
access-control-allow-origin: *
age: 188422
cache-control: public, max-age=31536000
etag: W/"631b551c-174b6"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/down-arrow.svg
200 OK 618 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/down-arrow.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 60e99dd88dd509e19591add0f2015a8e
3d688f50991e688a376533e9f8c93128980c2ed4
49e677329dd1040c25e1f096f443d9175fbf30177a32d3d6f912cd23412762d5
GET /wp-content/themes/cynet/assets/images/down-arrow.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019e8be8fac8-OSL
access-control-allow-origin: *
age: 188421
cache-control: public, max-age=31536000
etag: W/"62574634-b1"
last-modified: Wed, 13 Apr 2022 21:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cynet.com/wp-content/uploads/2021/11/a-yellow-rubber-duck-description-automatically-ge.jpeg
200 OK 53 kB URL HTTP/2 www.cynet.com/wp-content/uploads/2021/11/a-yellow-rubber-duck-description-automatically-ge.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x640, components 3\012- data
Hash b78626543aca37ee298f04cff76b03f9
1a8295eb74fa312c9d7d2803742a1d2ca3bdaa5b
aac116327cb879798c4cd2382500e09a72633f9019723d53ce4257751091ced8
GET /wp-content/uploads/2021/11/a-yellow-rubber-duck-description-automatically-ge.jpeg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:19 GMT
content-type: image/jpeg
content-length: 53363
cf-ray: 74ca019f4c71fac8-OSL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000
etag: "625814e6-d094"
last-modified: Thu, 14 Apr 2022 12:34:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=53396, status=webp_bigger
server: cloudflare
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cynet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:26:57 GMT
expires: Thu, 14 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 319702
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cynet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:30:58 GMT
expires: Thu, 14 Sep 2023 19:30:58 GMT
cache-control: public, max-age=31536000
age: 319461
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cynet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:32:09 GMT
expires: Thu, 14 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 319390
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cynet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:26:57 GMT
expires: Thu, 14 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 319702
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 18 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600
Expires: Sun, 18 Sep 2022 12:40:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h4_O-bfAJv9F8TJ27lFaaMjDYwE11l5tq_pEJaV-RuwAH0EgI6bC_w==
Age: 717
www.cynet.com/wp-content/themes/cynet/assets/images/apple-touch-icon.png
200 OK 4.2 kB URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/apple-touch-icon.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 13e22d3eedce63c49cbf8cbc31a349b6
f6d4af9dad5193bd6b98c560a3d2e20906127b06
e9412c046f56199c785b6029aa03e198d22197a298988513bdfe9cb25bd39cd7
GET /wp-content/themes/cynet/assets/images/apple-touch-icon.png HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:19 GMT
content-type: image/webp
content-length: 4152
cf-ray: 74ca01a08d4bfac8-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 184523
cache-control: public, max-age=31536000
content-disposition: inline; filename="apple-touch-icon.webp"
etag: "62826de3-12d5"
last-modified: Mon, 16 May 2022 15:29:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=4821
server: cloudflare
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/favicon-16x16.png
200 OK 358 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/favicon-16x16.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7ee873b779207634946f7c84c4b4c707
783f22ccda899edfbe15bdd11feed7e9ce53ce72
a8be90166ac8722fb4bd2ba0a5bb97773f8663f0c24edd5f86bfd8c255d27acd
GET /wp-content/themes/cynet/assets/images/favicon-16x16.png HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:19 GMT
content-type: image/webp
content-length: 358
cf-ray: 74ca01a08d4dfac8-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 184523
cache-control: public, max-age=31536000
content-disposition: inline; filename="favicon-16x16.webp"
etag: "62574634-1e0"
last-modified: Wed, 13 Apr 2022 21:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=480
server: cloudflare
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ab87e1e4dc6abd919cf683dff901fe8
07cfbf03a72cb316844c48669a10484e63b7f887
d68b40168e5c06bd69b83e8529ea0b15996e7124d2c8b3c5b0be81c8946f04c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 5fd1174f35b25298fc44a6de1af3f3d6
d45a47995ec34c7df480b3efafb13f55d9df7eb8
f60573eff255ef3d7603ca813f410c30588931b4018ffa0e07fa0bb2653c47af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5901
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:19 GMT
Last-Modified: Sun, 18 Sep 2022 10:36:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wo5Zlpn3sTslp9qFeZacCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O723+RVEjODA0dUbdQZVTBm69uk=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Sun, 18 Sep 2022 15:12:48 GMT
Date: Sun, 18 Sep 2022 12:15:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Sun, 18 Sep 2022 15:12:48 GMT
Date: Sun, 18 Sep 2022 12:15:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Sun, 18 Sep 2022 15:12:48 GMT
Date: Sun, 18 Sep 2022 12:15:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Sun, 18 Sep 2022 15:12:48 GMT
Date: Sun, 18 Sep 2022 12:15:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Sun, 18 Sep 2022 15:12:48 GMT
Date: Sun, 18 Sep 2022 12:15:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Q6pjncaouCXUu0Pz7v6xF_8ClxxVypUSeggW23Z-UTsPamKCTgwjmA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 22:00:17 GMT
age: 51303
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9a9211e94d6aa2429e9663ef317707e
ac0d1af96508d026f9a1252d358660bd5671f9bd
36663b67119ae58b665e43d86b73045472cf23d73bf2c981754f479989690791
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5448
x-amzn-requestid: 3b63d209-af92-4d64-866a-d8f677aa62a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn659H9DIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263ea5-30e7f8a32603ba70671addec;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:39:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CqzHFWav9sDzwBhF58p314oyYPwfcbmlplVt2oF9QxSBIi5ktgpS7w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:49:54 GMT
age: 51926
etag: "ac0d1af96508d026f9a1252d358660bd5671f9bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97d0fb7f2e5c544eb87b803a153d8763
a247157989727bf0d4598679f7f0cc9646299cbd
cfff9f9aaad7b3dc4949c917df6096ee65a3392d8a8dceddf94261af5480ac56
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87c956a4-db39-47fc-87b0-5c576f15441b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: cb45074f-f130-41a6-b253-6bc6654e8ebb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn6KXH3gIAMFwnA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263d75-32ffacde1e1eb46117c61fe9;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:34:45 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P60MPAXw-2lxWTjCtqk9Cd1oga6yuq6lcApDeSIWfIAehDHdXsCFIw==
via: 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:52:10 GMT
age: 51790
etag: "a247157989727bf0d4598679f7f0cc9646299cbd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e7c2440-8c3c-44a6-abd6-84e4cf4a71b4.png
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e7c2440-8c3c-44a6-abd6-84e4cf4a71b4.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7bee8e76cdd23db16e3fac4eddc5ca9f
646170abc26654bb4b44731906b090f2617b383d
2f0febf704be09d9b9fbfed0fc0c60692667ea984e09a681a00fd9661f32b389
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e7c2440-8c3c-44a6-abd6-84e4cf4a71b4.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11788
x-amzn-requestid: dfe137b0-12d6-42f7-911c-4714bbb68f9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn64EGDbIAMFnFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263e99-6540bae27aec883036de23cd;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPPrDP8Ncq4fgSaiQL85Nbnv958N9ckMiNchQImRTwLaSemEUdDpeA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:39:38 GMT
age: 52542
etag: "646170abc26654bb4b44731906b090f2617b383d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec46eb11-30ba-49b6-9fa9-7b2aa2a6753b.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec46eb11-30ba-49b6-9fa9-7b2aa2a6753b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7aee46b7814b9faad9e1e961d2d08953
b024a3286d0349f92d555acb3caec116c25a305f
a5dd4f4504202cf4183b53619300e16b0653344cc3e3870c30599137e177059f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec46eb11-30ba-49b6-9fa9-7b2aa2a6753b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6997
x-amzn-requestid: fdb2e9d7-d3c0-4536-b9e6-d09972fb1f84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5tmElsoAMFe2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cbd-11ff4c9f1e38f4102e558f03;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:31:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DCRdz8tLPQE4s5m_h4rSZbigL2Wepeg5QzSVpFm0xHh0yYiP0SsNqQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:47:52 GMT
age: 52048
etag: "b024a3286d0349f92d555acb3caec116c25a305f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2512deb9-0912-4851-b376-b8bcb67ed3ef.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2512deb9-0912-4851-b376-b8bcb67ed3ef.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7334a6bdb209350f41e4640960c9ce2a
0b00e1a594dc88c8fb05044a69cc0ba1eafc4946
bf946afeb52d95f27e2a271486accf87a0c169e5e78f6d57cace80564e2ed668
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2512deb9-0912-4851-b376-b8bcb67ed3ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10554
x-amzn-requestid: 07497447-33e7-4f60-a3ff-974f581c5704
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5tlG_7IAMFaIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cbd-1964dc6548cb5f7c09f65b78;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:31:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4c7A4n-fW5-zEG1OjjUo8zWdY80KTpzwJdfKuDT0OjW5NpkZxxWB-A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 21:49:35 GMT
age: 51945
etag: "0b00e1a594dc88c8fb05044a69cc0ba1eafc4946"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9b19d20af774aa4c4de18c09845d54b9
cd0d41b4957edf5b2f7f66df082b7d1010acceb8
067f454a8ba17fba5f10b67b6a594edd9d9775beb5fb87cb6c98ff462a9f2fe1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-T9F8RFV
