heimdalsecurity.com Open in urlscan Pro
192.124.249.38 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Submission: On January 03 via manual (January 3rd 2024, 8:16:41 pm UTC) from CA — Scanned from CA

Summary HTTP 99 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 25 IPs in 1 countries across 17 domains to perform 99 HTTP transactions. The main IP is 192.124.249.38, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is heimdalsecurity.com. The Cisco Umbrella rank of the primary domain is 62450.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on March 4th 2023. Valid for: a year.

This is the only time heimdalsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	192.124.249.38 192.124.249.38	30148 (SUCURI-SEC) (SUCURI-SEC)
2	185.93.1.247 185.93.1.247	60068 (CDN77 ^_^) (CDN77 ^_^)
3	172.253.115.95 172.253.115.95	15169 (GOOGLE) (GOOGLE)
2	172.253.63.97 172.253.63.97	15169 (GOOGLE) (GOOGLE)
16	142.251.179.91 142.251.179.91	15169 (GOOGLE) (GOOGLE)
14	142.251.163.94 142.251.163.94	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	23.40.207.24 23.40.207.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 5	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1	104.112.28.53 104.112.28.53	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.160.96.73 18.160.96.73	16509 (AMAZON-02) (AMAZON-02)
3	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.251.167.101 142.251.167.101	15169 (GOOGLE) (GOOGLE)
1	142.250.31.156 142.250.31.156	15169 (GOOGLE) (GOOGLE)
2	172.253.62.94 172.253.62.94	15169 (GOOGLE) (GOOGLE)
3	172.253.115.147 172.253.115.147	15169 (GOOGLE) (GOOGLE)
2	172.253.63.148 172.253.63.148	15169 (GOOGLE) (GOOGLE)
7	172.253.63.95 172.253.63.95	15169 (GOOGLE) (GOOGLE)
2	172.253.122.119 172.253.122.119	15169 (GOOGLE) (GOOGLE)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.251.16.132 142.251.16.132	15169 (GOOGLE) (GOOGLE)
1	13.227.37.78 13.227.37.78	16509 (AMAZON-02) (AMAZON-02)
2	172.253.63.94 172.253.63.94	15169 (GOOGLE) (GOOGLE)
2	3.215.172.219 3.215.172.219	14618 (AMAZON-AES) (AMAZON-AES)
99	25

21 192.124.249.38 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10038.sucuri.net

heimdalsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.93.1.247 (Chicago, United States)

ASN60068 (CDN77 ^_^, GB)
PTR: 185-93-1-247.bunnyinfra.net

clientcdn.pushengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.251.179.91 (United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f91.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.251.163.94 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.40.207.24 (Atlanta, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-40-207-24.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.253.122.156 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.112.28.53 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-112-28-53.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.96.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-96-73.msp50.r.cloudfront.net

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.101 (United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f101.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.31.156 (Oxford, United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.147 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f148.1e100.net

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.119 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f119.1e100.net

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f132.1e100.net

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.37.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-37-78.msp50.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.215.172.219 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-172-219.compute-1.amazonaws.com

tracking.heimdalsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	heimdalsecurity.com heimdalsecurity.com — Cisco Umbrella Rank: 62450 tracking.heimdalsecurity.com	428 KB
16	gstatic.com fonts.gstatic.com www.gstatic.com Failed	298 KB
16	youtube.com www.youtube.com — Cisco Umbrella Rank: 79	2 MB
10	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115 jnn-pa.googleapis.com — Cisco Umbrella Rank: 306	84 KB
8	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 stats.g.doubleclick.net — Cisco Umbrella Rank: 184 static.doubleclick.net — Cisco Umbrella Rank: 371	3 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 778 www.linkedin.com — Cisco Umbrella Rank: 944	5 KB
4	google.com analytics.google.com — Cisco Umbrella Rank: 266 www.google.com — Cisco Umbrella Rank: 6	40 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
2	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 193	5 KB
2	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	58 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 8688	562 B
2	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 43000 tr.lfeeder.com — Cisco Umbrella Rank: 81303	11 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	188 KB
2	pushengage.com clientcdn.pushengage.com — Cisco Umbrella Rank: 23802	16 KB
1	chimpstatic.com chimpstatic.com — Cisco Umbrella Rank: 7587	579 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1877	15 KB
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 3313	20 KB
99	17

	Domain	Requested by
21	heimdalsecurity.com	heimdalsecurity.com
16	www.youtube.com	heimdalsecurity.com www.youtube.com sc.lfeeder.com
14	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
7	jnn-pa.googleapis.com	www.youtube.com
5	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com www.youtube.com
4	px.ads.linkedin.com	2 redirects snap.licdn.com heimdalsecurity.com
3	www.google.com	heimdalsecurity.com www.youtube.com
3	bat.bing.com	heimdalsecurity.com bat.bing.com
3	fonts.googleapis.com	heimdalsecurity.com
2	tracking.heimdalsecurity.com	heimdalsecurity.com tracking.heimdalsecurity.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	yt3.ggpht.com	www.youtube.com
2	i.ytimg.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	www.google.ca	heimdalsecurity.com
2	www.googletagmanager.com	heimdalsecurity.com www.googletagmanager.com
2	clientcdn.pushengage.com	heimdalsecurity.com clientcdn.pushengage.com
1	tr.lfeeder.com	heimdalsecurity.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	sc.lfeeder.com	heimdalsecurity.com
1	chimpstatic.com	heimdalsecurity.com
1	snap.licdn.com	www.googletagmanager.com
1	secure.gravatar.com	heimdalsecurity.com
99	25

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
cybersecuritycourse.co
dailysecuritytips.com
learninfosec.co.uk
www.instagram.com
ro.pinterest.com

Subject Issuer	Validity	Valid
heimdalsecurity.com Starfield Secure Certificate Authority - G2	`2023-03-04` - `2024-03-04`	a year	crt.sh
*.pushengage.com AlphaSSL CA - SHA256 - G4	`2023-02-07` - `2024-03-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
wildcardsan.us15.list-manage.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-17` - `2024-09-17`	a year	crt.sh
*.lfeeder.com Amazon RSA 2048 M01	`2023-03-22` - `2024-04-19`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.google.ca GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tracking.heimdalsecurity.com R3	`2023-12-26` - `2024-03-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Frame ID: 4D4D991CDC8761F7096758ED31ED191D
Requests: 59 HTTP requests in this frame

Frame: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
Frame ID: EE8C3795C70A7671D70BBA807B2EF72A
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Scanning Attack: What It Is and How to Protect Your Organization Against It?

