www.remediant.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Submission: On April 30 via api (April 30th 2023, 3:40:36 am UTC) from CA — Scanned from CA

Summary HTTP 110 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 37 IPs in 3 countries across 33 domains to perform 110 HTTP transactions. The main IP is 2606:2c40::c73c:671f, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.remediant.com.
TLS certificate: Issued by GTS CA 1P5 on March 23rd 2023. Valid for: 3 months.

This is the only time www.remediant.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	2606:2c40::c7... 2606:2c40::c73c:671f	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
4	2606:4700::68... 2606:4700::6812:cdc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:48:1... 2620:1ec:48:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
15	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	173.223.56.138 173.223.56.138	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:f0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2008	15169 (GOOGLE) (GOOGLE)
2	108.159.224.153 108.159.224.153	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:f30d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.26.10.16 104.26.10.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2607:f8b0:400... 2607:f8b0:4006:821::200e	15169 (GOOGLE) (GOOGLE)
1	18.172.134.23 18.172.134.23	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800b... 2620:116:800b:21:1456:d0e1:7db4:a56b	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:141b:900... 2600:141b:9000::1725:7b88	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	34.228.204.142 34.228.204.142	14618 (AMAZON-AES) (AMAZON-AES)
1	23.54.69.151 23.54.69.151	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:250... 2600:9000:2507:bc00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:21d... 2600:9000:21dd:7600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:8cce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:6cc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:77be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f011:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9b	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:817::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
2	2606:4700::68... 2606:4700::6811:d5f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:f315	13335 (CLOUDFLAR...) (CLOUDFLARENET)
110	37

33 2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.remediant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:cdc9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:48:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 173.223.56.138 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-56-138.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f0f (United States)

ASN13335 (CLOUDFLARENET, US)

273774.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2008 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.159.224.153 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-159-224-153.ord56.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:f30d (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent20.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::200e (New York, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.134.23 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-134-23.ord56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800b:21:1456:d0e1:7db4:a56b (United States)

ASN14618 (AMAZON-AES, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:9000::1725:7b88 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.228.204.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-204-142.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.54.69.151 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-54-69-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2507:bc00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21dd:7600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:6cc7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:77be (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f011:8:face:b00c:0:1 (Lithia Springs, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9b (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2004 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d5f3 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:f315 (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent10.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	remediant.com www.remediant.com	1 MB
15	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 21466 app.hubspot.com — Cisco Umbrella Rank: 8845 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 19025 track.hubspot.com — Cisco Umbrella Rank: 4128	155 KB
6	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 6729 forms-na1.hsforms.com — Cisco Umbrella Rank: 12260 perf.hsforms.com — Cisco Umbrella Rank: 23061	5 KB
6	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353 m.addthis.com — Cisco Umbrella Rank: 2342	219 KB
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 6317 px.ads.linkedin.com — Cisco Umbrella Rank: 733 www.linkedin.com — Cisco Umbrella Rank: 779 px4.ads.linkedin.com — Cisco Umbrella Rank: 6554	164 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3915	7 KB
4	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 15105	68 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1159 syndication.twitter.com — Cisco Umbrella Rank: 1451	132 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 3809	16 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 37767 ibc-flow.techtarget.com — Cisco Umbrella Rank: 47960	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 189	87 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 7456 forms.hscollectedforms.net — Cisco Umbrella Rank: 7895	26 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1478 pixel.quantserve.com — Cisco Umbrella Rank: 1327	9 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91	21 KB
2	hubspotusercontent20.net f.hubspotusercontent20.net — Cisco Umbrella Rank: 91695	157 KB
2	cloudfront.net d10lpsik1i8c69.cloudfront.net	95 KB
1	hubspotusercontent10.net f.hubspotusercontent10.net — Cisco Umbrella Rank: 106512	138 KB
1	google.ca www.google.ca — Cisco Umbrella Rank: 8003	408 B
1	google.com www.google.com — Cisco Umbrella Rank: 16	408 B
1	hubapi.com api-na1.hubapi.com — Cisco Umbrella Rank: 39888	722 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 2757	900 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 166	350 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 5516	3 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 3866	21 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1291	639 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1604	371 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 681	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1365	5 KB
1	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 899	430 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 10931	679 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 9097	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	69 KB
1	hubspotusercontent-na1.net 273774.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 249700	73 KB
110	33

	Domain	Requested by
33	www.remediant.com	www.remediant.com
8	track.hubspot.com
5	s7.addthis.com	www.remediant.com s7.addthis.com
5	no-cache.hubspot.com	www.remediant.com
4	tags.srv.stackadapt.com	www.remediant.com tags.srv.stackadapt.com
4	cdn2.hubspot.net	www.remediant.com
3	perf.hsforms.com	www.remediant.com
3	js.hs-banner.com	www.remediant.com js.hs-banner.com
3	px.ads.linkedin.com	3 redirects
2	forms.hsforms.com	www.remediant.com
2	platform.twitter.com	www.remediant.com platform.twitter.com
2	connect.facebook.net	www.remediant.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	f.hubspotusercontent20.net	www.remediant.com
2	d10lpsik1i8c69.cloudfront.net	www.remediant.com d10lpsik1i8c69.cloudfront.net
1	f.hubspotusercontent10.net	www.remediant.com
1	syndication.twitter.com	platform.twitter.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	pixel.quantserve.com	www.remediant.com
1	forms-na1.hsforms.com	www.remediant.com
1	www.google.ca	www.remediant.com
1	www.google.com	www.remediant.com
1	cta-service-cms2.hubspot.com	www.remediant.com
1	api-na1.hubapi.com	www.remediant.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	app.hubspot.com	www.remediant.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	js.hsadspixel.net	www.remediant.com
1	js.hscollectedforms.net	www.remediant.com
1	js.hs-analytics.net	www.remediant.com
1	rules.quantcount.com	secure.quantserve.com
1	px4.ads.linkedin.com	www.remediant.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	z.moatads.com	s7.addthis.com
1	snap.licdn.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	trk.techtarget.com	www.remediant.com
1	ws.zoominfo.com	www.remediant.com
1	www.googletagmanager.com	www.remediant.com
1	273774.fs1.hubspotusercontent-na1.net	www.remediant.com
1	platform.linkedin.com	www.remediant.com
110	46

This site contains links to these domains. Also see Links.

Domain
remediant.allbound.com
remediant.kiflo.com
www.fireeye.com
www.gartner.com
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.remediant.com GTS CA 1P5	`2023-03-23` - `2023-06-21`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-02-27` - `2023-08-27`	6 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-25` - `2023-07-25`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-04-03` - `2023-07-03`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-27` - `2023-11-07`	8 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
quantserve.com R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-06` - `2023-05-07`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Frame ID: 2F45204B5C4C38AD68DF21520445CAB1
Requests: 103 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 5C0500B30CB4E2A67E80CCA9F2B8FB3E
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 218699DD4396477F6F10AE54CD615320
Requests: 1 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Frame ID: 39EF1E29257C58CB88279FDD1913ADF2
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.remediant.com
Frame ID: CCD418B240AB03D99BFEE7104E3DD950
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Role of Admin Credentials in the SolarWinds AttackTwitterFacebookLinkedInPinterestMessengerSlackTwitterFacebookLinkedInPinterestMessengerSlack

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

110
Requests

97 %
HTTPS

76 %
IPv6

33
Domains

46
Subdomains

37
IPs

3
Countries

2853 kB
Transfer

6232 kB
Size

35
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://remediant.allbound.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://remediant.kiflo.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Title: Highly Evasive Attacker Leverages SolarWinds Supply Chain to CompromiseMultiple Global Victims With SUNBURST Backdoor

Search URL Search Domain Scan URL

URL: https://www.gartner.com/en/documents/3957029/remove-standing-privileges-through-a-just-in-time-pam-ap
Title: Zero Trust for Privileged Access

Search URL Search Domain Scan URL

URL: https://www.facebook.com/remediant

Search URL Search Domain Scan URL

URL: https://twitter.com/remediant?lang=en

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/remediant/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D417996%26time%3D1682826031063%26url%3Dhttps%253A%252F%252Fwww.remediant.com%252Fblog%252Fthe-role-of-admin-credentials-in-the-solarwinds-attack%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&liSync=true&e_ipv6=AQJRp8L0IIR-KwAAAYfQP3EvjgnMIU50mbzCNLPT89wHhKoiG5t36uKXCMEHn-3VRKquHpw3

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-role-of-admin-credentials-in-the-solarwinds-attack Show response
www.remediant.com/blog/ 165 KB
18 KB 174ms
92ms Document
text/html 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d42b5983f589881d8154b6ff6a71735b36afd273541fb523f7d5d011fb87dbd3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 7bfcc3813d25713f-YUL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 30 Apr 2023 03:40:30 GMT
edge-cache-tag: CT-38810599249,CG-23364657186,P-6859063,L-33467942914,L-33467979633,L-33468092226,L-33468231785,L-33468233930,L-33468444158,L-36060241968,W-33720943663,W-74307996232,CW-33468092220,CW-33468161272,CW-33468164920,CW-74528893008,E-72927097234,E-82717348114,MENU-33720943663,MENU-74307996232,PGS-ALL,SW-1,GC-34971027839,GC-43441602664,GC-60654012002,GC-72011308564,GC-74529377123,GC-95969146207
etag: W/"9b18362f18431125a39360f328a168fc"
last-modified: Sun, 23 Apr 2023 14:09:04 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVQN%2BI8shwXIWJXlT0xOwYk%2FDgH4ALXx3t8mH7I%2FVPDrhRynHQB%2FgZx7%2BfyTX5jQSOtZLALuykR3%2BxV6bC4ti9ZSnMlO12nWoYy82SXvRbukip341P%2FAeWMffAEzyaufi9tDnBzufxOEnMxUN7hs"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=3628800; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: deny
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 38810599249
x-hs-https-only: worker
x-hs-hub-id: 6859063
x-hs-prerendered: Sun, 23 Apr 2023 14:09:04 GMT
x-xss-protection: 1; mode=block

GET
H2 200 index.js Show response
www.remediant.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 47ms
46ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 735319
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxnEyG5YXAVz0Nt0c4mc9f%2BVr8l9dHsa%2FZYTSshodhPKqLJf8vyvjReAaIy%2FSRxjMxhqMYOpKTMNAGH9NNg7G8JDe7ZiCUlwl3xtBXw7Hh9f3ZRkQ2rWezgAUCnBjiz1ksEky9vYz0%2FPJ7uJfvaz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de14713f-YUL
x-amz-cf-id: 972np9mPZhKHOIFN0mLjeFkkJgzV7HTtreMjrDCXJ0wHnwAHkHS9hQ==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 comment_listing_asset.js Show response
www.remediant.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 8 KB
3 KB 43ms
42ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 d2f1890663687b5701416428f5cbb655.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 9650561
x-amz-cf-pop: YTO50-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:09 GMT
server: cloudflare
etag: W/"2455723721db341ff86a4f64384a9c0d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkaEHG0srODjRYYOoXQJnNWN5Wz9lGSljJ5VJTdluHe6vPyLIbFhnc2iV2JvoprCQTb1%2B0pDiOiAnT3JhLqkmmIFJMB5%2FEseWInBoW6fv2cH32da3PFjsInrOboK0168uoEAtBNrQ9MxLEQ1dMg2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de15713f-YUL
x-amz-cf-id: A95aAA5OS7c_uvEaJVoKvLJMBo46vQq4JRTxCKb7YRCV0U8KJB-F0w==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 project.js Show response
www.remediant.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
971 B 43ms
43ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 5a1807a94b5298089c25d4896aabae66.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7362503
x-amz-cf-pop: YTO50-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
content-encoding: br
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMs6p4652xPUxypgPs4UucedEKY4zaGshl4tCss61Wbxt%2Fhx4TXklRg6p5tJ0%2BedrwdgsITuAzv8fQJQ4FgAqsk3U7ybuee9JKGscf7thE2H%2FzXVL2XRbXku1G%2BZiYztYSDX5gD9o599Hk%2FKb%2FmO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de17713f-YUL
x-amz-cf-id: Vk76A2GlCd1FW_EMcCXPh96j8insCeW3sv73PiQhJoQKXyTmdDzZhQ==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 project.js Show response
www.remediant.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 46ms
45ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 71a526986d4783c392830d78e04e3446.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1487080
x-amz-cf-pop: ORD53-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cdu50TI%2BOuMrkX3WqgKVY7fS05NWWb1dNB2197YcWtgqxz2clzvGwF%2FDt7MAKW2hbNlxAcv1bGD78rb3N%2F3ZQtk5LlO5X%2Bc51vL%2Fo3m%2F%2FJB7OcIgpmJ77VAI7J6mqLvCHji6mFnrU%2BSgTvVcKyYd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de19713f-YUL
x-amz-cf-id: _8ha5aAHbt-YvdM3qJbvSyRIQswbFKJ0AK7N0zC1T1E4GDSC9OrfaQ==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 v2.js Show response
www.remediant.com/_hcms/forms/ 524 KB
171 KB 50ms
50ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 548
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3102/bundles/project-v2.js&cfRay=7be7297f43a133ee-YUL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"250bc2c0c0e298494335c72c83b09e23"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3102/bundles/project-v2.js
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 b471d3775e81a9be536b52b99f39452a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5gHIUZSUvmnzlEXn3ZiYc88hx3wrAZ6P
x-amz-cf-pop: IAD89-C3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 533411e4-5e46-41fc-9cfe-d9fff85ef461
last-modified: Tue, 25 Apr 2023 11:31:17 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bocK2oiwnO%2BTzQ8gpYVaji9Gw1kfKKPz%2FFy2fA%2BoxHs88b5C8enbgg7UEND2aumQD9DjLZ%2BIQ67vZxkkdjPvVSY3CPqEPjhp8Gl3%2FcP%2FaAeNYqurI7aYKNKY%2BxLWMrmz8D%2FIFrimIIPZ8bgInqRy"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-4lk5b
cf-ray: 7bfcc381de1c713f-YUL
x-amz-cf-id: t7OsUNV0EggqRgc9aNKfITnqGj_d0sCrjy4Z-Q5JPfwr_PsOGSqHzw==

