| download.cobaltstrike.com/releasenotes.txt |  104.18.14.56 | 200 OK | 158 kB |
URL User Request GET HTTP/2download.cobaltstrike.com/releasenotes.txt IP104.18.14.56:443
CertificateIssuerDigiCert Inc Subjectdownload.cobaltstrike.com Fingerprint92:B3:BB:96:C2:25:91:1B:0E:21:FC:60:ED:55:E2:5C:AC:62:84:D4 ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 07 Feb 2024 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators Size158 kB (157837 bytes) Hash5a609d818d360d568fff17ed660ce031 bcb893a70ae1aa9d74d19cb922f506ef769c8370 bb2bb866c20375239d5c329882f6c8dbb6c32d19f2fcec9e6f364884836f589d
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | Detects unmodified CobaltStrike beacon DLL | | Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit |
GET /releasenotes.txt HTTP/1.1
Host: download.cobaltstrike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Sep 2023 10:21:04 GMT
content-type: text/html; charset=UTF-8
content-security-policy: default-src 'self' *.helpsystems.com *.fortra.com https://*.trustarc.com https://js.driftt.com ; script-src 'self' 'unsafe-inline' consent.trustarc.com js.hs-scripts.com *.6sc.co *.helpsystems.com *.fortra.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://*.fontawesome.com https://stackpath.bootstrapcdn.com https://*.googletagmanager.com https://www.google-analytics.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.usemessages.com https://*.hotjar.com https://*.omappapi.com https://js.driftt.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.helpsystems.com *.fortra.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://stackpath.bootstrapcdn.com https://*.omappapi.com ; img-src 'self' *.6sc.co *.helpsystems.com *.fortra.com www.coresecurity.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.omappapi.com https://track.hubspot.com https://*.trustarc.com ; connect-src 'self' *.6sc.co *.adnxs.com https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.omappapi.com https://*.hubspot.com https://*.fontawesome.com ; font-src 'self' https://fonts.gstatic.com https://*.fontawesome.com ;
x-frame-options: DENY
x-content-type-options: nosniff
set-cookie: session=b5acbaf1-8fd6-4f91-b192-ea8e5fa1d915;EXPIRES=Tue, 03-Sep-2024 10:21:04 GMT; PATH=/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 801580e74d0156be-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
| download.cobaltstrike.com/favicon.ico | 104.18.14.56 | 404 Not Found | 26 B |
URL GET HTTP/2download.cobaltstrike.com/favicon.ico IP104.18.14.56:443
Requested byhttps://download.cobaltstrike.com/releasenotes.txt CertificateIssuerDigiCert Inc Subjectdownload.cobaltstrike.com Fingerprint92:B3:BB:96:C2:25:91:1B:0E:21:FC:60:ED:55:E2:5C:AC:62:84:D4 ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 07 Feb 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash7637f78ae08321f3263404ae98297c8b 02c23b5d753b9eb57ca15e6442e730fe20dc175d a4ba204c436eb17af6ce8c9e919f30fa04890a49d64e53f7e43776e974bef5a7
GET /favicon.ico HTTP/1.1
Host: download.cobaltstrike.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://download.cobaltstrike.com/releasenotes.txt
Cookie: session=b5acbaf1-8fd6-4f91-b192-ea8e5fa1d915
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Mon, 04 Sep 2023 10:21:05 GMT
content-type: text/plain; charset=UTF-8
cf-cache-status: EXPIRED
expires: Mon, 04 Sep 2023 14:21:05 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 801580ec396056be-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|