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

chimpstatic\.com/mcjs-connected

PushEngage (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

clientcdn\.pushengage\.\w+/core

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

99
Requests

93 %
HTTPS

0 %
IPv6

17
Domains

25
Subdomains

25
IPs

1
Countries

3180 kB
Transfer

9429 kB
Size

23
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/in/madalina-popovici/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/heimdal-security/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/HeimdalSecurity?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/HeimdalSec/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Heimdalsecuritycompany
Title: YouTube

Search URL Search Domain Scan URL

URL: http://cybersecuritycourse.co/
Title: Cyber Security Course for Beginners

Search URL Search Domain Scan URL

URL: https://dailysecuritytips.com/
Title: THE DAILY SECURITY TIP

Search URL Search Domain Scan URL

URL: https://learninfosec.co.uk/
Title: CYBER SECURITY FOR SMALL BUSINESS OWNERS

Search URL Search Domain Scan URL

URL: https://twitter.com/HeimdalSecurity
Title: <img src="https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/footer/twitter.svg" alt="Follow us on Twitter">

Search URL Search Domain Scan URL

URL: https://www.facebook.com/HeimdalSec
Title: <img src="https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/footer/facebook.svg" alt="Follow us on Facebook">

Search URL Search Domain Scan URL

URL: https://www.instagram.com/heimdalsecurity/
Title: <img src="https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/footer/instagram.svg" alt="Follow us on Instagram">

Search URL Search Domain Scan URL

URL: https://ro.pinterest.com/HeimdalSecurity/_created/
Title: <img src="https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/footer/pinterest.svg" alt="Follow us on Pinterest">

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3949770%26time%3D1704312996954%26url%3Dhttps%253A%252F%252Fheimdalsecurity.com%252Fblog%252Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 86

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

99 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/ 70 KB
17 KB 518ms
446ms Document
text/html 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

7a87c09be996513fe0e188c0e68c6ff45c14b08079b11f96ecbd59b2c2167eef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-length: 16933
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Wed, 03 Jan 2024 20:16:35 GMT
link: <https://heimdalsecurity.com/blog/?p=59324>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding, Cookie
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-sucuri-cache: EXPIRED
x-sucuri-id: 14038
x-xss-protection: 1; mode=block 1; mode=block

GET
H2 200 Scanning-Attack-Explained-What-It-Is-and-How-to-Protect-Your-Organization-Against-It.png
heimdalsecurity.com/blog/wp-content/uploads/ 13 KB
13 KB 74ms
72ms Image
image/png 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/uploads/Scanning-Attack-Explained-What-It-Is-and-How-to-Protect-Your-Organization-Against-It.png

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

d9cd6af314eda62d8cdfa07e43e72f3bb5dc55961bc90f74bb224ef8480b85ab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
x-sucuri-cache: HIT
content-length: 13071
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Fri, 03 Mar 2023 15:24:48 GMT
server: nginx
etag: "64021140-330f"
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
x-sucuri-id: 14038
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/ 398 KB
71 KB 37ms
36ms Stylesheet
text/css 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

059a461b277b31fca3d43b3ce8fb66a1db2e96d94d62153f4db213132aec5c67

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Wed, 20 Dec 2023 13:56:57 GMT
server: nginx
etag: W/"6582f2a9-639ac"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.js Show response
heimdalsecurity.com/blog/wp-includes/js/jquery/ 95 KB
33 KB 70ms
70ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Sat, 04 Dec 2021 01:31:37 GMT
server: nginx
etag: W/"61aac4f9-17a6a"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 380d288a0f223de9a81e026f47b6e7b8.js Show response
clientcdn.pushengage.com/core/ 11 KB
5 KB 126ms
40ms Script
application/javascript 185.93.1.247
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://clientcdn.pushengage.com/core/380d288a0f223de9a81e026f47b6e7b8.js
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.247 Chicago, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 185-93-1-247.bunnyinfra.net
Software: BunnyCDN-IL1-894 /
Resource Hash: c02d5eef34177da5e13746dd658004a89ee0466690194f55fda74b8766ac326d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: br
cdn-edgestorageid: 894
cdn-cachedat: 01/01/2024 15:31:30
cdn-pullzone: 1148540
server: BunnyCDN-IL1-894
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=432000
cdn-requestid: 2145ccc32543e1c39618f70b3454cfd8
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 31 KB
1 KB 48ms
47ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

a334682af49e4c750901d045e92368b1e2da78b9c896aa5e5a2856bbb005e0db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:16:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 20:16:36 GMT

GET
H2 200 lazysizes.min.js Show response
heimdalsecurity.com/blog/wp-content/plugins/autoptimize/classes/external/js/ 10 KB
4 KB 34ms
34ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.8.3

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

c4fada4accfa24704b54248bc5ce84acac50b6a059828b7714fe3006786c80c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Fri, 23 Apr 2021 07:53:14 GMT
server: nginx
etag: W/"60827cea-2655"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_single_d196628d758eea8d5a1cd0e4c05b3bd0.js Show response
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 787 B
870 B 56ms
54ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_single_d196628d758eea8d5a1cd0e4c05b3bd0.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

659205ab8c16f21178c1745490b3ddff18666cf2ef1d3c618346fc7eefe380a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Wed, 20 Dec 2023 13:56:38 GMT
server: nginx
etag: W/"6582f296-313"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.js Show response
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/ 36 KB
10 KB 57ms
54ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/bootstrap.min.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: W/"5cdab29f-9004"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_single_046bbb341b14cff5496f589d7c617b96.js Show response
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 3 KB
2 KB 58ms
56ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_single_046bbb341b14cff5496f589d7c617b96.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

fbdfca30b2412cd98ce89f23315b746231e55db78180cba372c2b162fd70b808

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Wed, 20 Dec 2023 13:56:38 GMT
server: nginx
etag: W/"6582f296-a13"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.validate.min.js Show response
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/ 22 KB
8 KB 58ms
57ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/js/jquery.validate.min.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

7836abd3871f857f1d6c2e1354979afca303a088dd80670ebb9829b0262ec170

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: W/"5cdab29f-59f3"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_single_d676a73849922aee35ee8029a1cd6989.js Show response
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 9 KB
3 KB 59ms
58ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_single_d676a73849922aee35ee8029a1cd6989.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

19b5311889e9ba9cd9d3b440411a3e2b37cc7dfe49fe470928e1c83c1a7ae2f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Wed, 20 Dec 2023 13:56:38 GMT
server: nginx
etag: W/"6582f296-23a3"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.min.js Show response
heimdalsecurity.com/blog/wp-content/plugins/layered-popups/js/ 48 KB
11 KB 60ms
59ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/plugins/layered-popups/js/script.min.js?ver=6.33