GET
H2 200 jquery-1.7.1.js Show response
www.remediant.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 50ms
48ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 3a9f76e15ac64134cc339fc4f9fb6a4c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 580609
x-amz-cf-pop: PHL50-C1
x-amz-version-id: null
content-encoding: br
x-cache: Miss from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ssUpkJB3JVT28HhYzoCbsS7m1RnggK64FHvopqDpmn88nLLVaoPIoyMF4%2BNDwgOWfvOq9PGUuA8726k7vlrJasHNqDVBSKYYx%2FB8c3h957ei7ahtNA3DegNjEW%2FfaJKsbaxB5oinO1GLWBA319z5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de26713f-YUL
x-amz-cf-id: RHjZeDWqfzWlZWUM-uXhoL3jjqQfoQcxon-T6L48d-6lzXpjjwX8sw==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 module_-2712622_Site_search_input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1682095092215/ 2 KB
2 KB 58ms
30ms Stylesheet
text/css 2606:4700::6812:cdc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1682095092215/module_-2712622_Site_search_input.min.css
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cdc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd0f0b8677a48c5ac19f9a1f29136005e52cce9b9354aaf2a5940bb19c07bcd6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 729993
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 160
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5d329318-eb97-47b3-969d-9ca33739189a
last-modified: Fri, 21 Apr 2023 16:38:13 GMT
server: cloudflare
etag: W/"fb150085015c3b7390e78a4b003d937f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1682095092215
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6XCjdI4fBir14Weptje7eOurOuEDhHDz3arzwdmJyGELbWGgFoXVNGs8JV0%2BluxyaKS8seAswX2yt3MWrWnvbJotJ53H5ugPkFpkPSc0Ov3BlrbOMhwGe5j6b4u8C%2F4w6IgvozQOMhkGHPMs80%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8497bd8f5f-krwdx
cf-ray: 7bfcc3820ab67151-YUL
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 comments_listing_asset.css
www.remediant.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 1 KB
927 B 41ms
39ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 039b6acf310ef8fb314d9bef263bf88a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 11529365
x-amz-cf-pop: YTO50-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"6b1d31d121f4c84e5ee3b7d7446495d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuUUkaYKAuqiWV5DN%2B2WI76DwKE9WAISHfCCA5Su%2BndjnUEjjSae1Lvh%2BWCd3OfA7SpQagwyg9BGhiDR%2BkPWytCvK5GRzZ8SBtMteckvpI%2FmciTi0B%2BtRI2VdL9c1ig5WxIbePJ6U8nY5WX%2FAfcm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7bfcc381de2a713f-YUL
x-amz-cf-id: WCj5TRocI6ru1zfsp0LduUJhH_RpqqpJflOtd7VQdFTats0tXkYSxA==
expires: Mon, 29 Apr 2024 03:40:30 GMT

GET
H2 200 module_74528893008_Font_Awesome.min.css
www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573270020/ 59 KB
14 KB 272ms
271ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573270020/module_74528893008_Font_Awesome.min.css

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

127a57e7056257f3fb8ed1be5081cb0f083e4a591ee27b6400cdff044bcb3696

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: H8N8HRQHTJ6FRN19
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"e251d2526424dff4e34dec0c5a6568c5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1653573270020
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: OKKYk1ST4vfrz60.iZogfGMlx70R9fnp
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 181
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: PWemlcNObP/G7SuGGrb35uMB+qRnEezV6e68GHtUb/ncFFQMJiM9RvITyI2P+iLISqkajtG5Rn+N8f4pMjBtcw==
x-evy-trace-route-configuration: listener_https/all
x-request-id: e0d23944-64ca-48bd-80b0-7bd90daad7ba
last-modified: Thu, 26 May 2022 13:54:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76N2Ng9c2VO0cYlOxgg%2BMrvQFDrVX2%2FrydgndWWV39JABoLeZ6B6SMRwSaQDWIaV4cm2DHhnjmIX2GIHD7W%2FnrL4oqQdqKgsWmV8q3YOtgf3KGtsKCzFp9Rg%2BwwPCCYtKpbSxRUE4vywPz2xLehu"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7bfcc381de2e713f-YUL
x-amz-cf-id: 3_fms2MZxVMQ8LPalf3x59J9KCI5dUsUvweDIX0Oh80iLseAhNdOvw==

GET
H2 200 in.js Show response
platform.linkedin.com/ 509 KB
160 KB 175ms
21ms Script
text/javascript 2620:1ec:48:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:48:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0ef50469588a1af8b951bd33d3e924b15f46a91de81ca264d72eb547eb77192f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-azure-ref-originshield: 0bthNZAAAAADXtwhgjZ3EQbn77cSEtuX3TU5aMjIxMDYwNjEyMDM1ADIyMjZhM2ViLTAxZTAtNDdiZi1hY2EyLTJiMDU4ZGZlYWQ3NQ==
x-cdn: AZUR
x-cache: TCP_HIT
x-cdn-proto: HTTP2
content-length: 163378
x-li-uuid: AAX6hJXmtrQQ/oDrZiglog==
x-li-pop: prod-lva1-x
vary: Accept-Encoding
x-azure-ref: 0LuNNZAAAAACUGZ3ScdVJTrEOqP+qxR95WVRPMjIxMDkwODE4MDUxADIyMjZhM2ViLTAxZTAtNDdiZi1hY2EyLTJiMDU4ZGZlYWQ3NQ==
x-li-fabric: prod-lva1
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Sun, 30 Apr 2023 03:37:21 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1682095014465/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 71ms
44ms Stylesheet
text/css 2606:4700::6812:cdc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1682095014465/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cdc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 730961
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 136
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 459d0623-6bcb-41fb-84c9-869c56b54e25
last-modified: Fri, 21 Apr 2023 16:36:56 GMT
server: cloudflare
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1682095015290
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8AV%2B1gomoyn7NN6MKbTaJ3s76vlDdGxPL8PpVlwfEyw0RXXKDLrnvNuMPEKv8sIl%2FvRn5fU%2BJgHEgInI2VwiWhoIcsUlTrwd%2Bsy3u6ebrfEgltMKheguCAnxYoU99wLKZkTlK5KNHkuDZ0%2Ftd64%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8497bd8f5f-dsnkh
cf-ray: 7bfcc3820abb7151-YUL
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 remediant_may2022.min.css
www.remediant.com/hs-fs/hub/6859063/hub_generated/template_assets/72927097234/1661220993666/Marketplace/Neambo/Act21/Coded_Files/ 331 KB
49 KB 233ms
232ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs-fs/hub/6859063/hub_generated/template_assets/72927097234/1661220993666/Marketplace/Neambo/Act21/Coded_Files/remediant_may2022.min.css

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cd67ab7019c3c4dff52fe546b48ea73b9ea483e345d4d2de73407a6ce02a3b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: AS6TZQAM565MEYET
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"357601f084fa5be05eda0f11b81d0ee8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1661220995676
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yG7na50djUPtAr1i3SBdyHVw3LOXD4HB
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 137
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: MdXkjNfQLW0O9upn8YIeK6YrZA9h+89vrUKywlu1rYBKA3a+Kru6gV3ZiieG0g9RRdl4OXn2OMY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 925d7964-6532-4229-a52a-0318b4972925
last-modified: Tue, 23 Aug 2022 02:16:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvgKxwuydQxLd23Bocfdzlcp0fBgca%2BP1p9OQ8TmxLF1SvcXG7dWoUo2n3a0lHLjgto%2FvIuQeyStlFiKIG%2BG0c31JNATo%2FqGX1WV2z25566c42ZuX0fMQ85hIVpGreM0K969ugJu4aHKl9gu5KvB"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7bfcc381de30713f-YUL
x-amz-cf-id: rQI5horx0msIKJO1vvOCixaz3imHwMhwSrt4ZlmWKqPNRKGnZZ8Guw==

GET
H2 200 40cb7387-0496-4e53-89ec-7ec6c1d60438.png
no-cache.hubspot.com/cta/default/6859063/ 2 KB
3 KB 117ms
72ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/6859063/40cb7387-0496-4e53-89ec-7ec6c1d60438.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

053b150532c595c34cb7afff54051c9b4f1910abd995f11c86b995135e69779f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
x-amz-version-id: Klc0o03FuC5TvN2w5EA.k45teDf8fURk
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: H8NCTF1RSMMH7723
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2147
x-amz-id-2: sKyPQ+mO5G/ee1Vr6cAMUmyBPNchjm9+AheiXQSd7qSLcVLvOONXGl84ueNVgFokMK7fIsu30bc=
last-modified: Tue, 27 Dec 2022 17:50:23 GMT
server: cloudflare
etag: "106d1cee757e3ba8d2611b4de32464e0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6yi2rHELzu%2FtQ3HUuT6FoOFE6XbcpT0rouaVCK5RFoWfadsI8qBfDArJ%2FwSuIgFQPOi9sXhHBRjSBAeEabl8pwldDb45uLoO9QLqNn0DsKfIKJyzsCnBKFPD9mc0PSFtKz5q5Izf4xKNy6E4R04p8VJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7bfcc3841ee24bd7-YUL

GET
H3 200 current.js Show response
www.remediant.com/hs/cta/cta/ 16 KB
7 KB 51ms
51ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/cta/current.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

384ebb3a6b18fba46505d1421ff20bcd924b64606de2641eec22ed8bc41bf0fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 272
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.167/bundles/current.js&cfRay=7be7298f10f83401-YUL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"5c558aa2f7c9b2022b11cf9710ccaf47"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.167/bundles/current.js
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 c84ecfd128e1f4c41a53a2b42410f3b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uhL6dnppSo8KeomrebPU9hB2_.Cn105d
x-amz-cf-pop: IAD89-C3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c75e9609-562f-4f2b-9106-59cd9ecede90
last-modified: Wed, 26 Apr 2023 03:31:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EEVSPvPiKlW%2FgUQiyrXvxrbIRJVXrbvIp5MvDNWXRQRzBIfQ1HbsRnXTdj74B%2BTYaOiDuF1bIFP2uGOc6zwb%2Bn0SPpfhhZlZCWuTZiquhqbCeQV3lEe%2FUYktpgBcawy%2Fw7b31lgjOy4A2D%2Fq%2F%2BN"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-8zlzk
cf-ray: 7bfcc3835dcb4bb9-YUL
x-amz-cf-id: VMZru5W9jlVNsJv-SOANjFEWHzBxIMbvftfhfjZAubz2gkG-qvGTLw==

GET
H3 200 RemediantLogo_300-1.png
www.remediant.com/hs-fs/hubfs/ 5 KB
6 KB 80ms
68ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/RemediantLogo_300-1.png?width=300&name=RemediantLogo_300-1.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6baa06b109574c8a3dbfd13c8218880fa7ac6407ec307147bef2a794468c36

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 08307cdad31639e360e0351e9156d6ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-96622093858,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4852
cf-resized: internal=ok/m q=0 n=136+0 c=0+0 v=2023.4.2 l=4852
last-modified: Tue, 27 Dec 2022 15:37:34 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfaEfbawN5Ckq3mcHqpbMadSd8EJoZU4G6ZTvfUGVIDQ:e8f9b46ae88a38a662dd263f6e49c7b9"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lC5AGCimumbZ%2Fjof5cUQqyk%2BqjMLEGdkmEN58cTXhbb98XfGD9Zc7BaoA6bB3Xm0Nz8%2FhSZyk4K1Szw%2BZD6mowbz74NKmt3VqlSedxrgh1TyO3U5YmnZ693qzi7D9oknfSj5vDnZ26%2FKBtuyihCF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de644bb9-YUL

GET
H2 200 3897fd4d-9753-4480-9bd8-1235b8f06ee0.png
no-cache.hubspot.com/cta/default/6859063/ 702 B
1 KB 167ms
122ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/6859063/3897fd4d-9753-4480-9bd8-1235b8f06ee0.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fee1aa6a97e440d7fe22872eca1ec37acc19eae0581ff631e7447cf5b2fccce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: H8NEM3XAFT40MSS6
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 702
x-amz-id-2: ecUeVmMPSvPD+sd+M9OrsxX6PO1q4jW61ls3T88/vmdRph7ig83HPMvWuLdh2Spds8V4DmKgeiU=
last-modified: Wed, 15 Jun 2022 12:52:19 GMT
server: cloudflare
etag: "bb985b330f7d81e4b9846a0c700c3d23"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2FK8jV7EMICkLgO8m5kyL2LXwji2B7rpFlrvsm2bvOwyVWjriam5fXG%2FwovpJrNttGjdQ5IxcEwjsYlCsHzd7XCiR2zbyf79QahQWUma2uhht1QH4HHTBz6e9gCZKbS0%2FJ2M%2F9hZFaOP2Ol%2Bkj8hvpjA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7bfcc3841ee44bd7-YUL