200 OK 87 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-T9F8RFV
IP
File type C source, ASCII text, with very long lines (27526)
Hash 46d6dcc1accd821545f5c99e0c693bbc
4db784d25532e67ff2d5dadc580196335cce78f9
3a0a0e873393596f62952f98953bd35e63d99e64e32284548860df4586bd28e6
GET /gtm.js?id=GTM-T9F8RFV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 18 Sep 2022 12:15:22 GMT
expires: Sun, 18 Sep 2022 12:15:22 GMT
cache-control: private, max-age=900
last-modified: Sun, 18 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86848
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9b19d20af774aa4c4de18c09845d54b9
cd0d41b4957edf5b2f7f66df082b7d1010acceb8
067f454a8ba17fba5f10b67b6a594edd9d9775beb5fb87cb6c98ff462a9f2fe1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2c5fa1aa3b0ff8ff65044e3af743dab
c33b7beac437d06eac512e99c509df50f6521a03
c522f55e3b08eb7100c24e2f008fd6b68c93493dac5f5f3a0844746cf7cae87d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C522F55E3B08EB7100C24E2F008FD6B68C93493DAC5F5F3A0844746CF7CAE87D"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7243
Expires: Sun, 18 Sep 2022 14:16:05 GMT
Date: Sun, 18 Sep 2022 12:15:22 GMT
Connection: keep-alive
j.6sc.co/6si.min.js
200 OK 9.6 kB IP
File type ASCII text, with very long lines (30830), with no line terminators
Hash cebcbc7a648ed5ed0bb18e36f2e4ef0c
176cdac65d9c13b982daac90c68a539592f578d8
0de815477d22a4607e70bf3a8f1df753639782253a41ca49be7dbdb40b5005e9
GET /6si.min.js HTTP/1.1
Host: j.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "630402a0-786e"
last-modified: Mon, 22 Aug 2022 22:26:40 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
content-length: 9594
cache-control: private, no-cache, proxy-revalidate
expires: Sun, 18 Sep 2022 12:15:22 GMT
date: Sun, 18 Sep 2022 12:15:22 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash ddcba556c30629c008fc10ce0857f788
69d4fe58a65e57c359706c040c0f9904a6d97590
253f048b4756aedcc2fe702a3f782401f1c8e9487d496629b5421d6eaa1e7997
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3010
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:22 GMT
Last-Modified: Sun, 18 Sep 2022 11:25:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a82324f9f3089caeb6985f5d5bd0c36b
97ebfbda5ef761e33fe157de6da7ffb66822da3c
6cde208514247b7a05fe8e31a96dc56ff18f517ec7696d2de318ca023a5d0ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CDE208514247B7A05FE8E31A96DC56FF18F517EC7696D2DE318CA023A5D0ECC"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=588
Expires: Sun, 18 Sep 2022 12:25:10 GMT
Date: Sun, 18 Sep 2022 12:15:22 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2c5fa1aa3b0ff8ff65044e3af743dab
c33b7beac437d06eac512e99c509df50f6521a03
c522f55e3b08eb7100c24e2f008fd6b68c93493dac5f5f3a0844746cf7cae87d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C522F55E3B08EB7100C24E2F008FD6B68C93493DAC5F5F3A0844746CF7CAE87D"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7243
Expires: Sun, 18 Sep 2022 14:16:05 GMT
Date: Sun, 18 Sep 2022 12:15:22 GMT
Connection: keep-alive
c.6sc.co/
200 OK 7 B IP
File type ASCII text, with no line terminators
Hash d97623d172f087d9640da9acd38830ff
515bd358bb7d990930f0e2b3de399db1787a2567
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
GET / HTTP/1.1
Host: c.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 7
date: Sun, 18 Sep 2022 12:15:22 GMT
access-control-allow-origin: https://www.cynet.com
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
www.redditstatic.com/ads/pixel.js
200 OK 7.7 kB URL HTTP/2 www.redditstatic.com/ads/pixel.js
IP
File type ASCII text, with very long lines (25224)
Hash 95212d33cfff78ad59f5af5b20c48c53
9b99a4091a6eb716bc68f1428e3c86eca068b25b
bd69f250efa08cb2c0a06c35d91fda762779820d87779019c25211f4559ebb1d
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 19 Jul 2022 22:48:09 GMT
etag: "95212d33cfff78ad59f5af5b20c48c53"
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 18 Sep 2022 12:15:22 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7722
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 281 B IP
Hash 5035ef3785a1247fb7efbd3191c55022
9b076825d1930ab0a09cf7287e61a6fccec54dae
095222165044063557cb24568125034e7122d791edda206a262fb95ecff706a0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:22 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 18:45:14 GMT
Expires: Fri, 23 Sep 2022 18:45:13 GMT
Etag: "9b076825d1930ab0a09cf7287e61a6fccec54dae"
Cache-Control: max-age=454790,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ca01b6adf9b523-OSL
secure.adnxs.com/getuidj
200 OK 11 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 096dc398f48c9a61584478fea3ee50a1
7d0a5f87833db711b2eb52c73638c5e14538a969
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
GET /getuidj HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 18 Sep 2022 12:15:22 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.cynet.com
AN-X-Request-Uuid: 6ca1e427-eb9d-4d6b-bc41-5e0d84debcbf
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
grow.clearbitjs.com/api/pixel.js?k=pk_fdcc7334380e4a27fcae2628d40a80e2&v=1663503304338
200 OK 1.3 kB URL HTTP/2 grow.clearbitjs.com/api/pixel.js?k=pk_fdcc7334380e4a27fcae2628d40a80e2&v=1663503304338
IP
Hash 3935631d9ba3d0d2b135bcf3a6a42686
97ec03b1a7df957ec7981acd08913bafdbb0c353
52ef84ea8eadb7c2657942260319bd0fc39aa69d36897990e6d56b7576ec5c57
GET /api/pixel.js?k=pk_fdcc7334380e4a27fcae2628d40a80e2&v=1663503304338 HTTP/1.1
Host: grow.clearbitjs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: text/javascript
cf-ray: 74ca01b6cb37b4ff-OSL
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 545d041cadf1d43d105192bc6f4c1fc3
45957a4b653425c66123b0a771b4bd4e14ce84c4
3e5fae478cb52241cb634be564e63622021de15a8ed7b6a86b1c449c4e20de1b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E5FAE478CB52241CB634BE564E63622021DE15A8ED7B6A86B1C449C4E20DE1B"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4578
Expires: Sun, 18 Sep 2022 13:31:40 GMT
Date: Sun, 18 Sep 2022 12:15:22 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash c82c429cf1b304e60c44c14a6ef45e10
024d0f55d49fe0660d813694d85832ad52bcd4e2
46ec7d3330a3f977bee985448908079c1fcc5e6d1bd0d9f68cb3bdc02d6ab6f0
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 22 Sep 2022 09:33:49 GMT
ETag: "024d0f55d49fe0660d813694d85832ad52bcd4e2"
Last-Modified: Sun, 18 Sep 2022 09:33:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1937
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ca01b87e380afa-OSL
b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
200 OK 43 B URL HTTP/2 b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "615ccf10-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Sun, 18 Sep 2022 12:15:23 GMT
set-cookie: 6suuid=261f1602097a0000db0b27633800000048b50400; expires=Tue, 17-Sep-2024 12:15:23 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
q.quora.com/_/ad/a7c29b8b64284d26b89fd4447b58730d/pixel?j=1&u=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tag=ViewContent&ts=1663503304430
200 OK 43 B URL HTTP/1.1 q.quora.com/_/ad/a7c29b8b64284d26b89fd4447b58730d/pixel?j=1&u=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tag=ViewContent&ts=1663503304430
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /_/ad/a7c29b8b64284d26b89fd4447b58730d/pixel?j=1&u=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tag=ViewContent&ts=1663503304430 HTTP/1.1
Host: q.quora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Cookie: __cf_bm=Iin6Nc0HRZl5o7qvIClINpuOR7uMAqEpmkfvRuqAJ74-1663503322-0-ARxD+0YjQSO8MkGWbcMrB9ia7gI9BlrYQEP+nhuLiKOUqvKlQ6ofXFa45AdbnceMA1eZ0N+Q13OFbMSMmhfWFug=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 18 Sep 2022 12:15:23 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,fd0895bbf853f8f4d5b26a8ab3e9f055,10.0.0.223,58072,91.90.42.154,,61654875880,1,1663503323.038,0.001,,.,0,0,0.000,0.000,-,0,0,197,298,149,10,34729,,,,,,-,
Content-Length: 43
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash b5096018b1db2cf6bce861b25d6cce6c
ebe8cd0cf8b13ab788b6cc24dff49fef486850a1
3240ec6165fc18cba19783f965e5d2ad0ec9d167e87b0e034c54e8b906b33817
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 19:37:18 GMT
Expires: Sat, 24 Sep 2022 19:37:17 GMT
Etag: "ebe8cd0cf8b13ab788b6cc24dff49fef486850a1"
Cache-Control: max-age=544313,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ca01b84887b523-OSL
pixel.bilinmedia.net/ostr.js?px=736
200 OK 583 B URL HTTP/1.1 pixel.bilinmedia.net/ostr.js?px=736
IP
Hash cf3e6a3ae63b52c76ab1a39413498214
f68b0162bc452c1824e04640b6b18f5f047fec59
cf55a86444222d03b823a330c71ba4b66dad83f6372214dfe79eb8dfaff9938d
GET /ostr.js?px=736 HTTP/1.1
Host: pixel.bilinmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:52 GMT
Content-Type: application/javascript
Connection: close
Content-Length: 583
Server: BilinDSP
apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=5110087&version=2.1.1&ref=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&r=1663503304451
200 OK 43 B URL HTTP/1.1 apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=5110087&version=2.1.1&ref=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&r=1663503304451
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /activity/activity.gif?activityTypeId=31&cid=5110087&version=2.1.1&ref=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&r=1663503304451 HTTP/1.1
Host: apt.techtarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Cookie: __cf_bm=rFZqobA9ArYo1My.lMV_7ENHmAUDnYZwRNUrEDUbi3w-1663503322-0-Ad9dMxvZVDp0mH4o3/AOWi+4TH98yJTzRMiGpCoU2XibLDNNyHL3IaLK7A21Tu/heZxs5BxOtfcicvxGrWrZBWU=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:23 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/gif
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 414b2b1f7a460b53fd673bf783404018
a9f6623fabb1ffd50f7a6f5106d7abd839ab5e47
8acff6eff2e05a3bc7ab9593b8aae53b5922f04ce99184d4b5c3fc40a69633b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:23 GMT
Last-Modified: Sun, 18 Sep 2022 11:17:04 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZlOLO7Q39vw1tjRzAqA0LjiDhKTCQxhL7PPkpq2nCzhgMV4QBEtb4g==
Age: 3499
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 414b2b1f7a460b53fd673bf783404018
a9f6623fabb1ffd50f7a6f5106d7abd839ab5e47
8acff6eff2e05a3bc7ab9593b8aae53b5922f04ce99184d4b5c3fc40a69633b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:23 GMT
Last-Modified: Sun, 18 Sep 2022 11:19:44 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RmaCK7CqnVOfjpke5tmcRPE7_INEVRWZSSGO7jFXrLob1fmKVoU6nQ==
Age: 3339
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 414b2b1f7a460b53fd673bf783404018