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

5a4a9f4076fc96fb244f92a12a017c93917f5d7c14f91c398faf43f6b634b1ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:35 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:49 GMT
server: nginx
etag: W/"5cdab2a1-c1ed"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 autoptimize_7f5406017ca726de3a8234a02719dda4.js Show response
heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/ 335 KB
97 KB 34ms
33ms Script
application/javascript 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/js/autoptimize_7f5406017ca726de3a8234a02719dda4.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

21693e6abf62be77ea8f7c4ca0986e5256ad2561aac51fb813379f3b78a881e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Wed, 20 Dec 2023 13:57:02 GMT
server: nginx
etag: W/"6582f2ae-53af0"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
548 B 128ms
52ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

a52548c58f97bd421f7115e713c8c1d1bf3ad475810ff0904ee7c69c2b229ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:04:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 20:16:36 GMT

GET
H2 200 css2
fonts.googleapis.com/ 32 KB
1 KB 122ms
46ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

ff9a2be960794ffc4738368eeec7262cd5bf70316287f8d2f0c3790170cf1277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 18:26:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 20:16:36 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 293 KB
97 KB 134ms
59ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e13907b831b6623a0a3bfa76d46d0c5be297962438f2644c3890d513cb2ad812

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98505
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 19:15:29 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jan 2024 20:16:36 GMT

GET
H2 200 YS22cQIKNbE Show response
www.youtube.com/embed/ Frame EE8C 92 KB
40 KB 221ms
145ms Document
text/html 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/YS22cQIKNbE

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

ESF /

Resource Hash

da384827ffff516108b22b235d7b2fc0832e88c6f4614557c08f6afc7ad399fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heimdalsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 20:16:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2079ac533041003933aeedca897db1a58a97fdf49cab0537e0ee4f067dad2e31

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f1dad85983652514b00a89d286a9d8414b7878f2d59c9649677514d9786b234

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 drop_light_blue.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 343 B
706 B 33ms
33ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/drop_light_blue.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

ae79ef8a171c02a3c7de6d2bb6a5f6a5c2fd165fe719d2b68242c4017fa9705d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: W/"5cdab29f-157"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 orange_wave.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 1008 B
846 B 34ms
33ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/orange_wave.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

ea83b533970998abab79650e3009145fd283623808a4bc36ac3cc253d39421a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: W/"5cdab29f-3f0"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 shadow.png
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/ 57 KB
58 KB 34ms
34ms Image
image/png 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/shadow.png

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

dbf1552257dbdff9b53c6f3b5ba8aa1092ded30ed72b30513e6ff197a43f9b55

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
x-sucuri-cache: HIT
content-length: 58469
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: "5cdab29f-e465"
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
x-sucuri-id: 14038
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bullet_p.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/ 227 B
635 B 37ms
37ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/svg/bullet_p.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

452b49b86b2da4bb69b53e22a1f9aa436e33d733c5ddcfb45ed3468d8e150a1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: W/"5cdab29f-e3"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 side-banner.svg
heimdalsecurity.com/blog/wp-content/plugins/heimdal-blog-cro/img/ 21 KB
3 KB 37ms
37ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/plugins/heimdal-blog-cro/img/side-banner.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

fb730786bef59eda0abd7a43c2dd789d633e364763fb17f58df08f52fb4afebf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Mon, 15 Feb 2021 12:47:26 GMT
server: nginx
etag: W/"602a6d5e-5473"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blue-checkmark.svg
heimdalsecurity.com/blog/wp-content/plugins/heimdal-blog-cro/img/ 338 B
695 B 37ms
37ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/plugins/heimdal-blog-cro/img/blue-checkmark.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

113546adf319601c5b4e107b18e8fca91993434cbad9fbf3b197c6289bade3c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Mon, 15 Feb 2021 12:40:55 GMT
server: nginx
etag: W/"602a6bd7-152"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 glyphicons-halflings-regular.woff2
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/ 18 KB
18 KB 36ms
33ms Font
application/octet-stream 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
x-sucuri-cache: HIT
content-length: 18028
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: "5cdab29f-466c"
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=315360000
x-sucuri-id: 14038
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fontawesome-webfont.woff2
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/ 70 KB
71 KB 37ms
34ms Font
application/octet-stream 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://heimdalsecurity.com/blog/wp-content/cache/autoptimize/css/autoptimize_5d3e6950f22aba96824ff958e2d5edc1.css
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
x-sucuri-cache: HIT
content-length: 71896
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Tue, 14 May 2019 12:20:47 GMT
server: nginx
etag: "5cdab29f-118d8"
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=315360000
x-sucuri-id: 14038
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 133ms
56ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 05:54:51 GMT
x-content-type-options: nosniff
age: 138105
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 05:54:51 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 112ms
36ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 21:44:09 GMT
x-content-type-options: nosniff
age: 340347
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 21:44:09 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 22 KB
22 KB 142ms
66ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 09:18:34 GMT
x-content-type-options: nosniff
age: 385082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:12:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 09:18:34 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
32 KB 149ms
73ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 04:35:26 GMT
x-content-type-options: nosniff
age: 142870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 04:35:26 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v24/ 24 KB
24 KB 158ms
82ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 09:17:24 GMT
x-content-type-options: nosniff
age: 39552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:14:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 09:17:24 GMT

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v34/ 34 KB
34 KB 76ms
75ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A500%2C900italic%2C400%2C400italic%2C100%2C700italic%2C300%2C700%2C500italic%2C100italic%2C300italic%2C900%7CRoboto+Slab%3A400%2C700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 09:21:11 GMT
x-content-type-options: nosniff
age: 125725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34328
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 01:54:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 09:21:11 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 79ms
78ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:25:50 GMT
x-content-type-options: nosniff
age: 499846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Dec 2024 01:25:50 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 79ms
79ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 04:35:26 GMT
x-content-type-options: nosniff
age: 142870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 04:35:26 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 80ms
80ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 09:18:29 GMT
x-content-type-options: nosniff
age: 385087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 09:18:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 73ms
73ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heimdalsecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:40:32 GMT
x-content-type-options: nosniff
age: 27364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 12:40:32 GMT

GET
H2 200 heimdal-logo.svg
heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/ 6 KB
3 KB 34ms
33ms Image
image/svg+xml 192.124.249.38
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heimdalsecurity.com/blog/wp-content/themes/heimdalv2/images/heimdal-logo.svg

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.38 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10038.sucuri.net