GET
H2 200 b3a2585e-63e0-4628-8c8f-c21d1f799bac.png
no-cache.hubspot.com/cta/default/6859063/ 1 KB
2 KB 147ms
103ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/6859063/b3a2585e-63e0-4628-8c8f-c21d1f799bac.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f2b66a7cc841a8874589ab2ee318ed11894cc13c738da309021a8ac02771b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: H8N9XFEN4845VRZC
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1373
x-amz-id-2: QnXsfzSL46x9lm+1xnOUDUDOgN5tFu2P+Nqo4M6GRMvxiDRO3m8xONdl8SUk/m75j6kAQPyaKWE=
last-modified: Fri, 30 Sep 2022 21:06:50 GMT
server: cloudflare
etag: "407899cfcdc80037bdccf2ff3049ff4d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUOBDCOfmFKEoOfCJT1W4IcwjD2HCKSfXGfWPLgsgZDd5SQVFj5U55GNbDCSwtuhJ9k8npK5ZQmVyVMt3w%2FBK5COaJhXLKfnTD5VtkahoOFQONIv8In2%2FqBwi6%2Bu53gLoT9twqBZKpuKpyaBhBy6ZBq0"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7bfcc3841ee54bd7-YUL

GET
H2 200 2b679e57-d3fa-4069-b5cd-41575006a048.png
no-cache.hubspot.com/cta/default/6859063/ 1 KB
2 KB 125ms
82ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/6859063/2b679e57-d3fa-4069-b5cd-41575006a048.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b39ee4886e2d4a2443d6ce9db399d43e4e59a1c6af45cb0bdef54c9856d2e716

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: H8N9R7NR9A221QGE
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1313
x-amz-id-2: lwqs0lqrFRzl5RGLAZpzcDQJxxQGBVz7KOq5xVlV3ZqGzyLj4ek2AoPI4mAxU6BOkoTn6yLaZGo=
last-modified: Fri, 17 Sep 2021 16:53:29 GMT
server: cloudflare
etag: "b8fbf110d472a00bf2b6776d94165859"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waLtpv%2FX99hcd6zuVcQUVs6ji01WuAYzNgC2d%2B0SGS3sszgSwrsxkeuMtaFoADL8oc2%2BlcMPOz7pGy8he7cm%2B0tHcxjuIbKMndVtIzzBRKWo%2BCVzzGPMk%2FZOhAWoT0mR8y%2F%2BVAEU6HEynLrfrM3hTFRY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7bfcc3841ee74bd7-YUL

GET
H3 200 Remediant%20Logo.png
www.remediant.com/hs-fs/hubfs/ 7 KB
8 KB 137ms
125ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/Remediant%20Logo.png?width=766&name=Remediant%20Logo.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

38dbbd2e7519235e7fac71a935479acdce3966c293f0b741f598d08550e23a64

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 42cdf90926c91454b0e8865bb13f3962.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-35770268751,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6849
cf-resized: internal=ok/m q=0 n=145+0 c=1+0 v=2023.4.2 l=6849
last-modified: Tue, 06 Oct 2020 21:56:47 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfWLXN_8d9e6wQwZjKPUofK6KJ6wRK74aBi-ZX7jujDQ:a0a6db418effd6de0404fc83122804d2"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gi7odHWpii2D6s0Ymr1DjRJlPMDYHupoAh8H%2Fw6JHwTX6ugedNj9nNBAqq9%2FcxFUxDDRL0EgSEPhXzi0llQadNIjmIvrMC8UJnyH8LsZaroe92tk%2BQu%2BoD5NnVRYRhWBF%2BwnXvx47dj2D1%2FCv9x6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de684bb9-YUL

GET
H3 200 RemediantLogo-RGB.png
www.remediant.com/hs-fs/hubfs/ 22 KB
23 KB 118ms
107ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/RemediantLogo-RGB.png?width=1771&name=RemediantLogo-RGB.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc4771833113919008c59435a6a6f6258ff54130a26700b21c1443dd1bcaefbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 05b3bdb53d1146d1176c185d2da0d530.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-74541021984,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22538
cf-resized: internal=ok/m q=0 n=160+0 c=3+0 v=2023.4.2 l=22538
last-modified: Wed, 25 May 2022 22:24:20 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfs0jjCJ8bnslBFgNiSyOy5igpJglBuIIKbqup70rcDQ:6da7da6a05c5b28dd83035d5d15bd728"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aJGxH1ukokdsn5jwbb7JWbTVygrjnAFrf%2BmPX67PGbjBkc%2F9q5nczI%2BEobqsmVooUEHbS52iGHQo3MaBvnf8bY0L%2FmP7SbxYXXnObRkeVbbE7wiNHvSpb7lyJEmVGvPuv3ao%2BLX0Ptvs9qQ42dI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de694bb9-YUL

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 152ms
36ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a173-223-56-138.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Sun, 30 Apr 2023 03:40:30 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116413

GET
H3 200 Blog-hero.png
www.remediant.com/hs-fs/hubfs/Remediant_December2019/Images/ 454 KB
455 KB 80ms
69ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/Remediant_December2019/Images/Blog-hero.png?width=1920&name=Blog-hero.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d92f8d8227058a0866cfcf64970a71f4fcd57df750e288db758d0f029faabc3b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 b863f5ba2fad5306016f04b0ec05bd82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-28327983364,FD-23654851486,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 464955
cf-resized: internal=ok/m q=0 n=147+0 c=8+0 v=2023.4.2 l=464955
last-modified: Tue, 14 Apr 2020 09:03:03 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfljTl_oCkU7GE6NUP8SqTDQ3PpQPobZ1mNB6JmbsgDQ:55e6104ab1bb4083a56fd2b80044c0c6"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTzFjZNXqeN2URjfwSj%2B2aYUqzLcKm8V1sClQhYi9RVTAZ%2B5GYkYxdDyAw6PhRjkDCgg6Bnimr1ygunrI%2FG%2FG4aiPA0EgDXO3WWLHt1PsxiLkXAIM1lEk%2Bce8UKVm1%2BQ0y5lsdpueHEWhvtdFpLf"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de6a4bb9-YUL

GET
H3 200 Solar-winds-1.png
www.remediant.com/hs-fs/hubfs/ 264 KB
265 KB 272ms
261ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/Solar-winds-1.png?width=1874&name=Solar-winds-1.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

296fda5e6c6135675f88c8c1044eea9952a4463b405fda4a86e5911933943f0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-38810897792,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 270662
cf-resized: internal=ok/m q=0 n=198+0 c=5+0 v=2023.4.2 l=270662
last-modified: Tue, 15 Dec 2020 20:20:57 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfTJDCYFaRorwgpPWhIescFLtPTn9FUmQX-_yzGgrLDQ:49995463b79a3fbf0c42661bf450405d"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuTpJ9GwOFDrHo7ZMaaWUPWV%2BFegsS4Lxj9BNHyQtMjTdHRpdp%2FTIWO%2BuhftLSq0nuoIV1Y17QeVfr1k8vsFDmg4g2r5%2Bkq7ePWvQ2epKvzgW6RV01aMjFu4BFOwJUJdZBjtN8%2BSikHIfvawJ%2Bxi"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de6b4bb9-YUL

GET
H3 200 Solar-winds-2.png
www.remediant.com/hs-fs/hubfs/ 291 KB
292 KB 68ms
57ms Image
image/png 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.remediant.com/hs-fs/hubfs/Solar-winds-2.png?width=1874&name=Solar-winds-2.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3c192a22f9f0091a63dc3c65560d09efa0f80170ae2fd8205d6bab7c893939e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 6e810acc9d798bdf126180508d1b511e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-38810010801,P-6859063,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 297677
cf-resized: internal=ok/m q=0 n=236+0 c=5+0 v=2023.4.2 l=297677
last-modified: Tue, 15 Dec 2020 20:21:39 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfa-gE7QHi7Qo76qHd-My6Vhw0Tn9FUmQX-_yzGgrLDQ:236923d5b42b387fcc93b6776e549529"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjPIR12oa0S0hhRbWlUfMGZmdRj6kBqGnTPdffwmgoCeFu13CG6Rampypn1I3cLE6NBg2BtCnj4wTHr6IgSxus86WqveIMxvA1orqMPhe67fbATstInyqe4RKeeSt3ZlZQkErbw43zfYdnZ7Q0%2BE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc383de6c4bb9-YUL

GET
H2 200 702e86df-247a-42ff-b636-b1a0c9a7a426.png
no-cache.hubspot.com/cta/default/6859063/ 137 KB
138 KB 185ms
143ms Image
image/jpeg 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/6859063/702e86df-247a-42ff-b636-b1a0c9a7a426.png

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50178e16af275ed5ee04cda72493f45ea1b6e2dcd00f07327742a8ed3b2dc854

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: H8N97Q11NNY61Z2A
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 140053
x-amz-id-2: nCXRgA8GheBNkLsxiVz3hFOKMY8Jyb4+hLlN0ZdILE5/xmgMsRMOQAQHsn7hii6EihL4Mu4Txq4=
last-modified: Thu, 18 Mar 2021 20:47:19 GMT
server: cloudflare
etag: "a010ff8b3b90b80a6e5ebc6ce5cd346c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiZu5gLAcJY7CXBf3YSoh6%2Fw%2FQ%2FH8Co5OJ2nk1jSUGza5uwvttBoUResj1i%2BXHX4fnrzb7uGK3RJGdnV4ENQ50p1d7bsssB7jXX2m7cE8IINCQ9hbKUT1Ps63hXIite7ffqrQDw3XZJmYAJv9w%2BC0L4p"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7bfcc3841ee94bd7-YUL

GET
H2 200 act21.min.js Show response
273774.fs1.hubspotusercontent-na1.net/hubfs/273774/mp/act2/js/ 257 KB
73 KB 96ms
50ms Script
application/javascript 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://273774.fs1.hubspotusercontent-na1.net/hubfs/273774/mp/act2/js/act21.min.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d3ba3c8e5d50475575bd84510d978742adb3fae102725451cf8790395ab3fa4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
via: 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5932947490,FD-5519778856,P-273774,FLS-ALL
x-amz-version-id: d6zXwOCDBXsXwXtEgzZAtnYc85bX1dJv
age: 100146
x-amz-cf-pop: ORD56-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: 96AYMR65G6CDJRJZ
edge-cache-tag: F-5932947490,FD-5519778856,P-273774,FLS-ALL
cache-tag: F-5932947490,FD-5519778856,P-273774,FLS-ALL
x-amz-meta-index-tag: all
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
x-amz-id-2: nkNSozSLzrTi8LjcK/K4RMW0KT+CP58UDX6yf8k/SIKCO0Vw9q7ZWVbOPiHD1Oii+cThiJUNux0=
last-modified: Thu, 29 Jul 2021 22:14:05 GMT
server: cloudflare
etag: W/"f57715eefccd5cdc8fdff87fd8c2cb79"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1530645053266
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7bfcc38419717154-YUL
x-robots-tag: all
x-amz-cf-id: jv9tehDbsbO0VfqKdlOzpd7cL0TSJlY9s9DSvZUtPb5p56O7SXtl0w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 module_-2712622_Site_search_input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1682095090905/ 532 KB
64 KB 61ms
47ms Script
application/javascript 2606:4700::6812:cdc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1682095090905/module_-2712622_Site_search_input.min.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cdc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52f4d3b80aca2322ec4b496d5940807d201cda376084079bf12b11439c5d5ac8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 730065
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 159
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4acc76ba-f4f1-458f-bd86-7867f4edd252
last-modified: Fri, 21 Apr 2023 16:38:11 GMT
server: cloudflare
etag: W/"e4472cd33abad075307c5c8b0e2b6758"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1682095090906
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWBC2cQ1p%2Bdt01KWIkMdw%2B350yolN0RpGz6p%2BM3Ak4e2FvG25eR2wCtNBEbk%2B6s%2B3LEpMJ9IU5GgpF1k3zz4kEjpOs98ELJbVWaP0BoRr9AjTf34hAbRiL24O2CO%2BCw3juAHeYST53ATDigRp3E%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8497bd8f5f-krwdx
cf-ray: 7bfcc383dd3e7151-YUL
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_74528893008_Font_Awesome.min.js Show response
www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573268992/ 358 B
2 KB 308ms
296ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573268992/module_74528893008_Font_Awesome.min.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a468fd09bfc74ce90258567bc4fce329ffd97c868a2eb55d9d6bf3c01b7a57f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: CCG60X8DX43RH0TW
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"5969ff38ca76c9465c0d70b05b8c29a6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1653573268992
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: u8.WaRMwvLs3sNmwgUil5varEICreiZb
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 182
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: b80dKH0kl6ur/wrSi+cEJa+tuf7kE5dyWwPUA7QCKV/khqYlxuoOwwGJzHr0Sl4USZ0wAV7IaPU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a73ef0aa-1d7e-4ff6-a6e1-7d67eea11003
last-modified: Thu, 26 May 2022 13:54:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URl9NKbLmByQBimV6T3Qn9Rwongowe6WROf2m2gY6gBWdkpQ3G6AcghXRoUnvZ1Zc6ULZRdm%2BWmwXdPAkf0xd1aWIV8Bt%2FvosjNNdAx9QCMc9iTY9cqMJ6dpaMezBTSfeVC6SLg1579sQKTRJVan"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials: false
cf-ray: 7bfcc383de604bb9-YUL
x-amz-cf-id: 31c2C34kFLFP1CxbkSrd9h4it501ttV6lqTuTREeyV0uVy6pJVbF2w==