a9f6623fabb1ffd50f7a6f5106d7abd839ab5e47
8acff6eff2e05a3bc7ab9593b8aae53b5922f04ce99184d4b5c3fc40a69633b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:23 GMT
Last-Modified: Sun, 18 Sep 2022 10:29:24 GMT
Server: ECS (nyb/1D2A)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _Z7sUEB1pjCriy4MnPgfQPT4BjzTxbIqrN7kLcczA4YuiM2g1JtAGg==
Age: 6359
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 414b2b1f7a460b53fd673bf783404018
a9f6623fabb1ffd50f7a6f5106d7abd839ab5e47
8acff6eff2e05a3bc7ab9593b8aae53b5922f04ce99184d4b5c3fc40a69633b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:23 GMT
Last-Modified: Sun, 18 Sep 2022 11:11:01 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8F0DEbF0w1crENLvvqPPs7pOVrVmTUjHdJCIeI3HtN3GAdGvtWVaDg==
Age: 3862
hemsync.clickagy.com/external/hasHashes?clkgypv=jstag
200 OK 28 B URL HTTP/2 hemsync.clickagy.com/external/hasHashes?clkgypv=jstag
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 830cb026fae1a13104725d2b3100ec10
40188da405f4a93c90f0b5e060e0ccca8e483eba
4d32822dd4fd4e7b58950d7c693e301eaa19b29305077afaebc12852df7f4ee0
GET /external/hasHashes?clkgypv=jstag HTTP/1.1
Host: hemsync.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:23 GMT
content-type: text/plain; charset=utf-8
content-length: 28
access-control-allow-origin: https://www.cynet.com
vary: origin
access-control-allow-credentials: true
access-control-expose-headers: content-length, last-modified, expires, content-type
content-encoding: gzip
X-Firefox-Spdy: h2
aorta.clickagy.com/pixel.gif?clkgypv=jstag
302 Found 0 B URL HTTP/2 aorta.clickagy.com/pixel.gif?clkgypv=jstag
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel.gif?clkgypv=jstag HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 18 Sep 2022 12:15:23 GMT
content-type: application/json
content-length: 0
location: https://idsync.rlcdn.com/420246.gif?partner_uid=c:c4b07d797f6e702769a37fbe29d68205
server: Aorta/20220915.002ce0217
x-aorta-host: 46a3444a9f63
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
aorta.clickagy.com/liveramp_redir
302 Found 0 B URL HTTP/2 aorta.clickagy.com/liveramp_redir
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /liveramp_redir HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 18 Sep 2022 12:15:23 GMT
content-type: application/json
content-length: 0
location: https://id.rlcdn.com/711861.gif
server: Aorta/20220915.002ce0217
x-aorta-host: c0ded92c8528
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin:
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
X-Firefox-Spdy: h2
aorta.clickagy.com/data
200 OK 82 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 6ef3974d5207d8d1e29518096f4a6cad
578576feff39a43dec543f3ce122570ac876b27f
9d7e05471e4d9ca8aa6351bbf9b1da890f61aedaee2776e48253c12495e19f6a
POST /data HTTP/1.1
Host: aorta.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Content-type: application/x-www-form-urlencoded
Content-Length: 318
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:23 GMT
content-type: application/json
content-length: 82
server: Aorta/20220915.002ce0217
x-aorta-host: 3ef2da1d276e
x-aorta-region: us-east-1
access-control-allow-credentials: true
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
access-control-expose-headers: Set-Cookie
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.cynet.com
access-control-max-age: 31536000
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
X-Firefox-Spdy: h2
pixel.bilinmedia.net/ostr.gif?px=736&ph=www.cynet.com&pu=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&ru=&la=en-US&tm=1663503304879
302 Moved Temporarily 160 B URL HTTP/1.1 pixel.bilinmedia.net/ostr.gif?px=736&ph=www.cynet.com&pu=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&ru=&la=en-US&tm=1663503304879
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e190b88d63a28d91d9e07fb032d1d6c9
f0a45e65a463b75e10545e1532a85855f6a0552c
a829c203a39d25f53a30f3d38cda50a78ce8c8f701fe3966aaaf10deb5b81037
GET /ostr.gif?px=736&ph=www.cynet.com&pu=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&ru=&la=en-US&tm=1663503304879 HTTP/1.1
Host: pixel.bilinmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Sun, 18 Sep 2022 12:15:52 GMT
Content-Type: text/html
Content-Length: 160
Location: https://pixel.bilinmedia.net/image/pixel.gif
Connection: close
Server: BilinDSP
Set-Cookie: uid=894dc05c0fdf4889c84b3385842d3f43; domain=bilinmedia.net; path=/; expires=Thu, 17-Nov-2022 12:15:52 GMT
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 18 Sep 2022 10:41:12 GMT
expires: Sun, 18 Sep 2022 12:41:12 GMT
cache-control: public, max-age=7200
age: 5651
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 29f639cb699e6e460058e3c99bd4f3cf
9caeef6cf092a5afaf4578321a7301651468e3ce
5d9664e0c869eab361913cd50bf4e1cca2601239b467adba3af0ae049e7c070a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 01:42:53 GMT
Expires: Sun, 25 Sep 2022 01:42:52 GMT
Etag: "9caeef6cf092a5afaf4578321a7301651468e3ce"
Cache-Control: max-age=566248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ca01bc3e6ab4fa-OSL
idsync.rlcdn.com/420246.gif?partner_uid=c:c4b07d797f6e702769a37fbe29d68205
451 Unavailable For Legal Reasons 0 B URL HTTP/2 idsync.rlcdn.com/420246.gif?partner_uid=c:c4b07d797f6e702769a37fbe29d68205
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /420246.gif?partner_uid=c:c4b07d797f6e702769a37fbe29d68205 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sun, 18 Sep 2022 12:15:23 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
alb.reddit.com/rp.gif?ts=1663503304449&id=t2_ioehoi4b&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=9f65eb90-24ae-4704-8265-53b49da6ae3a&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6
200 OK 42 B URL HTTP/2 alb.reddit.com/rp.gif?ts=1663503304449&id=t2_ioehoi4b&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=9f65eb90-24ae-4704-8265-53b49da6ae3a&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /rp.gif?ts=1663503304449&id=t2_ioehoi4b&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=9f65eb90-24ae-4704-8265-53b49da6ae3a&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_02c59ad6 HTTP/1.1
Host: alb.reddit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
cross-origin-resource-policy: cross-origin
content-type: image/gif
accept-ranges: bytes
date: Sun, 18 Sep 2022 12:15:23 GMT
via: 1.1 varnish
content-length: 42
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c2900cacb3e6b33190e657a697ca589b
102eb3b32fc710cef2b7053100454c30d097bab3
d5bad2878173240c5dbcef360dd701c4f13de4576ba5dedbe882745ae7ea2fb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&gjid=2093988531&_gid=1132431182.1663503305&_u=YEBAAEAAAAAAAC~&z=1098528296
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&gjid=2093988531&_gid=1132431182.1663503305&_u=YEBAAEAAAAAAAC~&z=1098528296
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&gjid=2093988531&_gid=1132431182.1663503305&_u=YEBAAEAAAAAAAC~&z=1098528296 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.cynet.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 18 Sep 2022 12:15:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.bilinmedia.net/image/pixel.gif
200 OK 43 B URL HTTP/1.1 pixel.bilinmedia.net/image/pixel.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /image/pixel.gif HTTP/1.1
Host: pixel.bilinmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.7.4
Date: Sun, 18 Sep 2022 12:15:53 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Wed, 19 Nov 2014 03:14:38 GMT
Connection: close
ETag: "546c0b1e-2b"
Expires: Tue, 18 Oct 2022 12:15:53 GMT
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
ocsp.sectigo.com/
200 OK 471 B IP
Hash 29f639cb699e6e460058e3c99bd4f3cf
9caeef6cf092a5afaf4578321a7301651468e3ce
5d9664e0c869eab361913cd50bf4e1cca2601239b467adba3af0ae049e7c070a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 01:42:53 GMT
Expires: Sun, 25 Sep 2022 01:42:52 GMT
Etag: "9caeef6cf092a5afaf4578321a7301651468e3ce"
Cache-Control: max-age=566248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ca01bcff5cb4fa-OSL
ocsp.sectigo.com/
200 OK 471 B IP
Hash 29f639cb699e6e460058e3c99bd4f3cf
9caeef6cf092a5afaf4578321a7301651468e3ce
5d9664e0c869eab361913cd50bf4e1cca2601239b467adba3af0ae049e7c070a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 12:15:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 01:42:53 GMT
Expires: Sun, 25 Sep 2022 01:42:52 GMT
Etag: "9caeef6cf092a5afaf4578321a7301651468e3ce"
Cache-Control: max-age=566248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ca01bc2d00b523-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c2900cacb3e6b33190e657a697ca589b
102eb3b32fc710cef2b7053100454c30d097bab3
d5bad2878173240c5dbcef360dd701c4f13de4576ba5dedbe882745ae7ea2fb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 846cbf15e676b7aa9477514a183675a5
a4d9089b67555c61684a7d0b9b58668a34a16c7c
bb8e766ec5696ec9fc878a7db1496cc5fc07ef046ce53092182c0fc98c927ecc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash ab15a3557f2ae57a7f109decc7bf7f21
0c33ca1edabbf1d48fa57a8960756726970f0cd0
fdd5583dbe7e847871bc54e06cf850a0895719371ba087ba7f108aa380c12142
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 18 Sep 2022 12:15:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-49041735-2&cid=636308329.1663503305&jid=789138967&_u=YEBAAEAAAAAAAC~&z=510280942 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 18 Sep 2022 12:15:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
200 OK 43 B URL HTTP/2 b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Cookie: 6suuid=261f1602097a0000db0b27633800000048b50400
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "5e502810-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Sun, 18 Sep 2022 12:15:23 GMT
set-cookie: 6suuid=261f1602097a0000db0b27633800000048b50400; expires=Tue, 17-Sep-2024 12:15:23 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 846cbf15e676b7aa9477514a183675a5
a4d9089b67555c61684a7d0b9b58668a34a16c7c
bb8e766ec5696ec9fc878a7db1496cc5fc07ef046ce53092182c0fc98c927ecc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 306ca1345fdf0ca28498ad115cea782b
97f61ca341ad256d80ca5d18b534e16497a781fa
3c96cc4baa7a17c0c6319f91b533a568f474554bd402c399456fe99078d09f9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=69038
date: Sun, 18 Sep 2022 12:15:24 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
sc.lfeeder.com/lftracker_v1_bElvO73RmwK8ZMqj.js
200 OK 11 kB URL HTTP/2 sc.lfeeder.com/lftracker_v1_bElvO73RmwK8ZMqj.js
IP
Hash 8d4d4e65f32e5b4b41e11e4b07d85c55
791c70d0a535ceb87741e21b728050c267cf91fb
4975f9aed3e3044df02d1d278958d8880024b549c4d89c3055b077fe6262a632