Software

nginx /

Resource Hash

5ca877ef188214d025d9ec060929fe2589bebdf039384471e886b50a0bdcee34

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Thu, 09 Feb 2023 09:16:16 GMT
server: nginx
etag: W/"63e4b9e0-17d4"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
x-sucuri-id: 14038
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 b43db78a9983231e38fd8641be9702d5
secure.gravatar.com/avatar/ 19 KB
20 KB 56ms
18ms Image
image/png 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/b43db78a9983231e38fd8641be9702d5?s=120&d=mm&r=g
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: dc4cfc4e1a64dac51470960376f4d688441d7a07fba630a5fece0d292683455a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Wed, 03 Jan 2024 20:16:36 GMT
last-modified: Mon, 20 Feb 2023 15:48:09 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="b43db78a9983231e38fd8641be9702d5.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/b43db78a9983231e38fd8641be9702d5?s=120&d=mm&r=g>; rel="canonical"
content-length: 19905
alt-svc: h3=":443"; ma=86400
expires: Wed, 03 Jan 2024 20:21:36 GMT

GET
H2 200 pushengage-web-sdk.js Show response
clientcdn.pushengage.com/sdks/ 37 KB
11 KB 42ms
42ms Script
application/javascript 185.93.1.247
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://clientcdn.pushengage.com/sdks/pushengage-web-sdk.js
Requested by: Host: clientcdn.pushengage.com
URL: https://clientcdn.pushengage.com/core/380d288a0f223de9a81e026f47b6e7b8.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.247 Chicago, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 185-93-1-247.bunnyinfra.net
Software: BunnyCDN-IL1-894 /
Resource Hash: 0e7db155e4c34d8ad22382d0d23c4f30e3919b243c8ad4f852bce7bbe11777d9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: br
cdn-edgestorageid: 894
cdn-cachedat: 01/03/2024 19:42:04
cdn-pullzone: 1148540
last-modified: Thu, 28 Dec 2023 07:34:14 GMT
server: BunnyCDN-IL1-894
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"2921-18caf586406"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=1800
cdn-requestid: ffb75ba304e056430a09143e32a72708
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 www-player.css
www.youtube.com/s/player/da154528/ Frame EE8C 358 KB
47 KB 38ms
37ms Stylesheet
text/css 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:30:11 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 52 KB
16 KB 48ms
47ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:27:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:27:39 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame EE8C 322 KB
97 KB 61ms
60ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:56:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1231
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 19:56:05 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 2 MB
767 KB 54ms
54ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:22:52 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
91 KB 57ms
56ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-23QZ2R919V&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

803b8fa0346312f9df9c8309c388c27fe6b04f30299861636ead8db0d61137b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93504
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Jan 2024 20:16:36 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 153ms
45ms Script
application/javascript 23.40.207.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.40.207.24 Atlanta, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-40-207-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Dec 2023 13:09:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=51305
accept-ranges: bytes
content-length: 15541

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10884134494/ 3 KB
2 KB 122ms
48ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10884134494/?random=1704312996609&cv=11&fst=1704312996609&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v810762869&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&hn=www.googleadservices.com&frm=0&tiba=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&auid=2056222810.1704312997&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PRSV4QF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

38ae4d05e64b1e27df0ece9d66a7161cc2312f41d04d7223e26b82aa6b1e2480

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1333
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 97737495b7a5296ee4586cdbf.js Show response
chimpstatic.com/mcjs-connected/js/users/9588e79f21453dd8e52df4d68/ 50 B
579 B 208ms
136ms Script
application/javascript 104.112.28.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/9588e79f21453dd8e52df4d68/97737495b7a5296ee4586cdbf.js
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.112.28.53 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-112-28-53.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 33
Date: Wed, 03 Jan 2024 20:16:36 GMT
Last-Modified: Tue, 05 Mar 2019 18:02:44 GMT
Server: AmazonS3
x-amz-request-id: GSRKJHN39DNKW43Q
X-EdgeConnect-MidMile-RTT: 0
ETag: "104d46a3208b40e8ded389332f5a78a3"
Content-Type: application/javascript
Cache-Control: max-age=1525
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50
x-amz-id-2: x+HJn1UrHJPzBWjVwzNTBRTr44UTgQNB2iw+jCX7L4Abe6sk8Od9sHyO3YdGjcjpmxnT04BIMdA=
Expires: Wed, 03 Jan 2024 20:42:01 GMT

GET
H2 200 lftracker_v1_lAxoEaKBlpb4OYGd.js Show response
sc.lfeeder.com/ 31 KB
11 KB 174ms
73ms Script
application/javascript 18.160.96.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_lAxoEaKBlpb4OYGd.js
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.96.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-96-73.msp50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d6b60b7bb1ca3ce563e0f08388fbe3d28d92a5dfb41f12b02383c5494dead2d7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: nOK4m7gIa.UTJdndqRLtw1GzY_zYO.UB
content-encoding: br
via: 1.1 43cd35d154fe606336f72858d8bd76ec.cloudfront.net (CloudFront)
date: Wed, 03 Jan 2024 19:37:45 GMT
last-modified: Fri, 22 Dec 2023 07:08:21 GMT
server: AmazonS3
x-amz-cf-pop: MSP50-P1
age: 2332
x-amz-server-side-encryption: AES256
etag: W/"36af925e99e40dfc45a24e7f49bc73a6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: 4nHWxiMkeeLWA1vlhTmi4TnM2eMZ_OGv7TRGashliYz06sDJZOIWuA==

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 120ms
49ms Script
application/javascript 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 03 Jan 2024 20:16:36 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 11E013770C934E95B4CC0D9F26A23B31 Ref B: YTO01EDGE0519 Ref C: 2024-01-03T20:16:36Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EE8C 15 KB
15 KB 37ms
36ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 12:08:29 GMT
x-content-type-options: nosniff
age: 115687
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 12:08:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EE8C 15 KB
15 KB 37ms
37ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 13:33:44 GMT
x-content-type-options: nosniff
age: 369772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 13:33:44 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
256 B 116ms
43ms Ping
text/plain 142.251.167.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-23QZ2R919V&gtm=45je3bt0v872348238z8810762869&_p=1704312996333&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1890428722.1704312997&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704312996&sct=1&seg=0&dl=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&dt=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1129
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-23QZ2R919V&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.167.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heimdalsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 114ms
42ms Ping
text/plain 142.250.31.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-23QZ2R919V&cid=1890428722.1704312997&gtm=45je3bt0v872348238z8810762869&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-23QZ2R919V&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.31.156 Oxford, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bj-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heimdalsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 122ms
49ms Image
image/gif 172.253.62.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-23QZ2R919V&cid=1890428722.1704312997&gtm=45je3bt0v872348238z8810762869&aip=1&dma=0&gcd=11l1l1l1l1&z=743608150