GET
H3 200 6859063.js Show response
www.remediant.com/hs/scriptloader/ 2 KB
1 KB 151ms
141ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/scriptloader/6859063.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2bddd15ce69c9c7cb0bd7460744ba32d9c123d6d65a860ff15701684023ce86

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=3628800; includeSubDomains
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-hubspot-correlation-id: 0bb13f41-d848-438c-9088-16e9c700a8bf
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 30 Apr 2023 03:40:30 GMT
server: cloudflare
x-trace: 2B41C2AAF25C703F5E1D7FF4291FE46C65B3D622FD000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.remediant.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XVkV7OkqwCokbva7YXH2ZyMAHyxKFbxs3gXkQ8MNOcLpdlAb6UT%2BqHm4sXS6OmVC625AW1OY6ohFDtuFF8c7oYcti%2FhUT0rGQMfzisd9gJwA4DB7t1K1aZqYem4gzTZQEJ%2F9MjoXx9P0CMPMYPrv"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7bfcc383de6e4bb9-YUL
expires: Sun, 30 Apr 2023 03:41:30 GMT

GET
H3 200 search_reveal.min.js Show response
www.remediant.com/hs-fs/hub/6859063/hub_generated/template_assets/82717348114/1661222857845/Marketplace/Neambo/Act21/Coded_Files/ 2 KB
2 KB 410ms
397ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs-fs/hub/6859063/hub_generated/template_assets/82717348114/1661222857845/Marketplace/Neambo/Act21/Coded_Files/search_reveal.min.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55074147e4e9acbbe869b5b483ef5d0a36c1ce6cd58f1d0b24ef7f2b57f0a2be

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: W4YS6PMP5XF3JM5V
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"0e5ffe592117493a966639a5156eca23"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1661222858091
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 80vu0M2PHzYj5EpSmz5qd3DT8BapbL85
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yvAXfXbParSRVCvxzbc13iGgTTxTJqueB6qu1xqf+SkHjPsml8FLqT4YHtP5wtfAGnI63YguEOs=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 62ff3d8e-e4bf-4ece-a551-af5627d28b44
last-modified: Tue, 23 Aug 2022 02:47:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjVVUGLddknf1Jbb%2Fs59HlLEwkxSPYyY%2F1WseJKdAIu6OBLIqpE%2FNVO%2FFGDIn75DQjPqOpNmS%2FPIdQN6lvA46BYlBUnUTwVnnfIrHLfAuhR0CEP%2Bn2D0ymEIkX8sAW2Twgr1vwohHRYax6Ox86Xi"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7bfcc383de634bb9-YUL
x-amz-cf-id: bLvolvRNWdW4Z2NTz6H9xS7dk6MMD6cpX_mf6E6yqqprZ5nP8zIquw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 193 KB
69 KB 102ms
53ms Script
application/javascript 2607:f8b0:4006:80d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZLWKSD

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

07a2b3d87b7450e5508764fc547022473182b6372772cc01e24186cd58a2a90a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70402
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 30 Apr 2023 03:40:30 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 104ms
30ms Script
application/javascript 108.159.224.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.159.224.153 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-159-224-153.ord56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:12:15 GMT
content-encoding: gzip
via: 1.1 2d51d11855038b19cf7b6088ff68c84e.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: ORD56-P4
age: 1696
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: imPGo9CciJwdle0UUSttVWhNRZk4-BGTTA2nopfgkKDDjTf1OZD5CQ==

GET
H2 200 0YWZ9XwtDP5oQTsyewK3 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 319ms
285ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/0YWZ9XwtDP5oQTsyewK3

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1b7f2cfb07f223abb2c5df4a214b3b43401185625ef0dc8c99c179f53793b410

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7bfcc384198433ef-YUL
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 56ms
25ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 582
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 7bfcc3847ada33fa-YUL
expires: Sun, 30 Apr 2023 03:30:56 GMT

GET
H2 200 bottom-shadow5.png
cdn2.hubspot.net/hub/273774/file-1281286278-png/mp/themes/Act-Theme/images/ 527 B
2 KB 83ms
77ms Image
image/png 2606:4700::6812:cdc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hub/273774/file-1281286278-png/mp/themes/Act-Theme/images/bottom-shadow5.png
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/hs-fs/hub/6859063/hub_generated/template_assets/72927097234/1661220993666/Marketplace/Neambo/Act21/Coded_Files/remediant_may2022.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cdc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2154bdc6f875223ea72ec7691116c6e1a9411b8b243c03d25788eb8705e46f21

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-1281286278,FD-1146626711,P-273774,FLS-ALL
age: 1143016
x-amz-request-id: MJMHW35J0TDBFKRA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-1281286278,FD-1146626711,P-273774,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "80515adb2b0b67cf2af4b65a34419acd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1405780388233
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Sun, 30 Apr 2023 03:40:30 GMT
via: 1.1 320446d48de33b9e6a0384a85f613b80.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0MBsVuTF6ssUsnlDy0FqeIVv.momltc1
x-amz-cf-pop: ORD58-P2
cf-polished: origSize=1546, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-1281286278,FD-1146626711,P-273774,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 527
x-amz-id-2: aY88CibRPYduUK5QII0nCNkr29fQbHruMf1VKN1EqIxttX2A39W1HKZlUBJoH1F0oNSOdXjjMDI=
last-modified: Tue, 14 Feb 2023 19:50:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCHSBqd0entHGXl7bdnbLylYOLxU1gRTpwzg%2BqLMYnxdxrSrH%2BUXoGM6pXMp1QzGZeGnURSH69drpWG8D1gOZqAptjoQvyPmJgTjcax4W7ue19fiSbQBtgIblWSwXbF2LdfISSp25KsTp65oBWM%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfcc3841d847151-YUL
x-amz-cf-id: TfxVHIzctsLK1iRe53gPtg2yZMh5SrdYJlJsQaCGSYhsQJQPm6NXTA==

GET
H2 200 fa-solid-900.woff2
f.hubspotusercontent20.net/hubfs/273774/fontawesome/v5/webfonts-5.15.1/ 78 KB
79 KB 253ms
215ms Font
application/font-woff2 2606:4700::6812:f30d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://f.hubspotusercontent20.net/hubfs/273774/fontawesome/v5/webfonts-5.15.1/fa-solid-900.woff2

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573270020/module_74528893008_Font_Awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f30d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.remediant.com/
Origin: https://www.remediant.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-37156491377,FD-37156042291,P-273774,FLS-ALL
x-amz-request-id: MD593V2DDRZWFAKM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-37156491377,FD-37156042291,P-273774,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "8e1ed89b6ccb8ce41faf5cb672677105"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1604594063633
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 05b3bdb53d1146d1176c185d2da0d530.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-version-id: bDHAcLv_aenJ37tZ_.GI4ehqpey3jz35
x-amz-cf-pop: JFK50-P6
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-37156491377,FD-37156042291,P-273774,FLS-ALL
x-amz-meta-index-tag: all
content-length: 80300
x-amz-id-2: Qwe5lUo1hPW5+RYOlow91yRKYlRj7MoPdAdsP+7dhHUPVcCSEXe9MrbMvvuRQZOnc50PHqyYOV8=
last-modified: Thu, 05 Nov 2020 16:34:24 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bfcc38449c67138-YUL
x-amz-cf-id: zaTxdTjSKk2wK-8KvBIGMCYJi5c_zaX6nlyzw3KHyVBj-vKssAnMig==

GET
H2 200 / Show response
settings.luckyorange.net/ 25 B
679 B 285ms
234ms Fetch
application/json 104.26.10.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&s=186679

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c7954754ee5cde5d9c8ba7781b4a0f4427ca8fa7c1d54123c3a16320a653aa6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.remediant.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AINtvwFHfYCLKHj3RwzsV4Co5VG8Z%2FXmPB9%2F6jluYrS%2Fo8MGeOMEZ%2FBs9YDJe89wZqALg%2F5B%2FCcEXnEo7Zqww3EKczaKdsmDF5zn5RwKGPJQksu1tTPxr8m%2B%2Bk8%2FdjX6jdwOCnHzCVg1Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 7bfcc384d9d13fd2-YYZ
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
470 B 50ms
49ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=20744427&r=1682826030815&ref=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 20744427
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdsphRHLX-ndSUYRv7t5FKLtardnQauViKxSCjrxpigq0_PgpGXopiMSa0NjX3KIt7CZ_DwNUA9ta9wAXeSKClHSr2S9PFHe
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Sun, 30 Apr 2023 04:40:30 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 75ms
38ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=20744427&r=1682826030815&ref=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.remediant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 30 Apr 2023 03:40:30 GMT
expires: Sun, 30 Apr 2023 03:40:30 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycds70gXDiWaOz67jIfjU9PMsNW-aiJuJ-DXXzwhcOR6sVSYilS1SvISQTq10dzURIcfboB2wFRzYKxh06_Of3FZyLgipy5-6

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 66ms
19ms Script
text/javascript 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZLWKSD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 30 Apr 2023 03:22:23 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 1087
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Sun, 30 Apr 2023 05:22:23 GMT

GET
H2 200 hotjar-954375.js Show response
static.hotjar.com/c/ 0
430 B 198ms
118ms Script
application/javascript 18.172.134.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-954375.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZLWKSD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.172.134.23 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-172-134-23.ord56.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
date: Sun, 30 Apr 2023 03:40:30 GMT
x-content-type-options: nosniff
via: 1.1 59b18ae9c8f051f88a7d6aa015247092.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD56-P7
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
content-length: 0
x-amz-cf-id: obi1tyQzhM6kz1ZnLIwx5uoU-05h2CZlepELGkUovXfan7w31lEnmA==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 77ms
25ms Script
application/javascript 2620:116:800b:21:1456:d0e1:7db4:a56b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZLWKSD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sun, 07 May 2023 03:40:30 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 74ms
19ms Script
application/x-javascript 2600:141b:9000::1725:7b88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZLWKSD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::1725:7b88 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=81678
accept-ranges: bytes
content-length: 4777

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 82ms
25ms Script
text/javascript 34.228.204.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.204.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-204-142.compute-1.amazonaws.com
Software: /
Resource Hash: abbc3bb21ca10806586c97e990d59da8578a7481cea5fe1dfd9b9920625a67c7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 30 Apr 2023 03:40:30 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 75ms
19ms Script
application/x-javascript 23.54.69.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.54.69.151 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-54-69-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 23B28664DCEA9EF7
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=24790
accept-ranges: bytes
content-length: 948
x-amz-id-2: AySDnc4uRjW9Th6WvSZfrFG03ojfW1Xc9SiULhzo6VNG69N0xYQoufNtgaRAnzXIDkZKs4hiwts=

GET
H2 200 fa-brands-400.woff2
f.hubspotusercontent20.net/hubfs/273774/fontawesome/v5/webfonts-5.15.1/ 77 KB
77 KB 213ms
212ms Font
application/font-woff2 2606:4700::6812:f30d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://f.hubspotusercontent20.net/hubfs/273774/fontawesome/v5/webfonts-5.15.1/fa-brands-400.woff2

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs-fs/hub/6859063/hub_generated/module_assets/74528893008/1653573270020/module_74528893008_Font_Awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f30d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.remediant.com/
Origin: https://www.remediant.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-37155930462,FD-37156042291,P-273774,FLS-ALL
x-amz-request-id: WQ0X993AF246JCZW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-37155930462,FD-37156042291,P-273774,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "f075c50f89795e4cdb4d45b51f1a6800"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1604594063586
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 2f276f8b7ce92ba7a0844268d20c32ba.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-version-id: pN.uKcufSlZvmBX2EclT8dI7ueKQ5HLY
x-amz-cf-pop: JFK50-P6
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-37155930462,FD-37156042291,P-273774,FLS-ALL
x-amz-meta-index-tag: all
content-length: 78460
x-amz-id-2: ONy1FvWBRV5JC3s/Sp/Z6DPeljGRk/dBY4uAQ/znVia3sG8oeBTff+vrc3r+5XftY51bl4hpEnU=
last-modified: Thu, 05 Nov 2020 16:34:24 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bfcc3857b4e7138-YUL
x-amz-cf-id: zDGby-9VnpXBeRJwATlcSItNWcfYZ43hKSooMm8Y913BgGzY9F2p3Q==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/417996/domain/remediant.com/ 36 B
371 B 211ms
94ms XHR
application/json 2600:9000:2507:bc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/417996/domain/remediant.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2507:bc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
content-encoding: gzip
via: 1.1 74b6b6a4f766ff964b6f4249af5f5a90.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD58-P7
vary: accept-encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: wBVSJgzK2NWoq_5BxDVG9_LBMHeXxWq-UdaDT6YjLTKFssJYPjHHcg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D417996%26time%3D1682826031063%26url%3Dhttps%253A%252F%252Fwww.remediant.com%252Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&liS...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&li...