GET /lftracker_v1_bElvO73RmwK8ZMqj.js HTTP/1.1
Host: sc.lfeeder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 09:25:53 GMT
x-amz-version-id: EqOx6Df6Qez6ekOBNKVwKyeduOkAIyD6
server: AmazonS3
content-encoding: gzip
date: Sun, 18 Sep 2022 11:27:11 GMT
cache-control: max-age=3600
etag: W/"228e7e1762e926a2d542939f84f895d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: B9nFf2cJeY6RE4t6fqNZkPUkVEi0OuQAU1ZLJ2uCk8ILRfe3ZPEYRw==
age: 2894
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash d654f4b06c5e751dd664306f19addf0c
da70c429b78fd7f0c6567d43657e2f5bc58e07a4
949e33e1b29c8a16fd97471a8fde0ecc2c9b71e50c258189f428fdbc60f401dc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1285
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:24 GMT
Last-Modified: Sun, 18 Sep 2022 11:53:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 471 B IP
Hash 1676347d939ffb3f9fbc756634868886
19f1e3aa1b38d90b4339306e2ed8363495bd3cc2
a5590094ba5f8bb5b0ea041f8836ee06c653085b4df6ecd27fac8bebfb030318
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2533
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:24 GMT
Last-Modified: Sun, 18 Sep 2022 11:33:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP
File type ASCII text, with very long lines (64348)
Hash 9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 5AcM2pW+6nyKJHODbmD1AXEuOdrf2jqif0j1/HCIJ+fmronyLrjCn3NHtCb+giRMKzyYnK/HGiyW79hVcX7XXw==
priority: u=3,i
content-length: 26839
x-fb-trip-id: 1679558926
date: Sun, 18 Sep 2022 12:15:24 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bat.bing.com/bat.js
200 OK 11 kB IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=19EFAC6FF9EE66212457BE4CF8B96735; domain=.bing.com; expires=Fri, 13-Oct-2023 12:15:24 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21AE30387EC74AC180D68945B9854CD8 Ref B: OSL30EDGE0412 Ref C: 2022-09-18T12:15:24Z
date: Sun, 18 Sep 2022 12:15:24 GMT
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2027852.js?sv=6
200 OK 2.6 kB URL HTTP/2 static.hotjar.com/c/hotjar-2027852.js?sv=6
IP
File type ASCII text, with very long lines (3790)
Hash 25d26e9e5ca9f208c370874fa040b43a
00c334aeb14a1b83ef89a355e8fd50173f817a80
635a1a06b8ecb95b0211355f95c1f0f9d562dc88fe265c9c783ac9a13de568ac
GET /c/hotjar-2027852.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=604800; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sun, 18 Sep 2022 12:15:24 GMT
cache-control: max-age=60
etag: W/bef4061ab79f1362e3d38fe5072dddb4
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: U8dinZ9rK15UCIuqSoYxju48QKiI0QJ7J_HNc6pQvtwUMMazM70bLA==
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/870452222/?random=1663503306224&cv=9&fst=1663503306224&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9e0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tiba=Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation&auid=1230278532.1663503306&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/870452222/?random=1663503306224&cv=9&fst=1663503306224&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9e0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tiba=Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation&auid=1230278532.1663503306&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2396), with no line terminators
Hash 7c69be1a432680bc5b553114c7f689f7
2b8a0509194d0e36859bf94ef977dcb2f3f4f85b
06b6f32cb906476175a4d1be3ba0efef670b159928c38025a257915dc7ca22e0
GET /pagead/viewthroughconversion/870452222/?random=1663503306224&cv=9&fst=1663503306224&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9e0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&tiba=Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation&auid=1230278532.1663503306&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 18 Sep 2022 12:15:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1068
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 18-Sep-2022 12:30:24 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
200 OK 634 B URL HTTP/2 js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
IP
Hash 51a77b44487b9f681c371c697b0dfbea
31a88427e14e374e0283afae0600cf456c7c77e1
0d8eb07c1b754784f441252b90cd63740b95c0ed82c64f37f32ebda73d343b60
GET /core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345 HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx
last-modified: Fri, 16 Sep 2022 16:48:13 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: VukNY.LQSJ50U2muzC2bmyEA8J5eWHkI
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Sun, 18 Sep 2022 12:15:24 GMT
cache-control: no-cache
etag: W/"c6a6875d17f6163a4514114e8c2de6a2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kaTjMxUMpCHBtO827WsqZT6mkNoPZH0MMBYpdODaNRsLgo3Uwct_EA==
X-Firefox-Spdy: h2
script.hotjar.com/modules.d00377d3a043900eb4ef.js
200 OK 66 kB URL HTTP/2 script.hotjar.com/modules.d00377d3a043900eb4ef.js
IP
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash 74e062f975f5935c93ae5aff80efbd87
ae469032d7d943122a1e4ec7ce6dc73d185d9a76
1c4c3d71f8112224bad72285ac70e083b30a4573ac413fb3b05a0749d144ceaf
GET /modules.d00377d3a043900eb4ef.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 65532
date: Wed, 14 Sep 2022 13:09:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "74e062f975f5935c93ae5aff80efbd87"
last-modified: Wed, 14 Sep 2022 13:08:33 GMT
strict-transport-security: max-age=604800; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xXbzRmd2I93db2KRHeISY-cLoReS7s87l3ydKW_xRcdzqfAdPoVJ6Q==
age: 342377
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/runtime~main.cccf9830.js
200 OK 2.6 kB URL HTTP/2 js.driftt.com/core/assets/js/runtime~main.cccf9830.js
IP
File type ASCII text, with very long lines (6001), with no line terminators
Hash 7cdba2ef99e43216824cc07bb829edd3
175f5206b851f9da113bf4bb3f1a1876f9ba2c15
23a5ac06a915b3d77e5364e52e7552d4e5efe8980397a93da0aa036dc5335b44
GET /core/assets/js/runtime~main.cccf9830.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 16 Sep 2022 16:48:12 GMT
server: nginx
last-modified: Fri, 16 Sep 2022 16:13:00 GMT
etag: W/"f36528885d560d1832e712ba33d0589f"
x-amz-server-side-encryption: AES256
x-amz-version-id: CO2Zu6OB9m9.9kVuIpgD2.XCmz7K7Xt2
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l3sFEvdqrAEblWvkiZFyHQfT4pGO8kPkGc4L61OgZ1DMqyx0uBGi6A==
age: 156432
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F
302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D34541%26time%3D1663503305929%26url%3Dhttps%253A%252F%252Fwww.cynet.com%252Fattack-techniques-hands-on%252Fquakbot-strikes-with-quaknightmare-exploitation%252F%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIVUUJ9PeSndgAAAYNQhlWtiYEsRcn-Ypt292pGES7ZD89S7QJ7fLUa9ocCN9W6E3MNh4NwzTrYJQ; Max-Age=2592000; Expires=Tue, 18 Oct 2022 12:15:24 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIee3xGHOGTZwAAAYNQhlWtEEEA60zms8-fpMfUavT1FIZQw7QE4Wv10YFLEbwF7QDM0YM9N3OZPgL0vTQgjQ; Max-Age=2592000; Expires=Tue, 18 Oct 2022 12:15:24 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&f56b2424-0550-4cc3-8e98-d1fe5ce207ec"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 18-Sep-2023 12:15:24 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2345:u=1:x=1:i=1663503324:t=1663589724:v=2:sig=AQHE-7Rc67MAvXXrHIueYEYGCd74p0df"; Expires=Mon, 19 Sep 2022 12:15:24 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXo8oy+iCcu0xAXQcuZeA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: BA395AB462F540C8AF741EFCA3EDF15D Ref B: OSL30EDGE0116 Ref C: 2022-09-18T12:15:24Z
date: Sun, 18 Sep 2022 12:15:23 GMT
content-length: 0
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/46.c9d569f4.chunk.js
200 OK 34 kB URL HTTP/2 js.driftt.com/core/assets/js/46.c9d569f4.chunk.js
IP
Hash 4282e58c597465d9101b5bc16418b359
a07664b69437c2d05ec1ee84d40c4d4fdc4b4965
405139ecc27738f87f878fdb524c70c68bf2174978b6a90c885cbfe439af58ea
GET /core/assets/js/46.c9d569f4.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
etag: W/"60ea9f8ff45a51f96f67728ef12e7e79"
x-amz-server-side-encryption: AES256
x-amz-version-id: z4GuioFw41AUfQig_beaXDNkINlEfczX
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bCqJGZoPODmPiZv3iuFniH5J9Z88Csf5JwnCp_TRMFBHnmO6K9MS4A==
age: 943799
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
200 OK 7.1 kB URL HTTP/2 js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
IP
Hash 79b157b283a0e6329c30fb57381bf83d
78c5b03a291b99c7b6cf991d31a37577f0c67ad9
34f3ca038ab9c35f25ce1671d09147b31ca716c7ea4fe44d6916321c0e84ecf2
GET /core/assets/js/21.b8c41db9.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 00:55:28 GMT
server: nginx
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
x-amz-server-side-encryption: AES256
x-amz-version-id: f.0PmvFwFO6wHvpJ0r6JG1gTthOACCRK
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FK5f_GYAcikaDfgQtJUEuBHJCuutrDjKJdWqJ-_sIxwH1kc1nhAG0w==
age: 5051996
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/unip/1392096/tfa.js
200 OK 18 kB URL HTTP/2 cdn.taboola.com/libtrc/unip/1392096/tfa.js
IP
File type ASCII text, with very long lines (58498)
Hash 620425d64decfd4997632e83823be23a
e9959907afa3b3cd0255506246a8d6f47ba00eb1
cefda0c71fb8041d818a59f929f49bb84a80e510743c05a7659b37a5c91b80ab
GET /libtrc/unip/1392096/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3OvIBKaSVJltzTszS9nVYinaSgndnO+sN00DOiKUKUN+GpBy3kXFf65fEoLoto07TOp0K7E5ZE8=
x-amz-request-id: 5T010V978KRC38YH
x-amz-replication-status: COMPLETED
last-modified: Sun, 18 Sep 2022 11:10:43 GMT
etag: "eb2305c64c87c9795485d70a3cbb4b1a"
x-amz-version-id: N4IdM4ukV_RBFQzxWeYhEEuwYIa.3aNt
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 18 Sep 2022 12:15:24 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1674-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663503325.503778,VS0,VE425
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 14
content-length: 17951
X-Firefox-Spdy: h2
bat.bing.com/p/action/134604382.js
200 OK 668 B URL HTTP/2 bat.bing.com/p/action/134604382.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash 3bb59db7afac102ed1880c8d073fa429
989302b471899ff54543786a680f2a9da71ea9bf
52e0e54b318ce188670bfb5373ea837088f5861e93f2c1bbdc7e9c9d3b8c5307
GET /p/action/134604382.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=60
content-length: 668
content-type: application/javascript; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: MUID=27DC6CDB482A6114304F7EF8497D607D; domain=.bing.com; expires=Fri, 13-Oct-2023 12:15:24 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4A5A915FA8747AAB0C274EC13080653 Ref B: OSL30EDGE0412 Ref C: 2022-09-18T12:15:24Z
date: Sun, 18 Sep 2022 12:15:24 GMT