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10884134494/ 42 B
455 B 124ms
49ms Image
image/gif 172.253.115.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10884134494/?random=1704312996609&cv=11&fst=1704312000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v810762869&u_w=1600&u_h=1200&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&frm=0&tiba=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_mlTV7LsvbjvHSvjanlXCebNNyO1Ljg&random=349587866&rmt_tld=0&ipr=y

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f147.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/10884134494/ 42 B
455 B 109ms
48ms Image
image/gif 172.253.62.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10884134494/?random=1704312996609&cv=11&fst=1704312000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v810762869&u_w=1600&u_h=1200&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&frm=0&tiba=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_mlTV7LsvbjvHSvjanlXCebNNyO1Ljg&random=349587866&rmt_tld=1&ipr=y

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:16:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 343061819.js Show response
bat.bing.com/p/action/ 0
117 B 47ms
47ms Script
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/343061819.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 03 Jan 2024 20:16:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1B293B304FF64C368FA88C4784D9621C Ref B: YTO01EDGE0519 Ref C: 2024-01-03T20:16:36Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 101ms
101ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=343061819&Ver=2&mid=4d5110b5-0af1-4345-aa36-231927ec1cf3&sid=ff13a270aa7411eea752b3ce53c708fc&vid=ff13ba20aa7411eeb5638b1d1b93f510&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&p=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&r=&lt=886&evt=pageLoad&sv=1&rn=167495

Requested by

Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Jan 2024 20:16:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09E56C73F3F34F9896CA00702A404049 Ref B: YTO01EDGE0519 Ref C: 2024-01-03T20:16:36Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame EE8C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

45ms
45ms

XHR
application/json

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

2cfe6f4f5697c81083c37701c11b04263fb8b56eb414571d80909306c56ddb74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 03 Jan 2024 20:16:36 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame EE8C 29 B
495 B 111ms
36ms Script
text/javascript 172.253.63.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f148.1e100.net

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:04:59 GMT
x-content-type-options: nosniff
age: 697
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jan 2024 20:19:59 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 117ms
39ms Preflight
text/html 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 03 Jan 2024 20:16:36 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame EE8C 87 KB
40 KB 49ms
49ms XHR
application/json+protobuf 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

b7285125ee31dd05db0c5c0641b5d7d8c887d364ec063108e87e2415c4feed43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41030
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 116 KB
33 KB 37ms
36ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 16:42:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 16:42:36 GMT

GET
H2 200 q3ybFvLVurjIRsyeRT4FtV2O7nz4ZH1nHhTn1-npVcU.js Show response
www.google.com/js/th/ Frame EE8C 51 KB
20 KB 37ms
37ms Script
text/javascript 172.253.115.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/q3ybFvLVurjIRsyeRT4FtV2O7nz4ZH1nHhTn1-npVcU.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f147.1e100.net

Software

sffe /

Resource Hash

ab7c9b16f2d5bab8c846cc9e453e05b55d8eee7cf8647d671e14e7d7e9e955c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 148104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19841
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Jan 2025 03:08:12 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/YS22cQIKNbE/ Frame EE8C 29 KB
29 KB 193ms
119ms Image
image/webp 172.253.122.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/YS22cQIKNbE/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.119 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f119.1e100.net

Software

sffe /

Resource Hash

39f3d14c2d8aaee18f66dc49caba7f98e87fa038a796e6a0526ca7a566b6d5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
x-content-type-options: nosniff
server: sffe
etag: "1674744316"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29212
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 03 Jan 2024 22:16:37 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
569 B 168ms
100ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://heimdalsecurity.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 03 Jan 2024 20:16:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F8869B253C5B4EABB433C82DCF389969 Ref B: YTO01EDGE0511 Ref C: 2024-01-03T20:16:37Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://heimdalsecurity.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYOEErGcZKAoKRZfyQYUw==

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3949770%26time%3D1704312996954%26url%3Dhttps%253A%252F%252Fheimdalsecurity.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-...

0
396 B

106ms
105ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B09A7FE086CD464EB4F8486227012E47 Ref B: YTO01EDGE0511 Ref C: 2024-01-03T20:16:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOEErM7Yx/sZevrAKHRA==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 20:16:36 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYOEErLKAmBno8DcBPpJg==
pragma: no-cache
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2847E1459699470083D8ED65E60CBBB5 Ref B: YTO01EDGE0511 Ref C: 2024-01-03T20:16:37Z
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3949770&time=1704312996954&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&tm=gtmv2&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame EE8C 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 LwHAmz7xeeW30BLy_wWSMX06jkXywQGVMNzSJgpRRWwYqo4Rgxob08yvkT9Syly9WxSBvvGU9DU=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame EE8C 2 KB
3 KB 111ms
36ms Image
image/jpeg 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/LwHAmz7xeeW30BLy_wWSMX06jkXywQGVMNzSJgpRRWwYqo4Rgxob08yvkT9Syly9WxSBvvGU9DU=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

fife /

Resource Hash

2c43feecc7c89d106430e1ec1139153b8a22ef36950f1dfb9402d8c8c34fb432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:36:53 GMT
x-content-type-options: nosniff
age: 2384
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2415
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 04 Jan 2024 19:36:53 GMT

GET
H3 200 YS22cQIKNbE Show response
www.youtube.com/embed/ Frame EE8C 95 KB
40 KB 119ms
118ms Document
text/html 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Requested by

Host: sc.lfeeder.com
URL: https://sc.lfeeder.com/lftracker_v1_lAxoEaKBlpb4OYGd.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

ESF /

Resource Hash

098bf69c92589e1dbf9e952225c94b23d18a9428b5be8f1025d30b44b1b62c07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heimdalsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Jan 2024 20:16:37 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame EE8C 28 B
50 B 55ms
54ms XHR
application/json 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704312996966
Content-Type: application/json
X-YouTube-Utc-Offset: -480
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/YS22cQIKNbE
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: America/Vancouver
X-Goog-Visitor-Id: CgtfSTk2NDFFX1VHQSikgdesBjIKCgJDQRIEGgAgSQ%3D%3D
X-YouTube-Ad-Signals: dt=1704312996688&flash=0&frm=2&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame EE8C 0
0