0
705 B

79ms
40ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&liSync=true&e_ipv6=AQJRp8L0IIR-KwAAAYfQP3EvjgnMIU50mbzCNLPT89wHhKoiG5t36uKXCMEHn-3VRKquHpw3
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:30 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1CA34F991C314A70B873074D9A7EA3A2 Ref B: YMQ01EDGE0609 Ref C: 2023-04-30T03:40:31Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6hXfT2QJzeSMGSoVMKA==

Redirect headers

date: Sun, 30 Apr 2023 03:40:30 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D58583C24E7243A584CA8711B5102F51 Ref B: YMQ01EDGE0517 Ref C: 2023-04-30T03:40:31Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=417996&time=1682826031063&url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cookiesTest=true&liSync=true&e_ipv6=AQJRp8L0IIR-KwAAAYfQP3EvjgnMIU50mbzCNLPT89wHhKoiG5t36uKXCMEHn-3VRKquHpw3
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6hXfSCpm217pPhh3ggw==

GET
H2 200 rules-p-kU-4ukvB_hUJR.js Show response
rules.quantcount.com/ 160 B
639 B 160ms
93ms Script
application/javascript 2600:9000:21dd:7600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-kU-4ukvB_hUJR.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:7600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f721824389ffd3f3b3fad6179d2f0480582b4ef33674dcdc1afc5764170e71fb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
via: 1.1 5d840d432727e3561fd1a3de915212ca.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 00:46:49 GMT
server: AmazonS3
etag: "100ef64c56da3648a96c6e9d0bd2bf5d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: C9Bips1stildP0UsjryXm0zJMJxKeYP7hv9WxfD38pD0obG7VP7mLw==

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 24ms
24ms Stylesheet
text/css 34.228.204.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.204.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-204-142.compute-1.amazonaws.com
Software: /
Resource Hash: 797d6004defc2d9e350f0de1e484b727ece78dca819f906095cebe8472714482

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 30 Apr 2023 03:40:31 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
793 B 71ms
23ms Fetch
image/jpeg 34.228.204.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.204.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-204-142.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 30 Apr 2023 03:40:31 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
210 B 34ms
33ms XHR
text/plain 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=812272946&t=pageview&_s=1&dl=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&ul=en-us&de=UTF-8&dt=The%20Role%20of%20Admin%20Credentials%20in%20the%20SolarWinds%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=172806572&gjid=1671874738&cid=1279885902.1682826031&tid=UA-39978471-1&_gid=1694737601.1682826031&_r=1&_slc=1&gtm=45He34q0n81WZLWKSD&z=1425556158

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 03:40:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.remediant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 json Show response
www.remediant.com/_hcms/forms/embed/v3/form/6859063/6d77a334-bf4b-43c1-9434-596164ae9f9b/ 15 KB
4 KB 97ms
97ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/_hcms/forms/embed/v3/form/6859063/6d77a334-bf4b-43c1-9434-596164ae9f9b/json?hs_static_app=forms-embed&hs_static_app_version=1.3102&X-HubSpot-Static-App-Info=forms-embed-1.3102

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2cb33df1c9c792f264f31e72bf706133c87abb32252e9df0d819a88221b3f73

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8552c820-42da-4a9b-a9e8-71d45f207111
x-envoy-upstream-service-time: 31
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d15c0185-9f9c-483c-86b3-ae0492d4e640
server: cloudflare
x-trace: 2B8CF6F0AEB01053DAC8A0ED0F91C9469B29D17AFE000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-th6jg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAFHEpbu3yaLmEIKRJedHHP1z%2Bax5IOanXRH2Q6C2riPbyNbZULXy0XTPhrE4RwLBkqu0kPbCGs%2FI%2FL9RsG%2FHx581YCbesV9GQNXsQB3AwWHZ6EjLzVFNsFjCfNcYwKO99L%2FIZkx9uVvP0V2hukR"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfcc3865a0d4bb9-YUL
access-control-allow-headers: *
x-robots-tag: none

GET
BLOB 200
OK 117fd595-e169-4103-959f-e6c4f33f3bda
https://www.remediant.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.remediant.com/117fd595-e169-4103-959f-e6c4f33f3bda
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 6859063.js Show response
js.hs-analytics.net/analytics/1682826000000/ 65 KB
21 KB 126ms
97ms Script
text/javascript 2606:4700::6810:8cce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1682826000000/6859063.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/hs/scriptloader/6859063.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8cce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b53ea181bfbb811df6aff471b1b1a54f9720318430e8dcb86f0ef30c624147e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: SNNCS2C4E5T1G992
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 23
x-amz-id-2: +hR4I87xCm/vGD7oobMWlIAMBVvxeDQN48D26AdqQRtv3sfDuRH6kJLCUWsR7OSwjZR1BQWV26o=
x-evy-trace-listener: listener_https
x-request-id: 7bb5dc38-0bd0-4747-878b-d024d1944448
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 18 Apr 2023 14:08:41 GMT
server: cloudflare
etag: W/"1114f6a8b956661469f1de4699c9d6e7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-mv8k9
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7bfcc3869ad0713e-YUL
expires: Sun, 30 Apr 2023 03:45:31 GMT

GET
H2 200 6859063.js Show response
js.hs-banner.com/ 60 KB
16 KB 222ms
193ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/6859063.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/hs/scriptloader/6859063.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9391b35a802bed8bf48fdc880aeab3db1e745ed504637e7ff7cc647c7094b036

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
x-amz-version-id: JdncFsiIJqjWyHHeB.TDk5_Hyxgi78Ym
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: SNN732TW3ARSGFNH
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 36
x-amz-id-2: nTGuwDAm5vYXPB/cHm47Mcd3PwUAiUr+eZO6FrtBruWew9Y15eiIl/gsF6P2OXccD69FOxmFbfcJhsnHxWqG9OTTwouIQsFJ
x-evy-trace-listener: listener_https
x-request-id: b5b62f1e-d0b8-45c6-8203-f351e6305d05
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 17 Apr 2023 15:59:35 GMT
server: cloudflare
etag: W/"d8775532cf466dbeca854267b09f6e22"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.remediant.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-76cd9
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bfcc3869874ecf2-YUL
expires: Sun, 30 Apr 2023 03:45:31 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 92ms
63ms Script
application/javascript 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/hs/scriptloader/6859063.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Origin: https://www.remediant.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
x-amz-version-id: aBw9KhRIvCv.ZxIPDLAZZBBgMDNKkxQd
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-cache-status: MISS
content-encoding: br
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.362/bundles/project.js&cfRay=7bfcc3869ec833eb-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ed5773f-5e99-4693-9634-3cb85469efe3
last-modified: Thu, 27 Apr 2023 09:01:08 UTC
server: cloudflare
etag: W/"bace8c71ddeb09e8dcafa17e11c33f6c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-dx4mf
cf-ray: 7bfcc3869ec833eb-YUL
x-amz-cf-id: -db6cNZvnTtCMGq3X9pIEQsTZiZxLI8SYfCRI41OPhmi6OhzkDXhOg==
x-hs-target-asset: collected-forms-embed-js/static-1.362/bundles/project.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 55ms
24ms Script
application/javascript 2606:4700::6810:77be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/hs/scriptloader/6859063.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:77be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0df60d15ee1b87cc9007f1d50ea2d9fd8560ac1b7cf143a51208f20b27a59fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
x-amz-version-id: .SjrrXgKPXt.4Z9u7JrAeq5b0ko7RK6Q
via: 1.1 76a7fdbced88b6eccf433c4e386bae40.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD89-C3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
age: 24
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.360/bundles/pixels-release.js&cfRay=7be8c98ebcc23ff1-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 91e036cf-7145-438b-a978-9bec82c30f48
last-modified: Mon, 17 Apr 2023 03:30:21 UTC
server: cloudflare
etag: W/"1ecc18fb1c2090998fc7361c029fa6a1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-httbh
cf-ray: 7bfcc386a921715a-YUL
x-amz-cf-id: qec5RhCK5L5SQpSXED-t74mF1IDVta3WXicjim8dIDJngEvVEyNv5g==
x-hs-target-asset: adsscriptloaderstatic/static-1.360/bundles/pixels-release.js

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 128ms
39ms Script
application/x-javascript 2a03:2880:f011:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3173b8efb0c1ebdf6f8d81fa319ebf1be5ca41ce60ae2de1fd911f392fdda5d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 30 Apr 2023 03:40:31 GMT
content-md5: +rfX9kfbMBnYxf8P+mgllA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: PCezdgtsCzh2BFZhpg1HS2jrQBGfcxy5MmV4LF4JOreQ85jiD7n5rrXB477WlDVOfq/f9a/aAADgkSAY4snxPw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1460883810
x-fb-content-md5: 01696d51ab8726cb886bf41e938a9e18
cross-origin-opener-policy: same-origin-allow-popups
etag: "29ee050ae5d156efa71a0dc4a636f48b"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Sun, 30 Apr 2023 03:57:46 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 85ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D31) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 03:40:31 GMT
Content-Encoding: gzip
Age: 193
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (nyb/1D31)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 84ms
32ms XHR
text/plain 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-39978471-1&cid=1279885902.1682826031&jid=172806572&gjid=1671874738&_gid=1694737601.1682826031&_u=YEBAAEAAAAAAACAAI~&z=785747598

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 30 Apr 2023 03:40:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.remediant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
682 B 127ms
122ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=6859063&callback=jsonpHandler

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f5994222-971b-4760-a872-d0e569d0c7a3
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7bfcc386aa2a4bd7&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 18d338a1-d9aa-44ca-8cce-2df4c0f08487
server: cloudflare
x-trace: 2B7F73BF6D4BF8D8CF9E740B08F5A1EDD6408B4D28000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-sbk7p
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7bfcc386aa2a4bd7-YUL

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-54ef47e26970a302/ 3 KB
900 B 89ms
78ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-54ef47e26970a302/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-223-56-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b500f39655f4ebd1aa0c5a5708fe904ed03701bbb236ed00a9ff7c62e8377cfb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
content-encoding: gzip
etag: 1583908396--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=21, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 724

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 136 B
1 KB 253ms
96ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=644de32e42690dce&bkl=0&bl=1&pdt=187&sid=644de32e42690dce&pub=ra-54ef47e26970a302&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.remediant.com&fp=blog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1682826031200&jsl=4097&uvs=644de32e7b1633b8000&skipb=1&callback=addthis.cbs.jsonp__57814247262974840
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-223-56-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e0dcf16738580d368393b88022a70bf821a18a534928f303345006595a5dd419

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
pragma: no-cache
date: Sun, 30 Apr 2023 03:40:31 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 136
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 5C05 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 2186 71 KB
26 KB 43ms
43ms Document
text/html 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a173-223-56-138.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Sun, 30 Apr 2023 03:40:31 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 75 B
722 B 123ms
91ms Script
application/javascript 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=6859063&offset=0&limit=1000&contentId=38810599249&collectionId=23364657186&callback=jsonp_1682826031208_51873

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e218cbb73ebd1f7504abddc5d4d0ca0565c4552433937d6d55bf77cbc9773fbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: fadf9a5a-be93-43f2-88df-1fb47e27fab3
x-trace: 2BBCA9325AC72B36E813FEBA20FEFFD0D23D2792FEE0F50027931A6DB801
vary: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BNu%2F1%2FtOEbFl%2FUmamVAs2sbgaxs6mRTzhMi%2B2qWWaVoMnub9%2FtcEcEUYeVXZOwJ4iZ8n1k2ca7bke41wuGFcnnpg%2F3DBFu9AMLfXU5J3b3yQ9nwvwLeLkkGuBGxutc7rMIZ026r9MXYArUQGnJjYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
cf-ray: 7bfcc38749f1713c-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ Frame 39EF 287 KB
93 KB 89ms
34ms Script
application/javascript 108.159.224.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.159.224.153 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-159-224-153.ord56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb

Request headers

Referer
Origin: https://www.remediant.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 02 Sep 2022 22:23:54 GMT
content-encoding: gzip
via: 1.1 e1a81ade406e57b0570d14c0b85bc6aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD56-P4
age: 20668598
x-cache: Hit from cloudfront
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
etag: W/"6a7ba000cc0f3518baa46608eb12410c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: ZIdrFvcgbodNDx4chmHWleiENaMUHbJwxE4k3XSs2U-nZsxvZK1H1A==

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1007 B 76ms
48ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 03:40:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: e5854e70-a977-4527-a905-7a92d7accbfd
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6ac46605-ff57-4ccc-98f0-f9df951b1b6c
Server: cloudflare
X-Trace: 2BD6861108E6080F67F6DE45F7B2EAC381F6A1F066000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-bmnkz
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bfcc3878c4e713e-YUL

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 15 KB
4 KB 246ms
241ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&pageId=38810599249&pid=6859063&sv=cta-embed-js-static-1.167&rdy=1&cos=1&df=t&pg=40cb7387-0496-4e53-89ec-7ec6c1d60438&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&pg=2b679e57-d3fa-4069-b5cd-41575006a048&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&pg=2b679e57-d3fa-4069-b5cd-41575006a048&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&pg=2b679e57-d3fa-4069-b5cd-41575006a048&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&pg=702e86df-247a-42ff-b636-b1a0c9a7a426