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/39.0cc86423.chunk.js
200 OK 37 kB URL HTTP/2 js.driftt.com/core/assets/js/39.0cc86423.chunk.js
IP
Hash 2c0f4f2083361873a6a1e554e08e5f81
41d4de96960de9e580277cab3f30a6606ce042eb
cfdd0acf86d6657ec5a65306e82c7fbc6119370c1ff9389c959e0c251b156bc9
GET /core/assets/js/39.0cc86423.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 21 Jul 2022 05:13:08 GMT
server: nginx
last-modified: Wed, 20 Jul 2022 16:44:36 GMT
etag: W/"3cbfbd7bb911f7cfc3b4394f334cdb67"
x-amz-server-side-encryption: AES256
x-amz-version-id: oKmg4FrWOfQibH6GiwTJD5mzxlfV.GJ_
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NzB0SdWJ6417KovonCLgPL0GIRaUiAO3axcKjt8Y2S-OjEdH9YZVVQ==
age: 5122936
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 69f994f02f21296091303644cff55b02
c254beeaecd124d28b1eb68c1c05165e1ddc7f35
5e85e4c90129d40b17561225203944b5cdf846d6b4ef55a99b0b48d89137fd93
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2168
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 11:39:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
200 OK 365 B URL HTTP/2 js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
IP
Hash 06b2963b029c0824382815165bfea73e
de23fb128e2589cf384603cfbb7f6b7bef969b05
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
GET /core/assets/js/20.8c21ea18.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 09 Jun 2022 19:59:49 GMT
server: nginx
last-modified: Thu, 09 Jun 2022 14:58:13 GMT
etag: W/"6d77a76055d81227033363af2f18caf8"
x-amz-server-side-encryption: AES256
x-amz-version-id: GCkJ4tZ_JW3xcmjJsO05feXt7md0igxo
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yuw1zL9IameglR43Y0PX3Aj-T2pMvV2kz9F7dypLe96c9RZ8PfK4sg==
age: 8698535
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/27.9bf46b67.chunk.css
200 OK 1.8 kB URL HTTP/2 js.driftt.com/core/assets/css/27.9bf46b67.chunk.css
IP
Hash 9c5ca1bd5db259f78dd21532131f6990
92f09351fd9d34a493ade25d5b2433507875b387
849f8cb488bda6f228b5655afbbae3245880c9b46db75e1126ae8832342f4314
GET /core/assets/css/27.9bf46b67.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Fri, 12 Aug 2022 18:08:02 GMT
server: nginx
last-modified: Fri, 12 Aug 2022 17:25:54 GMT
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
x-amz-server-side-encryption: AES256
x-amz-version-id: OwtYu1UfCDk9O65HArj6B6mV7fLBXaFN
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YNXeNKGjqtHTvhbsYMf7c2AC7LdJFPNty4tHj89-cpibby-WYyP6BA==
age: 3175643
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/28.190877b8.chunk.js
200 OK 5.0 kB URL HTTP/2 js.driftt.com/core/assets/js/28.190877b8.chunk.js
IP
Hash 5fe576340a902283cbddc200606f5475
037f04eea3443acec238dc6e911f34636b0e5b0a
76ecdcc55f22321c44d24d521194acba34f75824dda86f6ba84aebb10bbe178b
GET /core/assets/js/28.190877b8.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
x-amz-server-side-encryption: AES256
x-amz-version-id: G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p3KPtukVI0hfqUvQYLoEFt1NHXXrJy3xhG52AXNgqIrv7iF9ksEl7A==
age: 943799
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js
200 OK 9.8 kB URL HTTP/2 js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js
IP
File type ASCII text, with very long lines (35232), with no line terminators
Hash 925b42a25a972e10d08f1389f46bf2e0
aef6214d9286699f79414252aab3293316041d1c
50c197141d4a00230d15b934342bb902db83fcdb2507b7b6612d727776824d18
GET /core/assets/js/26.2d4cdbd1.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 31 Aug 2022 18:23:27 GMT
server: nginx
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
etag: W/"c55d27c90bd5affbf7c7047151ac3b6a"
x-amz-server-side-encryption: AES256
x-amz-version-id: siv4sYmLp3BEOV5kWKjSS9V7tHMZAkGl
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Nl40UhM21wiJJLQYcz6-UXr4sNCp_zwcmEOvhQdcmCAxu6tlRbZHbQ==
age: 1533118
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&liSync=true
200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&liSync=true
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=34541&time=1663503305929&url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&9117c017-ce1c-414d-8ba5-4577984fa38c"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 18-Sep-2023 12:15:25 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2387:u=1:x=1:i=1663503325:t=1663589725:v=2:sig=AQFIKyT42vmt7lsyxjgUlSTS9VVrM8Ps"; Expires=Mon, 19 Sep 2022 12:15:25 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXo8ozKH7xUvYeCqFlY9A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 03202925569742809256DB9BAB103C7E Ref B: OSL30EDGE0116 Ref C: 2022-09-18T12:15:25Z
date: Sun, 18 Sep 2022 12:15:24 GMT
content-length: 0
X-Firefox-Spdy: h2
www.clarity.ms/tag/uet/134604382
200 OK 1.5 kB URL HTTP/2 www.clarity.ms/tag/uet/134604382
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1542), with no line terminators
Hash b81f23675723798606916d81297b142a
c39e8f9b53d56ceda53b277faa6b7bda805e2c30
034b0d646fb88c1bd5cfeae4a14002c1ea3b8bb0eddc42a94f0689686e6ee730
GET /tag/uet/134604382 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-length: 1542
content-type: application/x-javascript
expires: -1
set-cookie: CLID=6634837e18dd44d680e73d2d2f1768b3.20220918.20230918; expires=Mon, 18 Sep 2023 12:15:25 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 03QsnYwAAAABq1lvjgeUXSpt5cMUnpnHdTUlMMzBFREdFMDYxNQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 18 Sep 2022 12:15:24 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 3c6b84961bdd8f4f2c58814ac43b637c
6084270e2d6ac129c8298ecb0ae765520d4a4a9c
cbb690b3f8dd67d1de6b736f585ea22b4c0994577beb10530a24bc1ac2e81f5b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 11:26:04 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: btzNNXSPm7jUnV14bPfX7eG913SIqapqZtZ-Ax7hgT56dEPEds6cUQ==
Age: 2961
c.clarity.ms/c.gif
302 Found 0 B IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&RedC=c.clarity.ms&MXFR=19142B4FEA0B6C2F1DE0396CEE0B6259
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=19142B4FEA0B6C2F1DE0396CEE0B6259; domain=.clarity.ms; expires=Fri, 13-Oct-2023 12:15:25 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 18 Sep 2022 12:15:25 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9675aade70d369f736ac9790b86114d3
0747963795d6578f28e1f644621fe0c55d5995eb
96adc1f98f552cd67bd0215d55950cc0ac8575288a947f58a5e2178ff193ac55
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 10:26:02 GMT
Server: ECS (nyb/1D2D)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VM5DczqBR6Pvr07jdkrBGRmQYydpA9uz2QLX1R32Zv7s_27E3x7DbA==
Age: 6563
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9675aade70d369f736ac9790b86114d3
0747963795d6578f28e1f644621fe0c55d5995eb
96adc1f98f552cd67bd0215d55950cc0ac8575288a947f58a5e2178ff193ac55
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 10:26:39 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Xzxq5JwUHbQbl2Ge1d8a-a4Y9lnfGP6_JzUQC_CEFWFafaPCAozSFA==
Age: 6526
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9675aade70d369f736ac9790b86114d3
0747963795d6578f28e1f644621fe0c55d5995eb
96adc1f98f552cd67bd0215d55950cc0ac8575288a947f58a5e2178ff193ac55
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 10:26:39 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 16bj4N5qkLHMi2TIYQ7Ewh7WWja2qOX-M_UTJK8ibM8pm0Mz_v2w2Q==
Age: 6526
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9675aade70d369f736ac9790b86114d3
0747963795d6578f28e1f644621fe0c55d5995eb
96adc1f98f552cd67bd0215d55950cc0ac8575288a947f58a5e2178ff193ac55
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:25 GMT
Last-Modified: Sun, 18 Sep 2022 11:18:08 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MHYa3_3DupRQJf3SW82XGvUUQ6Z8-TgbyL2kAzuuKFR48yTj6bLCqQ==
Age: 3437
c.bing.com/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&RedC=c.clarity.ms&MXFR=19142B4FEA0B6C2F1DE0396CEE0B6259
302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&RedC=c.clarity.ms&MXFR=19142B4FEA0B6C2F1DE0396CEE0B6259
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&RedC=c.clarity.ms&MXFR=19142B4FEA0B6C2F1DE0396CEE0B6259 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&MUID=25C41B8625B8628C305909A524EF6319
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=25C41B8625B8628C305909A524EF6319; domain=c.bing.com; expires=Fri, 13-Oct-2023 12:15:25 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A376747CFA444B2BC7644E7B1E5A967 Ref B: OSL30EDGE0412 Ref C: 2022-09-18T12:15:25Z
date: Sun, 18 Sep 2022 12:15:25 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&MUID=25C41B8625B8628C305909A524EF6319
200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&MUID=25C41B8625B8628C305909A524EF6319
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=5FBEF5671FD4452CA03B3A516819EBC2&MUID=25C41B8625B8628C305909A524EF6319 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
accept-ranges: bytes
etag: "8d3298b0aac7d81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sun, 18-Sep-2022 12:25:25 GMT; path=/; SameSite=None; Secure;
date: Sun, 18 Sep 2022 12:15:25 GMT
content-length: 42
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/22.fd21eb42.chunk.js
200 OK 13 kB URL HTTP/2 js.driftt.com/core/assets/js/22.fd21eb42.chunk.js
IP
Hash 6d80f68a07e90094b7f2b94107c291e2
1fa57673d8931e9a22eca6543bf63dd81c1ebb55
79b2d3c7ec56dd14df1a25f63ddc6b26ee2e128ba68dcb802130f9498d3decd6
GET /core/assets/js/22.fd21eb42.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 03 Jul 2022 23:15:05 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
etag: W/"cbf1bca421271b2567e00a478296192b"
x-amz-server-side-encryption: AES256
x-amz-version-id: rhriNS8WygjGEv2GTbSa16tsLJlBsIO5
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sA6m12Lxj8_JTsY5k2w0NNLsi6mOvvajjOmLbmGoQK9KUAnTQG3y3A==
age: 6613219
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/18.40ab7295.chunk.js
200 OK 4.8 kB URL HTTP/2 js.driftt.com/core/assets/js/18.40ab7295.chunk.js
IP
Hash e4305d47c48276102114a8c140b96792
d2933e9181a74e002d7ab383e4b695fe1391720a
6593c58ba2ee204e23cb1e333ad16c7c228d5d4aa04707cfd4156fbee3b5d6ed
GET /core/assets/js/18.40ab7295.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
etag: W/"fafe5f62fc3aec49b7966fa154962db8"
x-amz-server-side-encryption: AES256
x-amz-version-id: 3ktfD2K4Jga.M1SWwwN9gtZLMJ_jJceE
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dOnATZOs5wGYe3--vT59NyQpwpb7eX0rJ3COO4JzOV1T1x-nu6wszA==
age: 943799
X-Firefox-Spdy: h2
bootstrap.api.drift.com/widget_bootstrap/ping
200 OK 147 B URL HTTP/2 bootstrap.api.drift.com/widget_bootstrap/ping
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash d8d78822b7c8cbd81c4666ad18c272e1
4f6ee855177f9ad3f9aa218b9246b5af88a9c968