GET
H3 204 generate_204
www.youtube.com/ Frame EE8C 0
10 B 36ms
35ms Image
text/plain 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?YRnP1Q
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.179.91 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: pd-in-f91.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 /
tr.lfeeder.com/ 43 B
295 B 192ms
102ms Image
image/gif 13.227.37.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=lAxoEaKBlpb4OYGd&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLTIzUVoyUjkxOVYiXSwiZ2FDbGllbnRJZHMiOlsiMTg5MDQyODcyMi4xNzA0MzEyOTk3Il0sImNvbnRleHQiOnsibGlicmFyeSI6eyJuYW1lIjoibGZ0cmFja2VyIiwidmVyc2lvbiI6IjIuNjIuMSJ9LCJwYWdlVXJsIjoiaHR0cHM6Ly9oZWltZGFsc2VjdXJpdHkuY29tL2Jsb2cvc2Nhbm5pbmctYXR0YWNrLXdoYXQtaXQtaXMtYW5kLWhvdy10by1wcm90ZWN0LXlvdXItb3JnYW5pemF0aW9uLWFnYWluc3QtaXQvIiwicGFnZVRpdGxlIjoiU2Nhbm5pbmcgQXR0YWNrOiBXaGF0IEl0IElzIGFuZCBIb3cgdG8gUHJvdGVjdCBZb3VyIE9yZ2FuaXphdGlvbiBBZ2FpbnN0IEl0PyIsInJlZmVycmVyIjoiIn0sImV2ZW50IjoidHJhY2tpbmctZXZlbnQiLCJjbGllbnRFdmVudElkIjoiMGM4YWU2OGFhYWRiNjZiMiIsInNjcmlwdElkIjoibEF4b0VhS0JscGI0T1lHZCIsImNvb2tpZXNFbmFibGVkIjp0cnVlLCJjb25zZW50TGV2ZWwiOiJub25lIiwiYW5vbnltaXplSXAiOmZhbHNlLCJsZkNsaWVudElkIjoiTEYxLjEuYzQ4M2VmM2Y2MDlmNjVjOS4xNzA0MzEyOTk3MDc1IiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6InNwYSJ9
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.37.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-37-78.msp50.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
via: 1.1 d3a9074a1f531605e56b4aa23b2d6af4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MSP50-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: IRIuzvPnZfpCVYLaHlUwT9AqaH2PaiEUggTCwCoQKnhZLYIZ3Ruyqw==

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 37ms
36ms Preflight
text/html 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 03 Jan 2024 20:16:37 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame EE8C 0
0

POST atr
www.youtube.com/api/stats/ Frame EE8C 0
0

POST log_event
www.youtube.com/youtubei/v1/ Frame EE8C 0
0

GET
H3 200 www-player.css
www.youtube.com/s/player/da154528/ Frame EE8C 358 KB
46 KB 37ms
36ms Stylesheet
text/css 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:30:11 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 52 KB
16 KB 78ms
77ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:27:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:27:39 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame EE8C 322 KB
96 KB 68ms
68ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:56:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1232
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 19:56:05 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 2 MB
767 KB 59ms
58ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:22:52 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EE8C 15 KB
15 KB 37ms
37ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 12:08:29 GMT
x-content-type-options: nosniff
age: 115688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 12:08:29 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EE8C 15 KB
15 KB 40ms
40ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 13:33:44 GMT
x-content-type-options: nosniff
age: 369773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 13:33:44 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame EE8C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

45ms
44ms

XHR
application/json

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

5f0c40625a273eeeb4ad6911af3b41431152ec85f466596a7b58f34737291693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 03 Jan 2024 20:16:37 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame EE8C 29 B
93 B 36ms
36ms Script
text/javascript 172.253.63.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f148.1e100.net

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:04:59 GMT
x-content-type-options: nosniff
age: 698
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 03 Jan 2024 20:19:59 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 37ms
37ms Preflight
text/html 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 03 Jan 2024 20:16:37 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame EE8C 87 KB
40 KB 45ms
45ms XHR
application/json+protobuf 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

0a2f07abcdd1388c10d7426495b39665c7d1f02255ff7a864b5f559732baa4d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41045
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame EE8C 116 KB
33 KB 37ms
37ms Script
text/javascript 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 16:42:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 16:42:36 GMT

GET
H3 200 q3ybFvLVurjIRsyeRT4FtV2O7nz4ZH1nHhTn1-npVcU.js Show response
www.google.com/js/th/ Frame EE8C 51 KB
19 KB 39ms
38ms Script
text/javascript 172.253.115.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/q3ybFvLVurjIRsyeRT4FtV2O7nz4ZH1nHhTn1-npVcU.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f147.1e100.net

Software

sffe /

Resource Hash

ab7c9b16f2d5bab8c846cc9e453e05b55d8eee7cf8647d671e14e7d7e9e955c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 03:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 148105
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19841
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Jan 2025 03:08:12 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/YS22cQIKNbE/ Frame EE8C 29 KB
29 KB 64ms
64ms Image
image/webp 172.253.122.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/YS22cQIKNbE/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.119 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f119.1e100.net

Software

sffe /

Resource Hash

39f3d14c2d8aaee18f66dc49caba7f98e87fa038a796e6a0526ca7a566b6d5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
x-content-type-options: nosniff
server: sffe
etag: "1674744316"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29212
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 03 Jan 2024 22:16:37 GMT

GET
DATA 200
OK truncated
/ Frame EE8C 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 LwHAmz7xeeW30BLy_wWSMX06jkXywQGVMNzSJgpRRWwYqo4Rgxob08yvkT9Syly9WxSBvvGU9DU=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame EE8C 2 KB
2 KB 36ms
36ms Image
image/jpeg 142.251.16.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/LwHAmz7xeeW30BLy_wWSMX06jkXywQGVMNzSJgpRRWwYqo4Rgxob08yvkT9Syly9WxSBvvGU9DU=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f132.1e100.net

Software

fife /

Resource Hash

2c43feecc7c89d106430e1ec1139153b8a22ef36950f1dfb9402d8c8c34fb432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:36:53 GMT
x-content-type-options: nosniff
age: 2384
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2415
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 04 Jan 2024 19:36:53 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame EE8C 4 KB
2 KB 38ms
37ms Script
text/javascript 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 20:16:37 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame EE8C 0
10 B 35ms
34ms Image
text/plain 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?Y9OvXg
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.179.91 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: pd-in-f91.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 38ms
37ms Preflight
text/html 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 03 Jan 2024 20:16:37 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame EE8C 90 B
134 B 40ms
40ms XHR
application/json+protobuf 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

ESF /

Resource Hash

b543bfb1055105e5b9ef3f980c7080f62b06ccc20b1441904e2cc537620b6d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/120/ Frame EE8C 50 KB
14 KB 38ms
37ms Script
text/javascript 172.253.63.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/120/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f94.1e100.net

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 16:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12942
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 23 Oct 2023 15:04:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Thu, 04 Jan 2024 16:40:55 GMT