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27ac19f6407bebf3798ce36f19c1649b9a9edc364a483d0468cbdadcf0b493ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f768be12-7d1b-4766-aa85-b04ff69d84af
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 241d455a-8742-42c3-b720-e653b2a84a82
server: cloudflare
x-trace: 2B682F6BC3A90974CA3ABA170CF5DAB2DEB34F106E000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.remediant.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-nglwz
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xRQQo7lyWldIxLViLZ%2FSpXBHNahQ%2Fzk5Z%2Bw3SBbaYg%2FQFHCUTj6y%2BfgRtIvh2zpuwAZt9YRhL3mxzmIz0QFYiF%2BpNB8BQh02IssVSkql0JCgHtrT6%2BLAH6OcsRyNGZ3z1eOvuvAlUejuseB7i5qZieJeGN6Z3z9LA5Q%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7bfcc3876af54bd7-YUL

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 83ms
36ms Image
image/gif 2607:f8b0:4006:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-39978471-1&cid=1279885902.1682826031&jid=172806572&_u=YEBAAEAAAAAAACAAI~&z=763263168

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 03:40:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 85ms
38ms Image
image/gif 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-39978471-1&cid=1279885902.1682826031&jid=172806572&_u=YEBAAEAAAAAAACAAI~&z=763263168

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 03:40:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1007 B 82ms
54ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 03:40:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 9a11749f-6896-4e29-a220-3c361dc69ef9
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 7
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e28e2a59-d123-4425-8bff-795cfdc81225
Server: cloudflare
X-Trace: 2BDCCE5EC98F1DEE9B5349330A3EB70CC92ACFFD4F000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-v9xpw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bfcc387fc1c33f5-YUL

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame CCD4 320 KB
104 KB 18ms
18ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.remediant.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 108493
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Sun, 30 Apr 2023 03:40:31 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 pixel;r=2122689936;source=gtm;rf=0;a=p-kU-4ukvB_hUJR;url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack;uht=2;fpan=1;fpa=P0-74494953-1682826031066;p...
pixel.quantserve.com/ 35 B
372 B 49ms
24ms Image
image/gif 2620:116:800b:21:1456:d0e1:7db4:a56b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2122689936;source=gtm;rf=0;a=p-kU-4ukvB_hUJR;url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack;uht=2;fpan=1;fpa=P0-74494953-1682826031066;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;ref=;d=remediant.com;dst=0;et=1682826031363;tzo=0;ogl=description.I%20wanted%20to%20share%20my%20thoughts%20on%20the%20SolarWinds%20attack%20that%20has%20been%20used%20to%20tar%2Ctitle.The%20Role%20of%20Admin%20Credentials%20in%20the%20SolarWinds%20Attack%2Curl.https%3A%2F%2Fwww%252Eremediant%252Ecom%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-a%2Ctype.article;ses=b99a8dc9-ae4e-4ef4-8ced-fb4dee83b1b5

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 303 KB
85 KB 80ms
41ms Script
application/x-javascript 2a03:2880:f011:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=cf5236b77b7d33ef828d0a1502f2f758

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3dca1b18b9db07b6cb53e22aa74f44d98968648d0950f2b0c48958c55a0d380a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
Origin: https://www.remediant.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 30 Apr 2023 03:40:31 GMT
content-md5: vY7UKRn2/1hVpJ24YU7eag==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87026
x-fb-rlafr: 0
x-fb-debug: T/C/+m67zNupZa2qEZMXGhFJunFL9KLq7aPyx1NNWFVoXnTJMvXvBgwjbFTIFinL8wk87v4bV7GJ9OTQz5/ZEQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: b3ca8e65932de75a1973c6d00b73eaa7
cross-origin-opener-policy: same-origin-allow-popups
etag: "c86193f43fe5b6aed248ec50a3a90672"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Mon, 29 Apr 2024 02:27:15 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
449 B 63ms
50ms XHR
application/json 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6859063&utk=
Requested by: Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fb87d88f111776855dc6308c1c7773ca3839807a856f30385bcb27ad61f42ea

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 268cda2d-9239-486e-a22f-a4cb01ee3a7e
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8af9a4fc-e895-42b3-ac4c-a3b91ef20a64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.remediant.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-9sjmd
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7bfcc38849d933eb-YUL

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 23ms
23ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a173-223-56-138.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Sun, 30 Apr 2023 03:40:31 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 94 B
288 B 24ms
24ms XHR
text/plain 34.228.204.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=Xve1da1krYlzEarKmNXl-g&is_js=true&landing_url=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The%20Role%20of%20Admin%20Credentials%20in%20the%20SolarWinds%20Attack&tip=8l9wUegdzU9oQ_ynXHsmr1sH-X-ytJaJh2Wz29VOjRQ&host=https://www.remediant.com&sa_conv_data_css_value=%20%220-6e2f6c46-28b0-583d-4aef-12173050d3ad%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd96e2f6c4628b0583d4aef12173050d3ad953899b9&sa-user-id-v2=s%253Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8&sa-user-id=s%253A0-6e2f6c46-28b0-583d-4aef-12173050d3ad.lN%252FmJ6m7E8OxVFpdFXFSPdRE60zlviULh3kgKyNDU60
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.204.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-204-142.compute-1.amazonaws.com
Software: /
Resource Hash: 078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: https://www.remediant.com
date: Sun, 30 Apr 2023 03:40:31 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 94
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 123ms
97ms Preflight
application/octet-stream 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.remediant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.remediant.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7bfcc3889f46ca4f-YUL
content-length: 0
content-type: application/octet-stream
date: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-76cd9
x-evy-trace-virtual-host: all
x-request-id: 69b03428-df6d-41d1-b74d-0e32e86a61dd

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
167 B 63ms
62ms XHR
text/plain 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/6859063.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: d3a50809-9a64-43a1-8bcc-b88dd9f9e73b
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b1612ba2-80ce-4d09-b676-1d3b15d981d7
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.remediant.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-5wkt9
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bfcc3893fbeca4f-YUL

GET
H2 200 settings Show response
syndication.twitter.com/ Frame CCD4 800 B
642 B 121ms
42ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=86c0833ef41987b5cf5cead1115361cd79795a18

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.remediant.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

5b152c384ea8c3be37e1991fb98124e98e741249d1ae916fee12c197a7ded34b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time: 6
date: Sun, 30 Apr 2023 03:40:30 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: tsa_b
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: c5abc21b97a63265
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: e51a384fdc9558f90b091b63e3e4d6fc91879f6e4f25617f98d23a92dbcc8055
content-length: 322

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
644 B 69ms
53ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 29458865-e479-4b0a-95ba-38d8a3ca474c
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0159678f-aa20-4860-abbd-83163960c878
server: cloudflare
x-trace: 2B76A92B91367AAE6566899A45C8DEC7000DED7C0D000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-8q9cj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7bfcc388d9cc33ef-YUL

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 95ms
94ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&lt=1682826030695&dt=1682826030706&at=1682826031526&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 57968deb-d907-4e1d-8528-195766ae5c3f
x-envoy-upstream-service-time: 6
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 03e24af1-6248-434f-baaf-121bc80e71f2
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2BC8E4F331C031F0BCE1CDA7B56322441133D1B608000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZRL%2Fxu9JWQKKRo5F8HerWK4H2%2BNFLYvdeDXsvXGGwuu9uj7VbzCpk5FtwFL26db975dEzWl3FcR7G8YHneUu7byxGWrerupkw9d44NF28ykTB1rLFKehdquEHmVCrzWWNSNaQYt6UdikJxtISGs"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-qq552
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d834bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 86ms
86ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&lt=1682826030695&dt=1682826030706&at=1682826031527&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 53749d5e-4609-452c-856d-5daeaf02f038
x-envoy-upstream-service-time: 5
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ab7ef9e0-d64a-44bb-8ff6-8c66f712bb30
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2BBAE56CD1908F99D24972C04E4AA77A28FF5A4F3D000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xqx%2FDCdoN7cZzJDsLgi6u1DXvAjP73Ktxq4eDqt12gNiXvdP6Xz8FbYZCoODq8n3VVK%2B9Vx4CupYQbEnucmW3VvtMMtCrDJHRDDWN0HznjzpD1HOsRMQPvsywELTGDAdf6vgh2XXp0CdAHXqhZSb"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-nglwz
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d844bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 112ms
111ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&lt=1682826030695&dt=1682826030706&at=1682826031528&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: de4ff249-7daa-4ae7-b796-6a81680a61b7
x-envoy-upstream-service-time: 4
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 409f18d9-d19f-47c5-a168-612e4b1809bc
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B91A400586F82D3A6060BDD3BF99AA29B0967A78F000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NU%2BA%2FsT6Yh0hc2O6gCo%2FkSNKaJHseMqk4FFBr9bzN9hsUWhkrk5gm51bP48dCqFCwm%2B6tFGJAF1Rxs6xj1rfPm3aGypVWslBPk3vPTXKUITpmT2BDBW0WrqUE6x3Gq6xIfBVVvIcx1DQyCedwVNZ"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-8q9cj
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d864bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 99ms
99ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=b3a2585e-63e0-4628-8c8f-c21d1f799bac&lt=1682826030695&dt=1682826030706&at=1682826031529&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e4c2a091-e986-493d-880a-961707618e4b
x-envoy-upstream-service-time: 8
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 16dff8b1-2f1b-4b8e-b2d0-50e550382040
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B269ACB91A8EFBAB1669C1D5C7AA5BE7C805EE7EE000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOf5883XIZq%2BZ8Mse3V8rKcvX4Zt8BB3nRIGl4H%2Fe6b78Ru9pplyOCn47S2%2BqkBe9nNuNtumk6wRf5QmkLHQfTeOLVLmU2NmX2jobi61n4H1Rvl4PCEjxY6xH0BbXYpZOhsZ01nbGv1ScLt6ZboD"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-bmnkz
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d894bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 124ms
124ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=40cb7387-0496-4e53-89ec-7ec6c1d60438&lt=1682826030688&dt=1682826030691&at=1682826031530&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d9e2a9d4-f4fb-4e07-9e25-e44251422b33
x-envoy-upstream-service-time: 5
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 573970c2-5421-4b53-b81c-2b9de753065c
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B99B94263B95E79F87434CCFF5A63828EFA88E15D000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8hbGWu88xOKFWTxjiGDjFoQW9z9nlplLrdDenTc5w2id2ror7wJE%2BH3reeItVSJVNnIBiwPTUvbWF5Y2yx%2FQXyR6HhSjXlyLLVvJW8ZgapDJ9KZebMrpKpdIY%2F7NhAv2E3bB53Cq%2FdufnAOLF3Vs"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-qq552
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d8a4bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 121ms
121ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&lt=1682826030694&dt=1682826030705&at=1682826031531&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d94386fc-3ecd-4c02-ae48-6aea6bce7d8c
x-envoy-upstream-service-time: 5
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e8fde6bb-5bc0-474e-9f44-ebdf8dac4069
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2BFBC091C11BB8A0DFB2E96E62BCEB1CCD0EB9B073000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMWgHX%2FCN5vvCF%2FII0sKSPkQLpJCyT%2FzOA9niWppa%2FoZYWoHDzbo7BWyhpweeBhGmmiJh8u0XHGgJImYy4eCKfIqe9p1WuGfEy4XPk1L1Us42NeFyPgKhPqxV%2FCEpQTx4H9ne8O5N72JvVaXWBEl"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-n9nn6
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d8c4bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 108ms
108ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&lt=1682826030694&dt=1682826030705&at=1682826031532&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 72ed3267-ac55-458d-9f50-0ced734ed751
x-envoy-upstream-service-time: 2
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5999ffb8-5001-4c73-86e4-4bdc2575d113
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B6F7F437EC127222FD85D0AB9E0B71AF9E071F003000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dChAJtQnZ3DDM%2FyLG4kvfZMdQM07SHh%2BV6dkSUWmQnrpMxtWphzzDpyFwetOKrMZpX%2BZRnKeS2Q7w9807js0jxadiYELeqW3%2B0I7AZ1RBxjsewbiWthYOgv%2FyFn47EfHBHz1TOG4RWWi2aQjqu%2Bn"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-cxp2g
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3891d8d4bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 111ms
110ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=3897fd4d-9753-4480-9bd8-1235b8f06ee0&lt=1682826030694&dt=1682826030705&at=1682826031533&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8fe2c2e2-b8b6-45ff-801d-0f1c02477a07
x-envoy-upstream-service-time: 2
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 44e34050-2fa1-4a6e-a991-3693b6df1836
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B2649553C262672AD713806CBBAFCF02721A35025000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9AaeP8ydHiiy%2FhMiBrALFCfq66sRuoYElMo0dKxPJmhgjAsCahUIMsy2txRIZlA555S4Htc1uwAmzdVAsn4N5nA%2FymqxogzSzSDVy627DAs01TBsbYEyQeCVBYZQjkvskJIVDm2dB61asQQ%2BKgZ"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-th6jg
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3892d904bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 111ms
111ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=2b679e57-d3fa-4069-b5cd-41575006a048&lt=1682826030697&dt=1682826030705&at=1682826031534&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3f3f865b-adcc-468e-b19b-9ee0ddf81275
x-envoy-upstream-service-time: 6
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 762f50a4-4962-4700-b610-37681227a4c7
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B7C0C7575FC5C470D5FD717155245E0AB2B63BF02000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPHJs8kf8ULcpIPE5GrGIWn4aV8gd3rnVVxpTN7rlPLYvmo00oc6Kl%2FVWEUMRXfHI4R%2B0CW0M%2FYXZ%2BDsB42%2ByilekcYEWlTbz9Y%2FGk5sGTk7paKCLMQiBT9PW3uSYySjvOsA3YVIPcgNJnL2GSse"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-n9nn6
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3892d924bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 102ms
102ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=2b679e57-d3fa-4069-b5cd-41575006a048&lt=1682826030697&dt=1682826030705&at=1682826031535&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 357b0486-9ad1-4923-88e2-7dde600994a7
x-envoy-upstream-service-time: 6
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2ba98891-bed1-485a-aac9-2b6c105b7726
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2B20047A52ABA6A6F68D147B8359181BC03A9B2964000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sxV%2FGnBokTuBB4dQUOt8v98vYysJtkIP0fC2du7JJJGol19dgI9bIPY5Y0JHkTe3KOADieVFJLCElCSiNM3%2BcqPu6%2B3I0gv6VEGuIAh%2BYlVonM0RoQSLw5IkMJCbcOL3lffCZoYvnAD1LCFEUOaK"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-n9nn6
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3892d944bb9-YUL
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.remediant.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 95ms
94ms Script
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=6859063&pg=702e86df-247a-42ff-b636-b1a0c9a7a426&lt=1682826030944&dt=1682826030945&at=1682826031536&ae=1&an=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 03:40:31 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6f8c08dc-4a5e-4b88-8109-8d2a4674a296
x-envoy-upstream-service-time: 4
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6ac94b90-30bd-42a6-ae62-49625d273de6
last-modified: Sun, 30 Apr 2023 03:40:31 GMT
server: cloudflare
x-trace: 2BBFF7DD93D2F7297714ED04430E9A0F6C45A56805000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvir6GAONBcRHPHXqtaPGm57n1uDWH74qBDN5izGTf2vbHCSGjoiFFJw3C8z3IR0L5pO7nlCCkzXDcA4GbB2mlqozqYOB6GOBDaVDo4CV8yksxTrjr%2FFjvBGWvWVZEJ%2F2lxnEP%2F3IB9icHHJ7Ods"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-th6jg
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 7bfcc3892d994bb9-YUL
x-robots-tag: noindex, follow