af45139ce4298cdc61044ce8d2a43ac70dedb8acbe763f88d1d99c8cae436e8d
POST /widget_bootstrap/ping HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 136
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:25 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 23f5e4a6784d809d
vary: Accept-Encoding
content-length: 147
x-envoy-upstream-service-time: 2
server: istio-envoy
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/9.169d3073.chunk.css
200 OK 45 kB URL HTTP/2 js.driftt.com/core/assets/css/9.169d3073.chunk.css
IP
Hash 634de539728e6271fdd82ae2680d1591
e33291153f400b727e516ca1d7b96a245af2f01e
a4647a934860d476f69091ad7ea436afaa1d8cef8a3ccd265892314f54ddf73d
GET /core/assets/css/9.169d3073.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Tue, 13 Sep 2022 18:58:26 GMT
server: nginx
last-modified: Tue, 13 Sep 2022 18:39:49 GMT
etag: W/"b35f8e1e1998cfcf5160bc69e61be733"
x-amz-server-side-encryption: AES256
x-amz-version-id: mWxZm0YdLXuqK5qrrA48_Seg.yADHwPB
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bnaB4PWigyNVwNlvj2X778bVrF5Nv9XeyKWzCSLvJp-s27BrEQSXnA==
age: 407818
X-Firefox-Spdy: h2
customer.api.drift.com/integrations/hubspot/utk/v2
200 OK 13 B URL HTTP/2 customer.api.drift.com/integrations/hubspot/utk/v2
IP
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /integrations/hubspot/utk/v2 HTTP/1.1
Host: customer.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://js.driftt.com/
Origin: https://js.driftt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:26 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftb684c7144508fe363604f129a56
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy
X-Firefox-Spdy: h2
b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A06%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%223278%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
200 OK 43 B URL HTTP/2 b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A06%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%223278%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A06%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%223278%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Cookie: 6suuid=261f1602097a0000db0b27633800000048b50400
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "615ccf10-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Sun, 18 Sep 2022 12:15:26 GMT
set-cookie: 6suuid=261f1602097a0000db0b27633800000048b50400; expires=Tue, 17-Sep-2024 12:15:26 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/1.6f2c398b.chunk.js
200 OK 49 kB URL HTTP/2 js.driftt.com/core/assets/js/1.6f2c398b.chunk.js
IP
Hash 36d892fe2cc6b6afb3e09166b770eac5
84c2ab187f57d24dfed64335b72c5d534ddd3bbc
84c618ec78b098581ab09586e522d73bf455f7f11540e2ab7f3863ffd52fb23d
GET /core/assets/js/1.6f2c398b.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 15 Sep 2022 17:06:29 GMT
server: nginx
last-modified: Thu, 15 Sep 2022 16:12:42 GMT
etag: W/"477f716dc3c18f6f48f29d991b9eddbd"
x-amz-server-side-encryption: AES256
x-amz-version-id: VmYdE4s60_.bBSpkwu5CM2o5RUp5EHRQ
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UCBziCrrOUjNFg3AVTpSwsJQur6O5xf_UOq554X02cJodeqJkJcJpg==
age: 241736
X-Firefox-Spdy: h2
b.clarity.ms/collect
204 No Content 0 B IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1859
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.cynet.com
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Sun, 18 Sep 2022 12:15:25 GMT
X-Firefox-Spdy: h2
customer.api.drift.com/integrations/hubspot/utk/v2
200 OK 2 B URL HTTP/2 customer.api.drift.com/integrations/hubspot/utk/v2
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /integrations/hubspot/utk/v2 HTTP/1.1
Host: customer.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Authorization:
Content-Length: 115
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:26 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: 52092d2a83609a81
vary: Accept-Encoding
content-length: 2
x-envoy-upstream-service-time: 101
server: istio-envoy
X-Firefox-Spdy: h2
b.clarity.ms/collect
204 No Content 0 B IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 212530
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.cynet.com
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Sun, 18 Sep 2022 12:15:26 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c7767546cbfdf28ab27b11d64a8a554e
2fbdc12b1ecc7369ee7b993655fe7d312c926ffe
d93e99708f40acb4476cb0c2329a27f5792c95199a2d9097a6fa50ac96147569
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 18 Sep 2022 12:15:26 GMT
Last-Modified: Sun, 18 Sep 2022 11:12:59 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BFBHJuUfrEqign25u8BgD0UTjPn4mua25c4OKZdJZV2AHwkaJSu_Ug==
Age: 3747
trc-events.taboola.com/1392096/log/3/unip?en=pre_d_eng_tb&tos=1576&scd=2&ssd=1&est=1663503306916&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1663503308496&vi=1663503306914&ri=83fe437b5ade7372ed010607e9d6760b&ref=null&cv=20220918-2-RELEASE&item-url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F
204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1392096/log/3/unip?en=pre_d_eng_tb&tos=1576&scd=2&ssd=1&est=1663503306916&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1663503308496&vi=1663503306914&ri=83fe437b5ade7372ed010607e9d6760b&ref=null&cv=20220918-2-RELEASE&item-url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1392096/log/3/unip?en=pre_d_eng_tb&tos=1576&scd=2&ssd=1&est=1663503306916&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1663503308496&vi=1663503306914&ri=83fe437b5ade7372ed010607e9d6760b&ref=null&cv=20220918-2-RELEASE&item-url=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Origin: https://www.cynet.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 18 Sep 2022 12:15:26 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.cynet.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224280%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
200 OK 43 B URL HTTP/2 b.6sc.co/v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224280%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
GET /v1/beacon/img.gif?token=fb505d972c5222fce12437d94ec9151a&svisitor=null&visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6&session=48e7df95-8eec-45a1-8933-7afa89189efb&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2018%20Sep%202022%2012%3A15%3A07%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224280%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20threat%20with%20a%20novel%20delivery%20method%20is%20creating%20serious%20problems%20for%20organizations.%20Learn%20more%20about%20Quakbot%20and%20how%20Cynet%20can%20help%20defend%20you%20from%20it.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Quakbot%20Strikes%20with%20QuakNightmare%20Exploitation%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F&pageViewId=48b23870-13aa-4922-876f-a2d5ca6dcfa5&an_uid=0 HTTP/1.1
Host: b.6sc.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Cookie: 6suuid=261f1602097a0000db0b27633800000048b50400
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
etag: "615ccf10-2b"
expires: Wed, 19 Apr 2000 11:43:00 GMT
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
pragma: no-cache
server: nginx/1.14.0 (Ubuntu)
x-content-type-options: nosniff
content-length: 43
date: Sun, 18 Sep 2022 12:15:27 GMT
set-cookie: 6suuid=261f1602097a0000db0b27633800000048b50400; expires=Tue, 17-Sep-2024 12:15:27 GMT; path=/; domain=.6sc.co; SameSite=None; secure
access-control-allow-origin:
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET,POST
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 79f7eb66ebc6d8fd83588c409c951f17
a66d81e2929fa1491b7b2f3fdd5cded50f72abd4
177e844b37fa5f004ce83cd7bde4cde642e3e6be60ee42d37918fa0bfbd02983
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2957
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 12:15:27 GMT
Last-Modified: Sun, 18 Sep 2022 11:26:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
5002521-21.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTAwMjUyMS0xNTY2MzUxNTQ5MC00ZAAGb3JnX2lkbQAAAAc1MDAyNTIxZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU2NjM1MTU0OTBkAAl1c2VyX3R5cGVkAARsZWFkbgYAN12GUIMBYgABUYA.YmDAsDOFoL1IlcV3CXfmr6_0BohUDRe2OwQxwD26j2Q&remote_ip=18.232.245.220&vsn=2.0.0
101 Switching Protocols 0 B URL HTTP/1.1 5002521-21.chat.api.drift.com/ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTAwMjUyMS0xNTY2MzUxNTQ5MC00ZAAGb3JnX2lkbQAAAAc1MDAyNTIxZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU2NjM1MTU0OTBkAAl1c2VyX3R5cGVkAARsZWFkbgYAN12GUIMBYgABUYA.YmDAsDOFoL1IlcV3CXfmr6_0BohUDRe2OwQxwD26j2Q&remote_ip=18.232.245.220&vsn=2.0.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws/websocket?session_token=SFMyNTY.g2gDdAAAAAVkAAJpZG0AAAAVNTAwMjUyMS0xNTY2MzUxNTQ5MC00ZAAGb3JnX2lkbQAAAAc1MDAyNTIxZAAJc2NvcGVfc2V0bQAAAARsZWFkZAAHdXNlcl9pZG0AAAALMTU2NjM1MTU0OTBkAAl1c2VyX3R5cGVkAARsZWFkbgYAN12GUIMBYgABUYA.YmDAsDOFoL1IlcV3CXfmr6_0BohUDRe2OwQxwD26j2Q&remote_ip=18.232.245.220&vsn=2.0.0 HTTP/1.1
Host: 5002521-21.chat.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://js.driftt.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jZ92obm6mXpIpwuFVEsMNw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 18 Sep 2022 12:15:27 GMT
Connection: upgrade
cache-control: max-age=0, private, must-revalidate
sec-websocket-accept: FFY4fnDaRXpOVyxXfHQqWjxHjwE=
server: Cowboy
upgrade: websocket
tracking.g2crowd.com/attribution_tracking/conversions/5666.js?p=https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/&e=
200 OK 0 B URL HTTP/2 tracking.g2crowd.com/attribution_tracking/conversions/5666.js?p=https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/&e=
IP
GET /attribution_tracking/conversions/5666.js?p=https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/&e= HTTP/1.1
Host: tracking.g2crowd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-request-id: 255b0bb4-842d-409e-a90f-5da11c5483f5
x-runtime: 0.003160
strict-transport-security: max-age=604800
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-cache-status: DYNAMIC
set-cookie: _session_id=9c2d1cf0c960de18ef942cd61939c1a6; path=/; expires=Sun, 02 Oct 2022 12:15:22 GMT; HttpOnly; secure; SameSite=None
__cf_bm=UMFQDDlY.L9kYP7n61Vl1n02B7hDK_W9_peGMMpMLfY-1663503322-0-AcVTOE9zPErSs7SoWtVeCu4tZV35xIOhW5cGLksmdf+yWaoncWkEYgwMcwuvtJBDLXMO9Ejj5rl7Hy2R7ThZn7U=; path=/; expires=Sun, 18-Sep-22 12:45:22 GMT; domain=.g2crowd.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74ca01b71a0e0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/1.a51daee8.chunk.css
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/1.a51daee8.chunk.css