GET
H/1.1 200
OK pd.js Show response
tracking.heimdalsecurity.com/ 5 KB
2 KB 136ms
38ms Script
application/javascript 3.215.172.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heimdalsecurity.com/pd.js
Requested by: Host: heimdalsecurity.com
URL: https://heimdalsecurity.com/blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.215.172.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-172-219.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Wed, 03 Jan 2024 20:16:37 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 11 Dec 2023 05:21:55 GMT
Server: PardotServer
etag: "15f4-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1988
expires: Fri, 02 Jan 2026 20:16:37 GMT

GET
H/1.1 200
OK analytics Show response
tracking.heimdalsecurity.com/ 257 B
1 KB 345ms
344ms Script
text/javascript 3.215.172.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heimdalsecurity.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=null&account_id=1017482&title=Scanning%20Attack%3A%20What%20It%20Is%20and%20How%20to%20Protect%20Your%20Organization%20Against%20It%3F&url=https%3A%2F%2Fheimdalsecurity.com%2Fblog%2Fscanning-attack-what-it-is-and-how-to-protect-your-organization-against-it%2F&referrer=
Requested by: Host: tracking.heimdalsecurity.com
URL: https://tracking.heimdalsecurity.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.215.172.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-172-219.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 3450e2b21a2eb1a8f43358c3d847f97e3226d09a3b535c24dd69cafd7fecfcfe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://heimdalsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
Date: Wed, 03 Jan 2024 20:16:38 GMT
content-encoding: gzip
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
Server: PardotServer
vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 194
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame EE8C 28 B
50 B 52ms
51ms XHR
application/json 142.251.179.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.91 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f91.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704312999562
Content-Type: application/json
X-YouTube-Utc-Offset: -480
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/YS22cQIKNbE?enablejsapi=1&origin=https://heimdalsecurity.com
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: America/Vancouver
X-Goog-Visitor-Id: CgtfSTk2NDFFX1VHQSilgdesBjIKCgJDQRIEGgAgSQ%3D%3D
X-YouTube-Ad-Signals: dt=1704312997338&flash=0&frm=2&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date: Wed, 03 Jan 2024 20:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Domain: jnn-pa.googleapis.com
URL: https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Domain: www.youtube.com
URL: https://www.youtube.com/api/stats/atr?ns=yt&el=embedded&cpn=xVcAZMqgxmTN1c4D&ver=2&cmt=0&fs=0&rt=0&euri=https%3A%2F%2Fheimdalsecurity.com%2F&lact=307&cl=591746904&mos=0&volume=100&cbr=Chrome&cbrver=120.0.6099.129&c=WEB_EMBEDDED_PLAYER&cver=1.20231217.00.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&epm=1&hl=en_US&cr=CA&len=3822&fexp=v1%2C23858057%2C125239%2C21348%2C2602%2C73492%2C54572%2C73455%2C153839%2C23124%2C53633%2C84737%2C25688%2C9541%2C1089%2C6271%2C26439494%2C4054%2C1930%2C5181%2C9369%2C1556%2C1141%2C5876%2C2252%2C859%2C1094%2C9513%2C125%2C4558%2C1360%2C945%2C7649%2C2008%2C4552%2C514%2C6433%2C2799%2C233%2C5176%2C625%2C874&muted=0&docid=YS22cQIKNbE