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 124ms
96ms Image
image/gif 2606:4700::6811:d5f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 03:40:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: MISS
X-HubSpot-Correlation-Id: 257e09af-a266-4714-85ff-47ae011bbb92
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fb681c83-9146-4fa9-ad43-88c62857863a
Last-Modified: Sun, 30 Apr 2023 03:40:31 GMT
Server: cloudflare
X-Trace: 2BF04DAC91EB4E8BCEEB67A50E9A8EECC1666788F8000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-cxp2g
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7bfcc3895d1a33fb-YUL

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 105ms
81ms Image
image/gif 2606:4700::6811:d5f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 03:40:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: MISS
X-HubSpot-Correlation-Id: 4ab7242a-3e77-468d-b76c-38ec3c70988a
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 06f6963c-1911-4410-82a2-f540931485a4
Last-Modified: Sun, 30 Apr 2023 03:40:31 GMT
Server: cloudflare
X-Trace: 2B408FBCC4BA79A1FEFDA3609654D4AF504DCF6B4B000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-n9nn6
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7bfcc3895d43715a-YUL

GET
H2 200 9327a9be-fd59-4c65-bd81-1270bde2e6f8.jpeg
f.hubspotusercontent10.net/hubfs/6859063/hub_generated/resized/ 137 KB
138 KB 515ms
475ms Image
image/jpeg 2606:4700::6810:f315
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent10.net/hubfs/6859063/hub_generated/resized/9327a9be-fd59-4c65-bd81-1270bde2e6f8.jpeg

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f315 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50178e16af275ed5ee04cda72493f45ea1b6e2dcd00f07327742a8ed3b2dc854

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-version-id: YZAh3QBSw_W94xroDOfc1rKrfhv1dkud
x-amz-cf-pop: JFK50-P6
x-amz-request-id: SNNBC6XBTJ1PF7QY
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
content-length: 140053
x-amz-id-2: 1aSQU3iCz+8u/0D3uQgs5+3lh/sCEAiw+P75z8vNvh6OfYkkzmePA0UXOgxlZV5IRNNjGIcra54WUkRmFt0f1dhYoijdR43sx7JvF3bpGdU=
last-modified: Thu, 18 Mar 2021 20:47:19 GMT
server: cloudflare
etag: "a010ff8b3b90b80a6e5ebc6ce5cd346c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfcc3896eef3401-YUL
x-amz-cf-id: BrXve9fU90qwKUZ1ml-ceVdnWIrPGXSIuZGrrzq7PGNZN2jZpkzGDQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 195.461912c47007775093ae.js Show response
s7.addthis.com/static/ 384 B
538 B 51ms
51ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/195.461912c47007775093ae.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a173-223-56-138.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Sun, 30 Apr 2023 03:40:31 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-180"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 298

GET
H2 200 149.aff945d1dc324cdbb007.js Show response
s7.addthis.com/static/ 1 KB
644 B 49ms
49ms Script
application/javascript 173.223.56.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/149.aff945d1dc324cdbb007.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.223.56.138 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a173-223-56-138.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

3fd7d922a518a05575ffd631b3534f09d04427bb182b912544ea27ce9552acd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Sun, 30 Apr 2023 03:40:31 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-46a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 404

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
658 B 46ms
45ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032088&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: bd6b9c38-c651-42f3-b488-5d8a7527deb4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 52c679e3-b7ca-4d3c-882c-a2dd0ca1cd58
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSG51rqLqYhL5hr2CIhejZy6fYtN28mtvyzmFQAIPgQTsDN5RvSCId72YbzELKuH2QFmv8mjAug5Oz%2FGgtbW8pINA5fY64BqZixAX1OMvJkzH684aYWIKc2fQAQSnLfdwYkGi3fMtL5JVCSmgT9o"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-72825
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38ca9974bd7-YUL
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
649 B 84ms
84ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-hubspot-correlation-id: c40fbc90-2b5a-4eae-9ee2-2db6e4dac026
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c1497cb-94f6-4a99-9c9b-81ca0de9a6bc
last-modified: Sun, 30 Apr 2023 03:40:32 GMT
server: cloudflare
x-trace: 2B83E0EB61446ECDC9695695540E1C3BCFFF69B428000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-th6jg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 7bfcc38cafc933ef-YUL

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
432 B 58ms
58ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=6d77a334-bf4b-43c1-9434-596164ae9f9b&fci=34cb70c8-cb32-46b1-a0ff-1cab2f7e1b3d&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032090&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2b23dfbd-56d7-4eb5-9755-5a82a424f168
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f9b44117-2942-41af-b794-099a9f245efa
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldjAhypqq6XqF1qH7jS1NqEVDwA7pc5PNDcqQT0VKuKeWo3rydNrKddVWUh9XoIvvatAPdFKGwjuvkPgctXdrZzE2Os09XbmtC56lwEaB1NGUFB0gnr%2FENBTB%2FTgqtUKMe0GChgM43ei4Dlw8YIz"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-jndc8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cb9a64bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
487 B 56ms
55ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=6d77a334-bf4b-43c1-9434-596164ae9f9b&fci=34cb70c8-cb32-46b1-a0ff-1cab2f7e1b3d&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032091&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0a0fe559-f2c6-4ba6-85d6-cfce104e8b49
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1609b2b1-6825-4986-a334-d6a593c0e69c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ghBqq3DCzaJljE2sznc9%2BkrWsPT2Jd8DdiWLhAKRpZGpTBN%2B76hWuEsyPl08tH%2BAPEaQIEB1Xebo0kpcW1sGGpRZbrY2bAmUvXiEWNrLBSYCEeeLFO3JOtyXk6tGjvV4ThgmagU95xSmaw3IYgB"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-ps9fk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cb9a74bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
560 B 55ms
55ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22b3a2585e-63e0-4628-8c8f-c21d1f799bac%22%2C%22f6ebfa15-e267-4a14-94b6-e0454eab505d%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032094&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b39d659e-b0ea-46dd-86cf-c1b2c465bdaf
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2046e79d-bbec-41af-b9c2-f251721c631c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tCY6%2F3ZkS8Y8YIEBwIDcd6bx%2BsaNV6Gv7MkkEhopcs9Ik83e7hkEgWfCkVAq0I5JREecNiO6NxE1OafWxKtQ86oP54tvVW4mW3R1Q3Lv7q1fSd1nvhky7aF6GWTzrUy5TH3mYM9eiQY%2BQKnchm1"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-bsvkm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cb9a84bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
430 B 56ms
55ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2240cb7387-0496-4e53-89ec-7ec6c1d60438%22%2C%22ca3f13aa-ea2f-452a-ac98-d4b785c72ee0%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032095&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7c89e46f-2951-4a8d-bfdb-eb3850140e31
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3ac4b4cf-32de-4f27-a70d-b82dfa3b554a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1lHxNA6wG9b6pNWdGxwMWWs8Lg75HowJn27fOx7PnidmEL3L%2Bp7toFB5F7Gq8Id6Jh9WshlE9fpHLamveeraO4ogLAzuEZpu07V0c574pehqq9vQJmZxbffgP8X5RfguYXXSarEBu0D9EPzJd4K"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-mw7ks
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cb9a94bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
647 B 62ms
61ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223897fd4d-9753-4480-9bd8-1235b8f06ee0%22%2C%22f2fbec1d-a302-46a5-a231-3c411a94c68f%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032096&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 55e1d1d7-ee1e-425f-82d9-54d202ba06f7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e01d2e72-a2ae-4553-8a63-3e88b722e397
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oeHi7CFJzMVqX7xd7GArX77rrOFW3BxA7GzOFglqFJU0KOTx8%2B5yvrahQNuIekcBIwjozUE4LGICbVBaoui37GtR3XKNZBaTT2eNIVp7AUd7O3u3rDwY6uS6kpuQ6cAK5mHrRqruH4UrChAaP%2BsR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-bsvkm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cb9aa4bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
488 B 53ms
52ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%222b679e57-d3fa-4069-b5cd-41575006a048%22%2C%229859b115-7731-4479-81fe-68103ac90571%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032097&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9f3bce20-a840-4852-9fd6-0e596b73b765
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8cc4cbec-24be-4abb-b0f9-2662f7670d60
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi8YKvWQx8b74RfPEhygmT7Z%2BPSq7MTIiysz89KRjIRC9bByfC5jAQkNrMsag1rLEhyOXc8XwsF43U18xecXKd1T%2F35k%2BPJg7zG2AlfdRR3ZjAujH28AEN8oUjB3aHj841RLZRWV91htJfgcCyce"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-7gblk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cf9e54bd7-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
562 B 60ms
60ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22702e86df-247a-42ff-b636-b1a0c9a7a426%22%2C%2248952bbd-87d4-421d-b201-a4ccdb5a6e0e%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=6859063&pi=38810599249&ct=blog-post&ccu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&cpi=38810599249&cgi=23364657186&lpi=38810599249&lvi=38810599249&lvc=en&pu=https%3A%2F%2Fwww.remediant.com%2Fblog%2Fthe-role-of-admin-credentials-in-the-solarwinds-attack&t=The+Role+of+Admin+Credentials+in+the+SolarWinds+Attack&cts=1682826032098&vi=8ba5da0281701e393d061fa3a2a890e6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 03:40:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 56741a03-3b45-43b2-bdaa-dc0c3b05236e
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a36a4855-cf7e-437e-9860-95e191968782
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMDLjTyiQ7u2KMGG%2FCKHzb22D72GNCOOIjKSybp3NWOcJEBNmouIhyJxRcSWRS7w98wqpm6irSNTXlDy0SJRwROnOB6fbZiySRtnYdN8nidw686L9P0Sshl3G6vTk8M5Kju%2FvMFQVKonD8vAcKxz"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-fwlfz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfcc38cf9e64bd7-YUL
x-robots-tag: none

POST
H3 200 perf Show response
www.remediant.com/_hcms/ 2 B
894 B 79ms
78ms XHR
text/plain 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.remediant.com/_hcms/perf

Requested by

Host: www.remediant.com
URL: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains

Request headers

Referer: https://www.remediant.com/blog/the-role-of-admin-credentials-in-the-solarwinds-attack
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Sun, 30 Apr 2023 03:40:35 GMT
strict-transport-security: max-age=3628800; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fe768058-dccb-4a61-9d4c-aa5ebcd73049
x-envoy-upstream-service-time: 6
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1166316f-66e1-4460-ab86-9cb98de1dede
server: cloudflare
x-trace: 2B67B98E1A5B93FDE37C08EF303F0C176E40294D9B000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03w2BBvTOAV9VbLcUy2NjMXU5WgAVu0RgyVjIS1vZfIq5lxqxmFKuS05y28u9lxXcf6c3Qgfk4Qe7KWdr0S3EkfnZ8Cmch3GAQj%2FMga2uCgUCTMiB%2BIcVwzKBZfRg%2BM%2BVxqBQ2QV6z8lR8fmvmqb"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-758d5b9bb8-jbbjh
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 7bfcc39f5b564bb9-YUL
x-robots-tag: none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.remediant.com/	1970-01-20 11:27:07	Name: __cf_bm Value: j5Xux59_gjrsVd2WEkunmO5ua9XKdKl7RacFOarnz48-1682826030-0-ATgHY+VnLVd5ODsUiY1tuQnMGJYnC5wqZpAFfju/xuatEo9CAsK3df9JgHeUnEA/ea4Ae9xX0BkHasuYtQueWrw=
.www.remediant.com/	1969-12-31 23:59:59	Name: __cfruid Value: 8d7c011f3b457f821d0284dab3af229467e365e2-1682826030
.techtarget.com/	1970-01-20 11:27:07	Name: __cf_bm Value: Nm8KGmgCMPJ4L3b8TAGMaF9ZTdtdE7Ho9N0zTdGnMsg-1682826030-0-AWg3xm+OTVP29oKsM+/1ytPUjWgaecNVFPg0tgrI+/k+vCpROLApcLLl1iFAPm81ND5mDUMWZtg4IySv3SdG3b4=
.hubspot.com/	1970-01-20 11:27:07	Name: __cf_bm Value: MBdgH.JD.5CZMN.kHgk2yXwcGjB472ptko_enCZM0ZQ-1682826030-0-AUREgzGIHJC+K2WiJI8DKxFY0PS/obw9qrtnFK7NLMfOi4Lt/krOl+Wvq3jVPep9Fr4MZE1LdaoSk6WMCqK0QI0=
tags.srv.stackadapt.com/	1970-01-20 20:12:42	Name: sa-user-id Value: s%3A0-6e2f6c46-28b0-583d-4aef-12173050d3ad.lN%2FmJ6m7E8OxVFpdFXFSPdRE60zlviULh3kgKyNDU60
tags.srv.stackadapt.com/	1970-01-20 20:12:42	Name: sa-user-id-v2 Value: s%3Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8
.srv.stackadapt.com/	1970-01-20 20:12:42	Name: sa-user-id-v2 Value: s%3Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8
.ws.zoominfo.com/	1970-01-20 20:12:42	Name: visitorId Value: d468bbc1567e940bb6b4f08fa10d84e53461fb59da3ba4e0588d2a5ca80fb651
.zoominfo.com/	1970-01-20 11:27:07	Name: __cf_bm Value: 8q5bef_r8kEl2YiJFq13YRWpzkedD1oFUvpcqFU.QPo-1682826031-0-AXn6jJ+wqmdQQmWUkHgM8uumOyFiV3E2Zdy4XVPDWT7j3TLywHoE5Z5gkkhBUMKnu1zaCifEPFRELsQodHbvE4w=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: hq5_omzR5Pm8TZJKbY83tAIK8zP2jZtG.x5u0Y8n5lQ-1682826031004-0-604800000
www.remediant.com/	1970-01-20 20:12:42	Name: sa-user-id Value: s%253A0-6e2f6c46-28b0-583d-4aef-12173050d3ad.lN%252FmJ6m7E8OxVFpdFXFSPdRE60zlviULh3kgKyNDU60
www.remediant.com/	1970-01-20 20:12:42	Name: sa-user-id-v2 Value: s%253Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8
.remediant.com/	1970-01-20 21:03:06	Name: _ga Value: GA1.2.1279885902.1682826031
.remediant.com/	1970-01-20 11:28:32	Name: _gid Value: GA1.2.1694737601.1682826031
.remediant.com/	1970-01-20 11:27:06	Name: _gat_UA-39978471-1 Value: 1
.linkedin.com/	1970-01-20 13:36:42	Name: li_sugr Value: de7699d1-e852-41b2-a935-f70042d4c4c1
.linkedin.com/	1970-01-20 20:12:42	Name: bcookie Value: "v=2&713e7ee3-3bfd-4150-8adb-9150d6f388fa"
.linkedin.com/	1970-01-20 11:28:32	Name: lidc Value: "b=VGST08:s=V:r=V:a=V:p=V:g=2582:u=1:x=1:i=1682826031:t=1682912431:v=2:sig=AQH-dKhG-h0r84r4zG-8A2Muifw77a5c"
www.remediant.com/	1970-01-20 20:57:20	Name: __atuvc Value: 1%7C18
www.remediant.com/	1970-01-20 11:27:07	Name: __atuvs Value: 644de32e7b1633b8000
.linkedin.com/	1970-01-20 12:10:18	Name: UserMatchHistory Value: AQIshi2iX4e6dgAAAYfQP3CY6wgNnZ1PSvP4u9AKTW0M2US7WSiWjG15ft3DLNXSFaHK4fPgI5KNGQ
.linkedin.com/	1970-01-20 12:10:18	Name: AnalyticsSyncHistory Value: AQIwBdQ4rt1ZAwAAAYfQP3CYKpl1x7WMbHMr8tFYV-hvVA1fFr4aMsmB4ROQoMR34pHg74xcPIpMkhcGQvXVGg
www.remediant.com/	1970-01-20 11:28:32	Name: ln_or Value: eyI0MTc5OTYiOiJkIn0%3D
.addthis.com/	1970-01-20 20:57:20	Name: uvc Value: 1%7C18
.www.linkedin.com/	1970-01-20 20:12:42	Name: bscookie Value: "v=1&2023043003403170b69b1b-237b-40d8-876b-7a9f77c1b56dAQGcEwr4UtyRtMjByKuPQWfa0GLTQJqA"
.quantserve.com/	1970-01-20 20:57:20	Name: mc Value: 644de32f-62627-105d4-856f7
.addthis.com/	1970-01-20 20:48:42	Name: ouid Value: 644de32f0001ab2a36b5dd40b14eae787c4f5332fdc1dc0131cb
.addthis.com/	1970-01-20 20:48:42	Name: di2 Value: aVVww#%!k#$M`#!AgP2TIPv7LW6Lj6Hq#1:R#19w
.addthis.com/	1970-01-20 17:35:44	Name: bt2 Value: 644de32f001Bs0002001Cs0002
.addthis.com/	1970-01-20 20:48:42	Name: um Value: j.'2023043003403142200856991763'
.addthis.com/	1970-01-20 20:48:42	Name: uid Value: 644de32f12d7c61b
.addthis.com/	1970-01-20 20:48:42	Name: na_id Value: 2023043003403142200856991763
.addthis.com/	1970-01-20 20:48:42	Name: vc Value: 2
.remediant.com/	1970-01-20 20:51:34	Name: __qca Value: P0-74494953-1682826031066
.addthis.com/	1970-01-20 20:57:20	Name: loc Value: MDAwMDBOQUNBUUMyMjU1MTA2NDQ2MjAwMDBDSA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=3628800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

273774.fs1.hubspotusercontent-na1.net
api-na1.hubapi.com
app.hubspot.com
cdn.linkedin.oribi.io
cdn2.hubspot.net
connect.facebook.net
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
f.hubspotusercontent10.net
f.hubspotusercontent20.net
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
m.addthis.com
no-cache.hubspot.com
perf.hsforms.com
pixel.quantserve.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s7.addthis.com
secure.quantserve.com
settings.luckyorange.net
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
syndication.twitter.com
tags.srv.stackadapt.com
track.hubspot.com
trk.techtarget.com
v1.addthisedge.com
ws.zoominfo.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
www.remediant.com
z.moatads.com
s7.addthis.com
104.244.42.72
104.26.10.16
108.159.224.153
13.107.42.14
173.223.56.138
18.172.134.23
23.54.69.151
2600:141b:9000::1725:7b88
2600:9000:21dd:7600:6:44e3:f8c0:93a1
2600:9000:2507:bc00:2:53b2:240:93a1
2606:2800:220:de:468:2285:c1:4a3
2606:2c40::c73c:671f
2606:4700::6810:650c
2606:4700::6810:77be
2606:4700::6810:8cce
2606:4700::6810:f315
2606:4700::6811:6cc7
2606:4700::6811:c9cc
2606:4700::6811:d2f3
2606:4700::6811:d5f3
2606:4700::6812:19c4
2606:4700::6812:cdc9
2606:4700::6812:d9f
2606:4700::6812:f0f
2606:4700::6812:f30d
2606:4700::6813:9a53
2607:f8b0:4004:c17::9b
2607:f8b0:4006:80d::2008
2607:f8b0:4006:817::2004
2607:f8b0:4006:81c::2003
2607:f8b0:4006:821::200e
2620:116:800b:21:1456:d0e1:7db4:a56b
2620:1ec:21::14
2620:1ec:48:1::40
2a03:2880:f011:8:face:b00c:0:1
34.111.208.231
34.228.204.142
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
053b150532c595c34cb7afff54051c9b4f1910abd995f11c86b995135e69779f
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4
07a2b3d87b7450e5508764fc547022473182b6372772cc01e24186cd58a2a90a
08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0cd67ab7019c3c4dff52fe546b48ea73b9ea483e345d4d2de73407a6ce02a3b8
0df60d15ee1b87cc9007f1d50ea2d9fd8560ac1b7cf143a51208f20b27a59fa7
0ef50469588a1af8b951bd33d3e924b15f46a91de81ca264d72eb547eb77192f
127a57e7056257f3fb8ed1be5081cb0f083e4a591ee27b6400cdff044bcb3696
1b7f2cfb07f223abb2c5df4a214b3b43401185625ef0dc8c99c179f53793b410
2154bdc6f875223ea72ec7691116c6e1a9411b8b243c03d25788eb8705e46f21
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
27ac19f6407bebf3798ce36f19c1649b9a9edc364a483d0468cbdadcf0b493ae
296fda5e6c6135675f88c8c1044eea9952a4463b405fda4a86e5911933943f0f
2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3173b8efb0c1ebdf6f8d81fa319ebf1be5ca41ce60ae2de1fd911f392fdda5d0
384ebb3a6b18fba46505d1421ff20bcd924b64606de2641eec22ed8bc41bf0fb
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
38dbbd2e7519235e7fac71a935479acdce3966c293f0b741f598d08550e23a64
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3dca1b18b9db07b6cb53e22aa74f44d98968648d0950f2b0c48958c55a0d380a
3fd7d922a518a05575ffd631b3534f09d04427bb182b912544ea27ce9552acd6
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
4a468fd09bfc74ce90258567bc4fce329ffd97c868a2eb55d9d6bf3c01b7a57f
4c7954754ee5cde5d9c8ba7781b4a0f4427ca8fa7c1d54123c3a16320a653aa6
4fb87d88f111776855dc6308c1c7773ca3839807a856f30385bcb27ad61f42ea
50178e16af275ed5ee04cda72493f45ea1b6e2dcd00f07327742a8ed3b2dc854
52f4d3b80aca2322ec4b496d5940807d201cda376084079bf12b11439c5d5ac8
55074147e4e9acbbe869b5b483ef5d0a36c1ce6cd58f1d0b24ef7f2b57f0a2be
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5b152c384ea8c3be37e1991fb98124e98e741249d1ae916fee12c197a7ded34b
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6d3ba3c8e5d50475575bd84510d978742adb3fae102725451cf8790395ab3fa4
6f2b66a7cc841a8874589ab2ee318ed11894cc13c738da309021a8ac02771b94
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
797d6004defc2d9e350f0de1e484b727ece78dca819f906095cebe8472714482
798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9391b35a802bed8bf48fdc880aeab3db1e745ed504637e7ff7cc647c7094b036
9b53ea181bfbb811df6aff471b1b1a54f9720318430e8dcb86f0ef30c624147e
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
abbc3bb21ca10806586c97e990d59da8578a7481cea5fe1dfd9b9920625a67c7
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b39ee4886e2d4a2443d6ce9db399d43e4e59a1c6af45cb0bdef54c9856d2e716
b3c192a22f9f0091a63dc3c65560d09efa0f80170ae2fd8205d6bab7c893939e
b500f39655f4ebd1aa0c5a5708fe904ed03701bbb236ed00a9ff7c62e8377cfb
bd0f0b8677a48c5ac19f9a1f29136005e52cce9b9354aaf2a5940bb19c07bcd6
bf6baa06b109574c8a3dbfd13c8218880fa7ac6407ec307147bef2a794468c36
d2bddd15ce69c9c7cb0bd7460744ba32d9c123d6d65a860ff15701684023ce86
d42b5983f589881d8154b6ff6a71735b36afd273541fb523f7d5d011fb87dbd3
d92f8d8227058a0866cfcf64970a71f4fcd57df750e288db758d0f029faabc3b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc4771833113919008c59435a6a6f6258ff54130a26700b21c1443dd1bcaefbc
e0dcf16738580d368393b88022a70bf821a18a534928f303345006595a5dd419
e218cbb73ebd1f7504abddc5d4d0ca0565c4552433937d6d55bf77cbc9773fbe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2cb33df1c9c792f264f31e72bf706133c87abb32252e9df0d819a88221b3f73
f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f721824389ffd3f3b3fad6179d2f0480582b4ef33674dcdc1afc5764170e71fb
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fee1aa6a97e440d7fe22872eca1ec37acc19eae0581ff631e7447cf5b2fccce4

www.remediant.com Open in urlscan Pro 2606:2c40::c73c:671f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

110 Requests

97 %HTTPS

76 %IPv6

33 Domains

46 Subdomains

37 IPs

3 Countries

2853 kBTransfer

6232 kBSize

35 Cookies

7 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.remediant.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

97 %
HTTPS

76 %
IPv6

33
Domains

46
Subdomains

37
IPs

3
Countries

2853 kB
Transfer

6232 kB
Size

35
Cookies

110 HTTP transactions
0 data transactions