IP
GET /core/assets/css/1.a51daee8.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Wed, 07 Sep 2022 14:05:26 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:17 GMT
etag: W/"2f8b87e824e4cc9983e43d6c7156ae79"
x-amz-server-side-encryption: AES256
x-amz-version-id: 9uAzsWd8.cMIOLpQvGupWPxd1QsEBbuH
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F3tCsGryfzzX8jSgrwIlIouUCCYP6kjIEZ11Wc_sjByIKhXwjIkS_Q==
age: 943799
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/32.a39c83a8.chunk.css
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/32.a39c83a8.chunk.css
IP
GET /core/assets/css/32.a39c83a8.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Mon, 12 Sep 2022 20:29:22 GMT
server: nginx
last-modified: Mon, 12 Sep 2022 19:47:39 GMT
etag: W/"a5e166130ff052851935f17711177b8c"
x-amz-server-side-encryption: AES256
x-amz-version-id: nfqP47c2jMCd2NEGU7bVKOzPpQCtTzGt
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tY2_ZNTx_PmE2eD98-tKVklVTpus0yzyYXyI07sdowilJW4qUKeaIQ==
age: 488763
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/button-arrow.svg
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/button-arrow.svg
IP
GET /wp-content/themes/cynet/assets/images/button-arrow.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/main.css?ver=1662735644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019e9beefac8-OSL
access-control-allow-origin: *
age: 188421
cache-control: public, max-age=31536000
etag: W/"6257462f-167"
last-modified: Wed, 13 Apr 2022 21:52:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
200 OK 0 B URL HTTP/2 tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
IP
GET /data.js?rnd=62fe5c0e6ad95 HTTP/1.1
Host: tags.clickagy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: application/javascript
last-modified: Fri, 16 Sep 2022 04:12:14 GMT
etag: W/"9d3ea74a65932cc93f95029e15978232"
x-amz-version-id: voLTTawX.GcVEDQiIRYzY2txm8P5Ii8i
x-cache: Hit from cloudfront
via: 1.1 81db6db0bc548ca5046f3395364a3666.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: vVqFjTnTr6xbb6HLrBGxzE_IMnR3RqOgVE_HydCuASA8kIiIAWPNsw==
age: 48590
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ca01b7dfa0b527-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/34.07340d2f.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/34.07340d2f.chunk.js
IP
GET /core/assets/js/34.07340d2f.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 04 Sep 2022 10:39:43 GMT
server: nginx
last-modified: Thu, 25 Aug 2022 18:10:17 GMT
etag: W/"f732dfb3db72f996e1f4bc0225629a20"
x-amz-server-side-encryption: AES256
x-amz-version-id: jA_v_qJOBqqVuVuzFLKFbJbdj51OP00D
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hkEqua6HaU5dBDt4YduOHg7d5AwZUjm2Ic3PlR3NWqLMaeDWESl67w==
age: 1215342
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js
IP
GET /core/assets/js/13.3e86f1f6.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 03 Aug 2022 20:28:27 GMT
server: nginx
last-modified: Wed, 03 Aug 2022 20:13:17 GMT
etag: W/"fdee1a560ca08e3d3702e14d8f1f0b82"
x-amz-server-side-encryption: AES256
x-amz-version-id: p9hPb_BoaQT.rfo1ve74yYgdVe7_JTph
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ACFroPAFr1KwFiub7awKfS0EYt-g6BR_U6TgyJ-dboD0JhKqj7r7AA==
age: 3944817
X-Firefox-Spdy: h2
trc.taboola.com/1392096/trc/3/json?tim=1663503306926&data=%7B%22id%22%3A21%2C%22ii%22%3A%22%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1663503306914%2C%22cv%22%3A%2220220918-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-odedncynetcom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1663503306926%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A2%2C%22supv%22%3Atrue%7D%7D&pubit=i
200 OK 0 B URL HTTP/2 trc.taboola.com/1392096/trc/3/json?tim=1663503306926&data=%7B%22id%22%3A21%2C%22ii%22%3A%22%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1663503306914%2C%22cv%22%3A%2220220918-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-odedncynetcom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1663503306926%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A2%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP
GET /1392096/trc/3/json?tim=1663503306926&data=%7B%22id%22%3A21%2C%22ii%22%3A%22%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1663503306914%2C%22cv%22%3A%2220220918-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-odedncynetcom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1663503306926%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.cynet.com%2Fattack-techniques-hands-on%2Fquakbot-strikes-with-quaknightmare-exploitation%2F%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A2%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 18 Sep 2022 12:15:25 GMT
via: 1.1 varnish
x-served-by: cache-bma1674-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663503325.210319,VS0,VE93
vary: Accept-Encoding
x-vcl-time-ms: 93
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/24.96b0fdbb.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/24.96b0fdbb.chunk.js
IP
GET /core/assets/js/24.96b0fdbb.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 15 Sep 2022 17:06:29 GMT
server: nginx
last-modified: Thu, 15 Sep 2022 16:12:43 GMT
etag: W/"b0ce2074e6898eaf63dee45cca7a4495"
x-amz-server-side-encryption: AES256
x-amz-version-id: vDiW4mVo6.K.AsVPKx2eRLMzaAGbhO9E
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8ggHcmgrj35sMsANQ2x2bUekikSrH789CMfBrc4werIcUMTHGT_gzw==
age: 241735
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/link-arrow.svg
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/link-arrow.svg
IP
GET /wp-content/themes/cynet/assets/images/link-arrow.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/main.css?ver=1662735644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019e9bf4fac8-OSL
access-control-allow-origin: *
age: 184523
cache-control: public, max-age=31536000
etag: W/"62574640-2a0"
last-modified: Wed, 13 Apr 2022 21:53:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/main~493df0b3.7d8b6029.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/main~493df0b3.7d8b6029.chunk.js
IP
GET /core/assets/js/main~493df0b3.7d8b6029.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 07 Sep 2022 14:05:25 GMT
server: nginx
last-modified: Tue, 06 Sep 2022 19:38:21 GMT
etag: W/"d67b9f21a56510a527a7f7537b00473f"
x-amz-server-side-encryption: AES256
x-amz-version-id: Zuzu4zkNdNds.rM0TnlttVYiZf0bH2Nn
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: emuxwhcmfJVxhvzY4zO-H_dTjoqqrSAnt4rxDqmNdHcnzhYmxNdFTw==
age: 943799
X-Firefox-Spdy: h2
js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css
IP
GET /core/assets/css/34.11d2b6a7.chunk.css HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1663503300345
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Sat, 02 Jul 2022 23:19:59 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:54 GMT
etag: W/"87532c4db85f1429fa6d759bc3332f36"
x-amz-server-side-encryption: AES256
x-amz-version-id: _3ypchvV2Y1htZw1RZMu3A33yhTTURn1
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gwN_0ITYI1IhVmOorYgtYkabuuylNJhwzB_3q_drBxukhDTtt0By1Q==
age: 6699326
X-Firefox-Spdy: h2
www.cynet.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
IP
GET /wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: application/javascript
cf-ray: 74ca019dfb8efac8-OSL
access-control-allow-origin: *
age: 188422
cache-control: public, max-age=31536000
etag: W/"627111b3-2063"
last-modified: Tue, 03 May 2022 11:27:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/icon-in.svg
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/icon-in.svg
IP
GET /wp-content/themes/cynet/assets/images/icon-in.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019f3c6cfac8-OSL
access-control-allow-origin: *
age: 187441
cache-control: public, max-age=31536000
etag: W/"6257463b-2f6"
last-modified: Wed, 13 Apr 2022 21:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/8.611ead2e.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/8.611ead2e.chunk.js
IP
GET /core/assets/js/8.611ead2e.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 09 Jun 2022 19:59:49 GMT
server: nginx
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
x-amz-server-side-encryption: AES256
x-amz-version-id: _RZ1GDjUm5KuW3ooz6jLFMyJffaKXq96
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WsbhB7uz_ZuMWxIVh1-O2jw4MDBsUqbEkcbrWlBS_Fk4wBJEFIuEzg==
age: 8698535
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/i/4e1ec8e4a7513e3d39de91fe75825ddb.js?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/i/4e1ec8e4a7513e3d39de91fe75825ddb.js?ver=1662735644
IP
GET /wp-content/cache/min/1/i/4e1ec8e4a7513e3d39de91fe75825ddb.js?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ea91fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"631b551c-136c1"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 0 B URL HTTP/2 www.cynet.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ca60fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"5fb4e3fe-2bd8"
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/icon-fb.svg
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/icon-fb.svg
IP
GET /wp-content/themes/cynet/assets/images/icon-fb.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019f3c65fac8-OSL
access-control-allow-origin: *
age: 187441
cache-control: public, max-age=31536000
etag: W/"6257463b-1cd"
last-modified: Wed, 13 Apr 2022 21:52:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/post-types/knowledge_base.css?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/css/post-types/knowledge_base.css?ver=1662735644
IP
GET /wp-content/cache/min/1/wp-content/themes/cynet/assets/css/post-types/knowledge_base.css?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: text/css
cf-ray: 74ca019f4c7bfac8-OSL
access-control-allow-origin: *
age: 188422
cache-control: public, max-age=31536000
etag: W/"631b551c-32c3"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
cf-polished: origSize=12995
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
a.quora.com/qevents.js
200 OK 0 B IP
GET /qevents.js HTTP/1.1
Host: a.quora.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: text/plain
x-amz-id-2: jHbk68zF0oCrN99I6TpiQ8LNg0dDTKL0BkbZQKZkL1zB85BMiiIcpjSQWNebJHGDeWUqTCN88Lg=
x-amz-request-id: 4K18RXATE8CH2H8E
last-modified: Fri, 18 Mar 2022 00:16:52 GMT
etag: W/"47078e63380c6b0cbbfb6d8508b25ee7"
x-amz-meta-s3cmd-attrs: atime:1647562609/ctime:1647562609/gid:150037/gname:ezhang/md5:47078e63380c6b0cbbfb6d8508b25ee7/mode:33204/mtime:1647562609/uid:150037/uname:ezhang
cache-control: public, max-age=14400
x-amz-version-id: vyBstMTGyA6m5sV66zq8xsypUg.tAOk.