Domain: www.youtube.com
URL: https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
heimdalsecurity.com/	1970-01-20 19:34:48	Name: start Value: /blog/scanning-attack-what-it-is-and-how-to-protect-your-organization-against-it/
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 5HgTrddUKeo
.youtube.com/	1970-01-20 21:44:24	Name: VISITOR_INFO1_LIVE Value: _I9641E_UGA
.heimdalsecurity.com/	1970-01-20 19:34:48	Name: _gcl_au Value: 1.1.2056222810.1704312997
.heimdalsecurity.com/	1970-01-21 03:01:12	Name: _ga Value: GA1.1.1890428722.1704312997
.heimdalsecurity.com/	1970-01-21 03:01:12	Name: _ga_23QZ2R919V Value: GS1.1.1704312996.1.0.1704312996.60.0.0
.doubleclick.net/	1970-01-20 17:25:13	Name: test_cookie Value: CheckForPermission
.heimdalsecurity.com/	1970-01-20 17:26:39	Name: _uetsid Value: ff13a270aa7411eea752b3ce53c708fc
.heimdalsecurity.com/	1970-01-21 02:46:48	Name: _uetvid Value: ff13ba20aa7411eeb5638b1d1b93f510
.bing.com/	1970-01-21 02:46:48	Name: MUID Value: 0799833EDEAA666008E990C5DF006788
.bat.bing.com/	1970-01-20 17:35:17	Name: MR Value: 0
.heimdalsecurity.com/	1970-01-21 02:10:48	Name: _lfa Value: LF1.1.c483ef3f609f65c9.1704312997075
.linkedin.com/	1970-01-20 19:34:48	Name: li_sugr Value: 15c2e5e5-51e7-4a4f-91cf-aead9c4db2ef
.linkedin.com/	1970-01-21 02:10:48	Name: bcookie Value: "v=2&3108c4dd-3ad9-4e7e-88e5-42123da27e3a"
.linkedin.com/	1970-01-20 17:26:39	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2718:u=1:x=1:i=1704312997:t=1704399397:v=2:sig=AQG48tHP84GLQPixnLggVxMxrMV3vK9g"
.linkedin.com/	1970-01-20 18:08:24	Name: UserMatchHistory Value: AQKNGYVF5dZ_rgAAAYzQ-IWHlqE-uHGC7LHrB_8k7mANNRfXYK0P6Gy8MmwzMJlsdka51Mxgc_6T7g
.linkedin.com/	1970-01-20 18:08:24	Name: AnalyticsSyncHistory Value: AQKuG2hcuzz9VQAAAYzQ-IWHqpRtWaxaL98wTYxRvgV2daQtWjROGkC6y6ZYQXmW6IvQ8VAM_tz2VxX6fZQiOg
.www.linkedin.com/	1970-01-21 02:10:48	Name: bscookie Value: "v=1&202401032016374402c2d9-3ea0-4ab5-87c9-56dc169fb195AQFZP05C0e0UaV_XWwXmeqGuiXf35YsQ"
tracking.heimdalsecurity.com/	1970-01-20 21:44:21	Name: visitor_id1016482 Value: 46550422
tracking.heimdalsecurity.com/	1970-01-20 21:44:21	Name: visitor_id1016482-hash Value: 56e22be3446da4f3a1fd0fc088a6fd590c021c417b2842039385f0f8386b100b6856251314ad136137020536454c4276bd18c2bc
tracking.heimdalsecurity.com/	1970-01-20 17:25:14	Name: lpv1016482 Value: aHR0cHM6Ly9oZWltZGFsc2VjdXJpdHkuY29tL2Jsb2cvc2Nhbm5pbmctYXR0YWNrLXdoYXQtaXQtaXMtYW5kLWhvdy10by1wcm90ZWN0LXlvdXItb3JnYW5pemF0aW9uLWFnYWluc3QtaXQv
heimdalsecurity.com/	1970-01-20 21:44:21	Name: visitor_id1016482 Value: 46550422
heimdalsecurity.com/	1970-01-20 21:44:21	Name: visitor_id1016482-hash Value: 56e22be3446da4f3a1fd0fc088a6fd590c021c417b2842039385f0f8386b100b6856251314ad136137020536454c4276bd18c2bc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
bat.bing.com
chimpstatic.com
clientcdn.pushengage.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
heimdalsecurity.com
i.ytimg.com
jnn-pa.googleapis.com
px.ads.linkedin.com
sc.lfeeder.com
secure.gravatar.com
snap.licdn.com
static.doubleclick.net
stats.g.doubleclick.net
tr.lfeeder.com
tracking.heimdalsecurity.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
yt3.ggpht.com
jnn-pa.googleapis.com
www.gstatic.com
www.youtube.com
104.112.28.53
13.107.21.200
13.107.42.14
13.227.37.78
142.250.31.156
142.251.16.132
142.251.163.94
142.251.167.101
142.251.179.91
172.253.115.147
172.253.115.95
172.253.122.119
172.253.122.156
172.253.62.94
172.253.63.148
172.253.63.94
172.253.63.95
172.253.63.97
18.160.96.73
185.93.1.247
192.0.73.2
192.124.249.38
23.40.207.24
3.215.172.219
059a461b277b31fca3d43b3ce8fb66a1db2e96d94d62153f4db213132aec5c67
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
098bf69c92589e1dbf9e952225c94b23d18a9428b5be8f1025d30b44b1b62c07
0a2f07abcdd1388c10d7426495b39665c7d1f02255ff7a864b5f559732baa4d3
0e7db155e4c34d8ad22382d0d23c4f30e3919b243c8ad4f852bce7bbe11777d9
113546adf319601c5b4e107b18e8fca91993434cbad9fbf3b197c6289bade3c8
19b5311889e9ba9cd9d3b440411a3e2b37cc7dfe49fe470928e1c83c1a7ae2f0
2079ac533041003933aeedca897db1a58a97fdf49cab0537e0ee4f067dad2e31
21693e6abf62be77ea8f7c4ca0986e5256ad2561aac51fb813379f3b78a881e5
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2c43feecc7c89d106430e1ec1139153b8a22ef36950f1dfb9402d8c8c34fb432
2cfe6f4f5697c81083c37701c11b04263fb8b56eb414571d80909306c56ddb74
3450e2b21a2eb1a8f43358c3d847f97e3226d09a3b535c24dd69cafd7fecfcfe
38ae4d05e64b1e27df0ece9d66a7161cc2312f41d04d7223e26b82aa6b1e2480
39f3d14c2d8aaee18f66dc49caba7f98e87fa038a796e6a0526ca7a566b6d5fd
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f1dad85983652514b00a89d286a9d8414b7878f2d59c9649677514d9786b234
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
452b49b86b2da4bb69b53e22a1f9aa436e33d733c5ddcfb45ed3468d8e150a1c
5a4a9f4076fc96fb244f92a12a017c93917f5d7c14f91c398faf43f6b634b1ea
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ca877ef188214d025d9ec060929fe2589bebdf039384471e886b50a0bdcee34
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f0c40625a273eeeb4ad6911af3b41431152ec85f466596a7b58f34737291693
659205ab8c16f21178c1745490b3ddff18666cf2ef1d3c618346fc7eefe380a6
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
7836abd3871f857f1d6c2e1354979afca303a088dd80670ebb9829b0262ec170
7a87c09be996513fe0e188c0e68c6ff45c14b08079b11f96ecbd59b2c2167eef
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
803b8fa0346312f9df9c8309c388c27fe6b04f30299861636ead8db0d61137b6
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
a334682af49e4c750901d045e92368b1e2da78b9c896aa5e5a2856bbb005e0db
a52548c58f97bd421f7115e713c8c1d1bf3ad475810ff0904ee7c69c2b229ecd
a7ae4f4e313e150000175511c29ca19ae2948eb663987253d19a9372cc20e3fe
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
ab7c9b16f2d5bab8c846cc9e453e05b55d8eee7cf8647d671e14e7d7e9e955c5
ae79ef8a171c02a3c7de6d2bb6a5f6a5c2fd165fe719d2b68242c4017fa9705d
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b543bfb1055105e5b9ef3f980c7080f62b06ccc20b1441904e2cc537620b6d37
b7285125ee31dd05db0c5c0641b5d7d8c887d364ec063108e87e2415c4feed43
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
c02d5eef34177da5e13746dd658004a89ee0466690194f55fda74b8766ac326d
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4fada4accfa24704b54248bc5ce84acac50b6a059828b7714fe3006786c80c1
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
d6b60b7bb1ca3ce563e0f08388fbe3d28d92a5dfb41f12b02383c5494dead2d7
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
d9cd6af314eda62d8cdfa07e43e72f3bb5dc55961bc90f74bb224ef8480b85ab
da384827ffff516108b22b235d7b2fc0832e88c6f4614557c08f6afc7ad399fc
dbf1552257dbdff9b53c6f3b5ba8aa1092ded30ed72b30513e6ff197a43f9b55
dc4cfc4e1a64dac51470960376f4d688441d7a07fba630a5fece0d292683455a
e13907b831b6623a0a3bfa76d46d0c5be297962438f2644c3890d513cb2ad812
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
ea83b533970998abab79650e3009145fd283623808a4bc36ac3cc253d39421a9
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fb730786bef59eda0abd7a43c2dd789d633e364763fb17f58df08f52fb4afebf
fbdfca30b2412cd98ce89f23315b746231e55db78180cba372c2b162fd70b808
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
ff9a2be960794ffc4738368eeec7262cd5bf70316287f8d2f0c3790170cf1277

heimdalsecurity.com Open in urlscan Pro 192.124.249.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

99 Requests

93 %HTTPS

0 %IPv6

17 Domains

25 Subdomains

25 IPs

1 Countries

3180 kBTransfer

9429 kBSize

23 Cookies

12 Outgoing links

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

heimdalsecurity.com Open in urlscan Pro
192.124.249.38 Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

93 %
HTTPS

0 %
IPv6

17
Domains

25
Subdomains

25
IPs

1
Countries

3180 kB
Transfer

9429 kB
Size

23
Cookies

99 HTTP transactions
5 data transactions