cf-cache-status: HIT
age: 3916352
expires: Sun, 18 Sep 2022 16:15:22 GMT
set-cookie: __cf_bm=Iin6Nc0HRZl5o7qvIClINpuOR7uMAqEpmkfvRuqAJ74-1663503322-0-ARxD+0YjQSO8MkGWbcMrB9ia7gI9BlrYQEP+nhuLiKOUqvKlQ6ofXFa45AdbnceMA1eZ0N+Q13OFbMSMmhfWFug=; path=/; expires=Sun, 18-Sep-22 12:45:22 GMT; domain=.quora.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ca01b69db90b45-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trk.techtarget.com/tracking.js
200 OK 0 B URL HTTP/2 trk.techtarget.com/tracking.js
IP
GET /tracking.js HTTP/1.1
Host: trk.techtarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: text/javascript
cache-control: max-age=1200
cf-bgj: minify
expires: Sun, 18 Sep 2022 12:14:05 GMT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 524
set-cookie: __cf_bm=rFZqobA9ArYo1My.lMV_7ENHmAUDnYZwRNUrEDUbi3w-1663503322-0-Ad9dMxvZVDp0mH4o3/AOWi+4TH98yJTzRMiGpCoU2XibLDNNyHL3IaLK7A21Tu/heZxs5BxOtfcicvxGrWrZBWU=; path=/; expires=Sun, 18-Sep-22 12:45:22 GMT; domain=.techtarget.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74ca01b6bb7ab518-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/25.8f107198.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/25.8f107198.chunk.js
IP
GET /core/assets/js/25.8f107198.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 03 Jul 2022 23:15:05 GMT
server: nginx
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
etag: W/"e2511c69e5bdc03467952abaccdb5383"
x-amz-server-side-encryption: AES256
x-amz-version-id: WcCqQoAG3H9hj_QsryoONfIqJXy6i_Vu
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 13z2ZQ2IX-AtY_SoRjjlvlEe1o5RIBigLHqqvBsDu1pSB5-apDWxBA==
age: 6613219
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/16.fde6fa28.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/16.fde6fa28.chunk.js
IP
GET /core/assets/js/16.fde6fa28.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 21 Jul 2022 03:22:54 GMT
server: nginx
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
etag: W/"90795af8c950a50300cf801b300db7ab"
x-amz-server-side-encryption: AES256
x-amz-version-id: Czs8PHX517U6kDfcy5c9LsKW5uxut099
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s5eKTVAdlZiN-PkfE0er3NxtrPskr0mRH3dBiUThPoMYdCWVkMDwdA==
age: 5129550
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:wght@400;600;700&family=Source+Sans+Pro:wght@400;600;700&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@400;600;700&family=Source+Sans+Pro:wght@400;600;700&display=swap
IP
GET /css2?family=Poppins:wght@400;600;700&family=Source+Sans+Pro:wght@400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Sep 2022 12:15:18 GMT
date: Sun, 18 Sep 2022 12:15:18 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/37.9da17c94.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/37.9da17c94.chunk.js
IP
GET /core/assets/js/37.9da17c94.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 09 Jun 2022 19:59:50 GMT
server: nginx
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
etag: W/"e5c98ad7a7e70a1957477e33db39149c"
x-amz-server-side-encryption: AES256
x-amz-version-id: .1KvOWwhKDvJVSWzg49IMEkznsWNUcpl
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zz2iRryC8VeGE9pUzHf3cR00IOPVvgGJ_-JsUaa8b6bZ5M-MNxlwfQ==
age: 8698534
X-Firefox-Spdy: h2
bootstrap.api.drift.com/widget_bootstrap
200 OK 0 B URL HTTP/2 bootstrap.api.drift.com/widget_bootstrap
IP
POST /widget_bootstrap HTTP/1.1
Host: bootstrap.api.drift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 691
Origin: https://js.driftt.com
Connection: keep-alive
Referer: https://js.driftt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:26 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json;charset=utf-8
requestid: b1fc483ccafc03cd
vary: Accept-Encoding
content-encoding: gzip
x-envoy-upstream-service-time: 226
server: istio-envoy
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
IP
GET /core/assets/js/0.0b2ebd4a.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 22 Jun 2022 23:25:32 GMT
server: nginx
last-modified: Fri, 17 Jun 2022 14:39:26 GMT
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
x-amz-server-side-encryption: AES256
x-amz-version-id: FXhpBdntUhclEQbRyN38j73SJPN5DG6s
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VeGQ6ob8RoccF80v-wgtIf7DKX4yDI9cCfsCTv6yxTdC4TpVWnGY3g==
age: 7562993
X-Firefox-Spdy: h2
www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
200 OK 0 B URL HTTP/2 www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
IP
Analyzer Verdict Alert fortinet Malware
GET /attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/ HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: text/html; charset=UTF-8
cf-ray: 74ca019c4a1bfac8-OSL
access-control-allow-origin: *
cache-control: max-age=14400, must-revalidate
expires: Sun, 18 Sep 2022 11:46:41 GMT
last-modified: Sun, 18 Sep 2022 12:07:17 GMT
link: <https://www.cynet.com/wp-json/>; rel="https://api.w.org/", <https://www.cynet.com/?p=35383>; rel=shortlink
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
cf-cache-status: HIT
content-security-policy: : default-src *
feature-policy: geolocation none;
referrer-policy: strict-origin-when-cross-origin
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-content-security-policy: : default-src *
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-webkit-csp: : default-src *
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/themes/cynet/assets/images/icon-tw.svg
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/themes/cynet/assets/images/icon-tw.svg
IP
GET /wp-content/themes/cynet/assets/images/icon-tw.svg HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:18 GMT
content-type: image/svg+xml
cf-ray: 74ca019f4c70fac8-OSL
access-control-allow-origin: *
age: 187441
cache-control: public, max-age=31536000
etag: W/"6257463c-5d0"
last-modified: Wed, 13 Apr 2022 21:53:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ws.zoominfo.com/pixel/61deaf3f99faa8001c62c18c
200 OK 0 B URL HTTP/2 ws.zoominfo.com/pixel/61deaf3f99faa8001c62c18c
IP
GET /pixel/61deaf3f99faa8001c62c18c HTTP/1.1
Host: ws.zoominfo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cynet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:22 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
x-content-type-options: nosniff
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
set-cookie: visitorId=fa9802f6870f134930ef238c420eca69ec1983c4a39545dba0c1c66cfeb9b5df; Max-Age=31536000; Domain=ws.zoominfo.com; Path=/; Expires=Mon, 18 Sep 2023 12:15:22 GMT; Secure; SameSite=None
__cf_bm=SQaChdc0uEYh9YfNgl1lAXfs0udVkiKdVLGPAagByJI-1663503322-0-AXHcznhIubvBlSbbakScdqbHsQmZvMPlACOoQExaCqqMSFsW9ZhBC+wGsN4oshGb7jQFk22p7/NQgdm8sPhymis=; path=/; expires=Sun, 18-Sep-22 12:45:22 GMT; domain=.zoominfo.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74ca01b67d6ab4f7-OSL
X-Firefox-Spdy: h2
js.hs-scripts.com/3454686.js
200 OK 0 B URL HTTP/2 js.hs-scripts.com/3454686.js
IP
GET /3454686.js HTTP/1.1
Host: js.hs-scripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:24 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2B62ECAE92B76D7D574A7C6AEDF523E96EA1D5B6FC000000000000000000
cache-control: public, max-age=60
vary: Accept-Encoding
x-hubspot-correlation-id: 99339419-1642-4eae-b7b4-ff98c52a5dbc
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-origin: https://www.cynet.com
last-modified: Sun, 18 Sep 2022 11:43:06 GMT
cf-cache-status: EXPIRED
expires: Sun, 18 Sep 2022 12:16:24 GMT
server: cloudflare
cf-ray: 74ca01c02f7eb51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.driftt.com/include/1663503600000/psda72i2n8cc.js
200 OK 0 B URL HTTP/2 js.driftt.com/include/1663503600000/psda72i2n8cc.js
IP
GET /include/1663503600000/psda72i2n8cc.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 18 Sep 2022 12:15:24 GMT
server: nginx
last-modified: Fri, 16 Sep 2022 16:48:25 GMT
etag: W/"5293411648ba0acb0a5575383874a658"
x-amz-server-side-encryption: AES256
x-amz-version-id: qKDipYcW4eXYVfmlK1BM6HyWHImtAr8b
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qwkW5gIXV7hSSqjI3SdKxhkmYffnMW2knL7O3jezAalodTQFlB3a5Q==
X-Firefox-Spdy: h2
js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
200 OK 0 B URL HTTP/2 js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
IP
GET /core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx
last-modified: Fri, 16 Sep 2022 16:48:13 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: VukNY.LQSJ50U2muzC2bmyEA8J5eWHkI
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Sun, 18 Sep 2022 12:15:24 GMT
cache-control: no-cache
etag: W/"c6a6875d17f6163a4514114e8c2de6a2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: C57vmzLxbDLQryIEQAL71LbaMhpT75ZJULyuq3gZhe24gY1TUANyYw==
X-Firefox-Spdy: h2
js.driftt.com/core/assets/js/27.960b9d5b.chunk.js
200 OK 0 B URL HTTP/2 js.driftt.com/core/assets/js/27.960b9d5b.chunk.js
IP
GET /core/assets/js/27.960b9d5b.chunk.js HTTP/1.1
Host: js.driftt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.driftt.com/core?embedId=psda72i2n8cc®ion=US&forceShow=false&skipCampaigns=false&sessionId=3ba20a3d-41b2-42b2-aba9-85540b094b9e&sessionStarted=1663503306.125&campaignRefreshToken=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e&hideController=false&pageLoadStartTime=1663503300345&mode=CHAT&driftEnableLog=false&secureIframe=false
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Thu, 15 Sep 2022 17:06:29 GMT
server: nginx
last-modified: Thu, 15 Sep 2022 16:12:43 GMT
etag: W/"4932797493312ee4c382999b8b40c603"
x-amz-server-side-encryption: AES256
x-amz-version-id: fr5_5ttw02wiZmDz41xG3L3XzPVTvWZj
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DNW8Ylk8aYYTq3UT_AgD7YD4oXwnGBdIzJQuebSo0GKlcX1SH40nWQ==
age: 241736
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/main.js?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/main.js?ver=1662735644
IP
GET /wp-content/cache/min/1/wp-content/themes/cynet/assets/js/main.js?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ca62fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"631b551c-ef2"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/post-types/knowledge_base.js?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/post-types/knowledge_base.js?ver=1662735644
IP
GET /wp-content/cache/min/1/wp-content/themes/cynet/assets/js/post-types/knowledge_base.js?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ea90fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"631b551c-39b"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
200 OK 0 B URL HTTP/2 www.cynet.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ba51fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"6048e0ac-15db1"
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/ajax/libs/aos/3.0.0-beta.6/aos.js?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/ajax/libs/aos/3.0.0-beta.6/aos.js?ver=1662735644
IP
GET /wp-content/cache/min/1/ajax/libs/aos/3.0.0-beta.6/aos.js?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ea88fac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"631b551c-35e6"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/vendors/stickybits.js?ver=1662735644
200 OK 0 B URL HTTP/2 www.cynet.com/wp-content/cache/min/1/wp-content/themes/cynet/assets/js/vendors/stickybits.js?ver=1662735644
IP
GET /wp-content/cache/min/1/wp-content/themes/cynet/assets/js/vendors/stickybits.js?ver=1662735644 HTTP/1.1
Host: www.cynet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cynet.com/attack-techniques-hands-on/quakbot-strikes-with-quaknightmare-exploitation/
Connection: keep-alive
Cookie: _rdt_uuid=1663503304448.9f65eb90-24ae-4704-8265-53b49da6ae3a; _an_uid=0; _gd_visitor=13b5a957-c39d-44b4-8ffc-a285ef99ccb6; _gd_session=48e7df95-8eec-45a1-8933-7afa89189efb; _ga=GA1.2.636308329.1663503305; _gid=GA1.2.1132431182.1663503305; _gat_UA-49041735-2=1; _gcl_au=1.1.1230278532.1663503306; _lfa=LF1.1.e353966c5d0d27d8.1663503305946; drift_campaign_refresh=c1338fb8-1ab4-4935-a6f7-f1a33b9bdd1e; _uetsid=8817b770374b11edbf92b535d53d5bbe; _uetvid=8817ee90374b11edb0e9759869f4529f; __hstc=54553204.2572d3d5894dc297237424c982ccd155.1663503306609.1663503306609.1663503306609.1; hubspotutk=2572d3d5894dc297237424c982ccd155; __hssrc=1; __hssc=54553204.1.1663503306610; _fbp=fb.1.1663503306726.2068325673; _hjSessionUser_2027852=eyJpZCI6IjA0NDRiYThkLTEwNGUtNWExNS1hYTM0LWI4NTY1YjQwZWFjOSIsImNyZWF0ZWQiOjE2NjM1MDMzMDY1MjgsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample=0; _hjSession_2027852=eyJpZCI6IjU3ZTdjMDQzLThjMTktNGI5Yi1hNGQ1LWNkNjM3MDNkMTU4ZiIsImNyZWF0ZWQiOjE2NjM1MDMzMDcwMTMsImluU2FtcGxlIjpmYWxzZX0=; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _clck=5acd1r|1|f4z|0; drift_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; driftt_aid=83012d91-dd44-42d5-86b6-a36d601a4bec; _clsk=1aj3yhl|1663503307908|1|1|b.clarity.ms/collect
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 12:15:27 GMT
content-type: application/javascript
cf-ray: 74ca01d2ea8dfac8-OSL
access-control-allow-origin: *
age: 188430
cache-control: public, max-age=31536000
etag: W/"631b551c-162e"
last-modified: Fri, 09 Sep 2022 15:00:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
104.22.49.106
172.64.151.201
93.184.220.29
23.36.77.32
104.18.20.226
151.101.85.44
141.226.228.48
157.240.200.14
185.89.210.212